Privacy Policy for ColPath

ColPath ("we", "our", or "the App") is developed and operated by Ashrith Padi (contact: appteams.ops@gmail.com). We are committed to protecting your privacy and being transparent about the data we collect and use. This Privacy Policy explains how we collect, use, store, and protect your information when you use our free college path planning service.

1. Information We Collect

1.1 Personal Information

When you use ColPath, we collect the following information:

• Email Address: Collected during account registration via Firebase Authentication
• Firebase UUID: A unique identifier automatically generated by Firebase Authentication to manage your account
• Location Data: Geographic location information to help you find colleges near you and provide location-based services

1.2 Automatically Collected Information

• App Usage Data: Information about how you interact with the App, including search queries, colleges viewed, and features used
• Device Information: Device type, operating system version, unique device identifiers
• Crash Reports: Technical data collected via Firebase Crashlytics to diagnose and fix app crashes

2. How We Use Your Information

We use the collected information for the following purposes:

• Account Management: To create and manage your ColPath account
• Service Delivery: To provide personalized college recommendations and search results
• Location Services: To show colleges near your location and provide map-based features using Mapbox Maps
• App Improvement: To analyze usage patterns and improve app functionality
• Crash Analysis: To identify and fix technical issues using Firebase Crashlytics
• Communication: To send important updates about the service (we do not send marketing emails)

3. Google API Services and User Data

ColPath uses Google API Services, specifically Firebase services provided by Google. This section describes how we access, use, store, and share Google user data in compliance with the Google API Services User Data Policy.

3.1 Google User Data We Access

ColPath accesses the following types of Google user data through Firebase Authentication:

• Email Address: Your email address registered with your Google account (if you sign in with Google)
• Basic Profile Information: Your name and profile picture (if provided and you sign in with Google)
• Firebase UUID: A unique identifier generated by Firebase Authentication to manage your account

3.2 How We Use Google User Data

Google user data accessed by ColPath is used exclusively for the following purposes:

• Account Creation and Authentication: To create and authenticate your ColPath account
• User Identification: To identify you across sessions and devices
• Service Personalization: To provide personalized college search experiences and save your preferences
• Communication: To send you important service updates and deadline reminders (only if you enable notifications)

Important: We do NOT use Google user data for advertising, marketing to third parties, or any purposes unrelated to providing ColPath's core college planning services.

3.3 How We Share Google User Data

We do not sell, rent, or trade your Google user data. Your Google user data may be shared only in the following limited circumstances:

• Firebase/Google Services: Data is stored and processed by Firebase (a Google service) to provide authentication and data storage capabilities
• Legal Compliance: When required by law, court order, subpoena, or government request
• Protection of Rights: To protect the rights, property, or safety of ColPath, our users, or the public

We do NOT share Google user data with any third-party services for advertising, analytics, or marketing purposes.

3.4 Google User Data Storage and Security

Your Google user data is stored securely using Firebase's infrastructure:

• Encryption: All data is encrypted in transit using HTTPS/TLS and at rest using Firebase's encryption standards
• Access Control: Access to user data is restricted to authorized personnel only and protected by Firebase's security rules
• Secure Infrastructure: Data is stored on Google Cloud Platform servers with industry-leading security measures
• No Local Storage of Sensitive Data: Sensitive authentication tokens are managed by Firebase SDK and not stored persistently in the app

3.5 Google User Data Retention and Deletion

Data Retention:

• Your Google user data is retained for as long as your ColPath account remains active
• Search history and preferences are retained to provide continuous service across sessions
• We retain only the minimum data necessary to provide ColPath's services

Data Deletion:

• You can request deletion of your account and all associated Google user data at any time by going to Settings > Profile > Delete Account in the app
• Upon account deletion request, all your Google user data will be permanently deleted from our systems within 30 days
• You can also email us at appteams.ops@gmail.com to request data deletion
• Certain data may be retained for legal compliance purposes only (e.g., for 90 days to comply with legal obligations)

3.6 Limited Use Disclosure

ColPath's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. Other Third-Party Services

In addition to Google services, ColPath uses the following third-party services:

4.1 Firebase (Google)

• Firebase Authentication: For secure user authentication
• Cloud Firestore: For storing your app data and preferences
• Firebase Crashlytics: For crash reporting and app stability monitoring

