Privacy Policy & Terms of Service

Welcome to CrossApply. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our AI-powered university application platform. By using CrossApply, you consent to the practices described in this policy. This policy should be read together with our Terms of Service.

2.1 Information You Provide Directly

• Account Information: Name, email address, and password when you create an account
• Academic Profile: GPA, test scores (SAT, IELTS, TOEFL), education history, and achievements
• Documents: Transcripts, certificates, passports, essays, and other application materials you upload
• Chat Conversations: Messages exchanged with our AI consultant
• Application Data: University preferences, program selections, and application details
• Payment Information: Payment details processed securely through our payment providers (we do not store full card numbers)

2.2 Information Collected Automatically

• Device Information: Browser type, operating system, and device identifiers
• Usage Data: Pages visited, features used, and interaction patterns
• Location Data: General geographic location based on IP address
• Cookies: Essential and analytics cookies for site functionality

We use your information to provide and improve our services:

• Provide personalized university recommendations based on your profile
• Generate application documents (statements of purpose, CVs) using AI
• Process and track your university applications
• Automate application form filling, document uploading, and submission on your behalf (paid services)
• Send important updates about your applications and account
• Ensure platform security and prevent fraudulent activity

We may share your information in the following circumstances:

• With Universities: When you submit applications, we share relevant information with the universities you apply to (only with your explicit consent)
• Service Providers: Trusted third parties who help us operate our platform (cloud hosting, payment processing, AI service providers)
• Legal Requirements: When required by law or to protect our rights and safety

We implement comprehensive security measures to protect your data:

You have the following rights regarding your personal data:

We retain your personal data for as long as your account is active or as needed to provide our services:

• Active applications: All documents and data retained throughout the application process
• Post-application (admitted): 5-7 years for verification needs
• Post-application (not admitted): 1-2 years, then secure deletion
• Passport copies: Deleted immediately after verification or maintained for minimum necessary period
• Account closure: Data deleted or anonymized within 30 days, except where required by law

You can request immediate deletion of your data by contacting our support team.

CrossApply is designed for users who are 13 years of age or older. Users between 13 and 18 must have parental or legal guardian consent to use our services. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete such information promptly. For users in jurisdictions where a higher age of consent applies (such as 16 in certain EU member states), we comply with the applicable local requirements. If you believe we have collected information from a child without appropriate consent, please contact us.

Your data may be transferred to and processed in countries other than your own, where our service providers operate. These countries may not have the same level of data protection as your home country.

For users in the European Union and United Kingdom, we ensure appropriate safeguards for international transfers through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreement or UK Addendum to EU SCCs, approved by the UK Information Commissioner's Office
• Supplementary measures including encryption and access controls to protect your data during transfer

We use AI technology to provide our core services, including university recommendations, document generation, and chat-based consultation.

Your data is processed by our AI systems solely to generate outputs for your specific use (recommendations, documents, chat responses). AI-generated outputs are owned by you. We may use anonymized, aggregated data to improve our services, but this data cannot be traced back to individual users.

For users of our paid automation services, we process your data through automated browser technology to complete university applications on your behalf. This includes:

• Accessing university application portals using your authorized credentials
• Filling in application forms with data you have provided
• Uploading documents to third-party university portals
• Creating email accounts for application purposes

Automated processing only occurs with your express authorization and is limited to actions necessary to complete applications you have specifically initiated. You can withdraw authorization at any time by contacting support.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our platform and sending an email notification at least 30 days before changes take effect. Your continued use of CrossApply after such changes constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: