Your Privacy Matters

Privacy Policy

We built Equivly to help students succeed — not to profit from your data. Here is exactly what we collect, why we collect it, and how we protect it.

Last updated: March 19, 2026

Overview

Equivly (“we”, “us”, or “our”) operates equivly.com and the Equivly web application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using Equivly, you agree to the practices described in this policy.

Equivly is a course equivalency and transfer planning platform designed to help college students discover which community college courses transfer to their university, plan their academic path, and save time and money toward graduation.

1. Information We Collect

We collect only the information necessary to provide and improve our service. This includes:

Account & Identity

  • Name and email address (provided when you sign up or via Google Sign-In)
  • Profile photo (if provided via Google OAuth)
  • Authentication tokens (managed securely by our authentication provider)

Academic Profile

  • Your current school and target school (selected during onboarding)
  • Courses you add to your planner
  • Bookmarked course equivalencies
  • Your intended use case (e.g., replacement credits or transfer credits)

Usage Data

  • Pages visited and features used within the platform
  • Browser type, device type, and approximate location (country or region)
  • Error logs and diagnostic data to improve stability

2. Why We Collect Your Data

We are transparent about every reason we request your information:

  • To provide our core service — your academic profile (schools, courses, use case) powers personalised equivalency results and planner features.
  • To authenticate you securely — your name and email are used to create and manage your account. If you sign in with Google, we receive only the basic profile information you consent to share (name, email, profile photo).
  • To send important service communications — account confirmations, password resets, and critical product updates.
  • To improve the platform — aggregated, anonymised usage data helps us identify bugs and prioritise features that matter most to students.
  • To process payments — if you subscribe to a paid plan, your payment is handled by a third-party processor (Stripe). We do not store your card details.

We will never

Sell your personal data, use it to serve third-party ads, or share it with data brokers under any circumstances.

3. Google Sign-In & OAuth Data

Equivly offers Google Sign-In as a convenient authentication option. When you choose to sign in with Google, we request only the minimum OAuth scopes needed:

  • Email address — to identify your account and send service notifications.
  • Basic profile (name & photo) — to personalise your in-app experience.

We do not request access to your Google Drive, Calendar, Gmail, contacts, or any other Google services. We do not use your Google data for advertising or share it with third parties beyond what is necessary to operate the service.

You can revoke Equivly's access to your Google account at any time via your Google Account permissions page. Revoking access will sign you out of Equivly but will not delete your Equivly account or data — you can contact us separately to request deletion.

4. Data Sharing & Third Parties

We only share your data with third-party services that are essential to operate the platform:

  • Supabase — our database and authentication infrastructure provider. Your data is stored in their secure, SOC 2-compliant infrastructure.
  • Stripe — payment processing for paid subscriptions. Stripe handles all card data and is PCI-DSS compliant.
  • Vercel — our hosting platform. Your requests routes through Vercel infrastructure but they do not access your application data.

Each of these providers has agreed to process data only as instructed and maintain appropriate security measures. We do not share your data with universities, advertisers, or any other parties.

We may disclose your information if required by law (e.g., a valid court order), but we will notify you to the extent permitted by law.

5. Cookies & Tracking

Equivly uses minimal cookies strictly necessary for the service to function:

  • Session cookies — keep you signed in as you navigate the app.
  • CSRF tokens — protect your account from cross-site request forgery attacks.

We do not use advertising cookies, third-party tracking pixels, or persistent cross-site tracking technologies.

6. Data Security

We take reasonable technical and organisational measures to protect your data:

  • All data is transmitted over HTTPS/TLS encryption.
  • Passwords (if applicable) are hashed using industry-standard algorithms and never stored in plain text.
  • Database access is restricted through row-level security and role-based access controls.
  • Our infrastructure providers maintain SOC 2 Type II compliance.

No method of transmission over the internet is 100% secure. In the unlikely event of a data breach affecting your personal information, we will notify you in accordance with applicable law.

7. Your Rights & Choices

You have the following rights regarding your personal data:

  • Access & portability — request a copy of the personal data we hold about you.
  • Correction — update inaccurate information via your account settings or by contacting us.
  • Deletion — request deletion of your account and all associated personal data. Contact us at support@equivly.com to initiate this process.
  • Opt-out of marketing — you can unsubscribe from non-essential emails at any time using the link in any email we send.
  • Revoke Google access — as described in Section 3, you can revoke our OAuth access at any time.

Residents of California (CCPA), the European Economic Area (GDPR), or other jurisdictions with specific data protection laws may have additional rights. Please contact us to exercise any of these rights.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law (e.g., billing records for tax compliance, which are retained for 7 years).

Anonymised, aggregated usage data (with no link to any individual) may be retained indefinitely to help us improve the platform.

9. Children's Privacy

Equivly is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have inadvertently collected such information, we will promptly delete it.

If you are between 13 and 18, you should review this policy with a parent or guardian before creating an account.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or via an in-app banner.

Your continued use of Equivly after such changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

Questions? Contact Us.

If you have any questions about this Privacy Policy, want to exercise your data rights, or have a concern about how we handle your information, please reach out.

support@equivly.com

Equivly Inc. · equivly.com