Firebase's privacy policy: https://firebase.google.com/support/privacy

4.2 Mapbox

• Mapbox Maps: For displaying interactive maps and location-based features

Mapbox's privacy policy: https://www.mapbox.com/legal/privacy

5. Data Storage and Security

We take the security of your data seriously:

• Secure Storage: Your data is stored securely using Firebase's infrastructure on Google Cloud Platform
• Encryption: We use industry-standard encryption for data transmission (HTTPS/TLS) and data at rest
• Access Controls: Firebase UUID is used instead of directly exposing personal identifiers
• Restricted Access: Access to user data is restricted to authorized personnel only and protected by authentication mechanisms
• Regular Security Audits: We rely on Firebase/Google's regular security audits and compliance certifications

Important: ColPath does not collect, store, or process any sensitive personal data such as financial information, health data, government-issued identification numbers, or Social Security Numbers.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to any third parties. We may share your information only in the following limited circumstances:

• Service Providers: With Firebase (Google) and Mapbox to provide authentication, data storage, and mapping services
• Legal Requirements: When required by law, court order, subpoena, or government request
• Safety and Protection: To protect the rights, property, or safety of ColPath, our users, or the public
• Business Transfers: In the event of a merger, acquisition, or sale of assets (users will be notified)

We do NOT share your data for advertising, marketing, or any other commercial purposes.

7. Your Rights and Choices

You have the following rights regarding your data:

• Access: Request a copy of the personal data we hold about you by emailing appteams.ops@gmail.com
• Correction: Update or correct inaccurate information in your account settings within the app
• Deletion: Request deletion of your account and all associated data (Settings > Profile > Delete Account)
• Data Portability: Request an export of your data in a machine-readable format
• Location Services: Enable or disable location access through your device settings (may limit map functionality)
• Opt-Out: Uninstall the App to stop all data collection immediately
• Revoke Permissions: Revoke app permissions at any time through your device settings

To exercise any of these rights, please contact us at appteams.ops@gmail.com. We will respond within 30 days.

8. Children's Privacy (COPPA Compliance)

ColPath is designed for high school students exploring college options. We comply with the Children's Online Privacy Protection Act (COPPA):

• Age Requirement: Users must be at least 13 years old to use ColPath
• Parental Consent: If you are under 18, you should have parental or guardian consent before using the app
• No Targeting of Children: We do not knowingly collect personal information from children under 13 without verifiable parental consent

If you are a parent or guardian and believe your child under 13 has provided us with personal information without your consent, please contact us immediately at appteams.ops@gmail.com, and we will delete such information promptly.

9. Data Retention and Deletion Policy

How Long We Keep Your Data:

• Account information is retained for as long as your account is active
• Search history and preferences are retained to provide continuous service
• Crash reports are retained for 90 days for debugging purposes
• We retain only the minimum data necessary to provide our services

Account Deletion Process:

• Go to Settings > Profile > Delete Account in the app
• Confirm your deletion request
• All your data will be permanently deleted within 30 days
• Some data may be retained for up to 90 days for legal compliance only
• Alternatively, email us at appteams.ops@gmail.com to request account deletion

10. International Data Transfers

Your data may be stored and processed on servers located outside your country of residence, including in the United States. By using ColPath, you consent to the transfer of your information to countries that may have different data protection laws than your country.

We rely on Firebase/Google Cloud Platform's infrastructure, which complies with international data protection frameworks including GDPR and Privacy Shield principles.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this policy
• Providing an in-app notification when you next open ColPath
• Sending an email notification to your registered email address (for significant changes)

Your continued use of ColPath after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

12. Free Service and No Monetization of Data

ColPath is provided as a completely free service:

• No subscription fees or premium tiers
• No in-app purchases or paid features
• No advertisements or ad tracking
• We do NOT monetize your data through advertising networks, data brokers, or third-party data sales

13. Compliance with Data Protection Laws

ColPath is committed to complying with applicable data protection laws and regulations, including:

• Google API Services User Data Policy: Full compliance with Limited Use requirements
• COPPA: Children's Online Privacy Protection Act (U.S.)
• GDPR: General Data Protection Regulation (EU) - providing rights to access, correction, deletion, and portability
• CCPA: California Consumer Privacy Act - providing rights to know, delete, and opt-out

© 2025 ColPath. All rights reserved.