This Privacy Policy describes what personal data DegreeOS collects, how we use it, and the choices you have. It covers users in the United States, European Union (GDPR), and California (CCPA/CPRA).

1. Data we collect

• Account data: email, name, school, career, study goals.
• Usage data: flashcard responses, practice answers, session timestamps, roadmap progress.
• Uploads: transcripts, receipts, imported flashcards, score reports, testimonials (audio/video), career resumes.
• Payment metadata: Stripe customer + subscription IDs. We do not store card numbers; Stripe holds that data directly.
• Communications: support tickets, email replies.
• Analytics: pageviews, feature events, device/browser basics via PostHog and Google Analytics 4. IP is truncated before storage.

2. How we use data

• Provide the service: build roadmaps, grade practice, track progress.
• Power Merit (our AI advisor): your messages are sent to Anthropic for inference; Anthropic does not retain conversation data beyond the processing window.
• Send lifecycle emails (welcome, study nudges, trial-expiring). Opt out at any time via the unsubscribe link.
• Measure product health via aggregated analytics.
• Detect abuse and enforce these terms.

3. Sharing

We share personal data only with service providers acting on our instructions: Supabase (database + storage), Vercel (hosting), Stripe (billing), Resend (email), Anthropic (AI inference), PostHog (analytics), Sentry (error monitoring). Each is contractually bound by their own data processing terms. We never sell your data.

4. AI processing by third-party service providers

To deliver the Merit AI advisor and practice question generation, we transmit content you submit — including messages, prompts, and any personal information they contain — to Anthropic, PBC (Claude API). Anthropic acts as our data processor under GDPR Article 28 and as a service provider under the California Consumer Privacy Act, under a written Data Processing Agreement incorporating EU Standard Contractual Clauses. Anthropic is contractually prohibited from using our data to train their foundation models and from selling or sharing it. API inputs and outputs are retained by Anthropic for up to 30 days for safety monitoring, after which they are deleted.

Our full sub-processor list — including Anthropic, Supabase, Vercel, Stripe, Resend, and PostHog — is available at /subprocessors. You may request notice of new sub-processors by emailing privacy@degreeos.ai.

No automated significant decisions. Merit outputs are suggestions and study guidance. You retain control of any action taken. We do not use AI to make decisions with legal or similarly significant effects under GDPR Article 22.

5. Retention

We retain account data while your account is active. Deleted accounts are soft-deleted for 30 days (reversible on request) then hard-deleted. Transactional records (receipts, invoices) are retained 7 years for tax compliance. Analytics data is retained 24 months.

6. Your rights (EU/UK/CA)

Under GDPR and CCPA/CPRA you may request: access to your data, correction of inaccurate data, deletion, portability, and restriction of processing. Use the Export my data and Delete account pages in your settings, or email hello@degreeos.ai.

7. Cookies

See our Cookie Policy for details. EU visitors receive a consent banner.

8. Children (COPPA)

DegreeOS is intended for users 13 and older and is not directed at children under 13. We do not knowingly collect personal data from anyone under 13, consistent with the Children's Online Privacy Protection Act (COPPA). Users between 13 and 17 require verifiable parent or guardian consent before creating an account. If you believe a child under 13 has created an account, contact privacy@degreeos.ai and we will delete the account and all associated data within 30 days.

9. Changes

We update this policy as the service evolves. Material changes trigger email + in-app notice with a 14-day effective window.

10. Contact

Data controller: Sisu Labs, LLC (dba DegreeOS), Nashville, Tennessee, USA. For privacy questions: privacy@degreeos.ai.