Effective Date: September 28, 2025

Privacy Policy

SlatePath AI LLC (“SlatePath,” “we,” “us,” or “our”) values your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information — including Google user data — when you use our website, platform, and related services (collectively, the “Services”). By using our Services, you agree to the terms of this Privacy Policy.

1. Introduction

SlatePath AI LLC (“SlatePath,” “we,” “us,” or “our”) values your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information — including Google user data — when you use our website, platform, and related services (collectively, the “Services”). By using our Services, you agree to the terms of this Privacy Policy.

2. Information We Collect

We collect and store information that you provide directly, information obtained from connected services (such as Google), and technical information collected automatically when you use SlatePath.

a. Personal & Account Information

Basic details needed to create and manage your account, including full name, email address, account credentials (e.g., username and password), and payment information (processed securely by third-party providers such as Stripe).

b. Academic & Onboarding Information

Through our onboarding survey and ongoing use, we collect academic and profile details, including education status, school details, GPA and coursework, standardized tests completed and scores, résumés or CVs, college aspirations, scholarship and financial aid information, and personal insights you choose to share.

c. Planning & Uploaded Content

Materials you upload and store for your own use, such as personal statements, supplemental essays, extracurricular records, scholarship materials, counselor notes, planning files, and calendar files (e.g., .ics imports from Canvas or other platforms).

d. Integrated Service Data (Google and Other APIs)

If you connect third-party services, we may access limited data to power specific features. Examples include Google Calendar events and reminders, Google Drive files you explicitly select, and Canvas or similar schedule data imported via iCal. We request the minimum necessary scopes and use Google user data solely for the features you enable.

e. Performance & Learning Data

To support personalized learning tools, we may collect test preparation history, topic-level performance, interview practice analytics, AI-generated feedback, and similar data used to track your progress and suggest improvements. This information is never shared externally.

f. Technical, Analytics & Usage Information

Device and browser details, IP address, log data, activity within the platform, time zone, and country. We may also use cookies, analytics, and session recordings to enhance functionality and understand feature usage.

3. How We Use Information

We use collected data to:

  • Provide, maintain, and improve our Services
  • Personalize your experience and generate planning insights
  • Process payments and manage subscriptions
  • Communicate about updates, security, and support
  • Analyze usage patterns to improve performance and reliability
  • Comply with legal obligations

We do not use Google user data for advertising or marketing. It is only used to deliver the specific features you authorize.

4. How We Share Information

We do not sell your personal information or Google user data. We share information only in these cases:

  • Service Providers: Trusted third parties — such as Stripe (payments), Supabase (data storage), and Fly.io (hosting) — that help operate our platform.
  • Legal Compliance: When required by law, regulation, or legal process.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

All third parties must maintain strict confidentiality and appropriate security measures.

5. Data Storage & Protection

We are committed to protecting your information with robust security measures. Our data protection strategy is built on modern, secure infrastructure and application-level controls.

  • Platform Hosting: Our primary application services are hosted on Fly.io, a secure cloud infrastructure provider.
  • Database and File Storage: All core user data, including personal information and uploaded content, is stored with Supabase. User-uploaded files (such as résumés or interview practice videos) are managed by Supabase Storage.
  • Encryption: We employ encryption to protect your data both in transit between you and our servers (HTTPS/TLS) and at rest. Supabase automatically encrypts all data at rest using industry-standard AES-256 encryption.
  • Application-Level Security: Our database is architected with Row-Level Security (RLS) policies enabled. This ensures each user can only access and query data they own, preventing unauthorized access between accounts even at the database level.
  • Sensitive Credentials: Highly sensitive information, such as third-party API tokens (for Google or future Canvas integrations), is encrypted before being stored in our database using Supabase Vault, which leverages pgsodium for application-level encryption.
  • Access Control: Access to our production databases and systems is strictly limited to authorized SlatePath personnel who require it to perform their job functions (e.g., customer support or system maintenance). We enforce role-based access controls to limit permissions to the minimum necessary.

6. Data Retention & Deletion

We believe you should have control over your data. We retain your personal information only as long as your account is active or as necessary to provide our Services and comply with legal obligations.

Account Deletion: You can request to delete your account at any time through your account settings or by contacting us. Upon receiving a deletion request, we permanently delete your personal information and associated content from our active production systems within 30 days. Data may persist for a limited period in our secure, encrypted backups, which are isolated from production systems.

Revoking Third-Party Access (Google): If you authorize a connection to a third-party service like Google, you can revoke our access at any time directly from that service's account settings. Our system detects this revocation, stops syncing data, and promptly initiates a process to delete all user data obtained from that service (e.g., Google Calendar events) from our systems in accordance with their policies.

Manual Deletion Request: You may request the deletion of your data at any time by contacting our support team at support@slatepath.ai. We will verify your identity before proceeding.

Legal Retention: We may retain certain information if required to do so by law (for example, for tax and accounting purposes or to comply with other legal obligations).

7. Your Rights

Depending on your jurisdiction, you may have the right to access, update, or delete your data; request data portability; withdraw consent to data processing; or opt out of marketing communications. To exercise these rights, contact us at support@slatepath.ai.

8. Children’s Privacy

Our Services are intended for users 13 years and older. We do not knowingly collect data from children under 13. If you believe a child has submitted data, contact us immediately.

9. International Users

If you use SlatePath from outside the United States, your data may be processed in the U.S., where data protection laws may differ from those in your country.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised effective date. Continued use of the Services after such changes constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related questions or requests, contact us at:

SlatePath AI LLC

Frisco, Texas, USA

support@slatepath.ai