Skip to content

AidwiseAI

Privacy Notice

v1.0Effective 1 Jun 2026sha256 · b7de6be730

ScholarAI / GrantPath — Privacy Policy v1.0

**What this means in 60 seconds**

  • We collect the data you give us (profile, documents, interview answers) and

technical data needed to run the service.

  • We never sell your data. We only share with a university if you explicitly

toggle the B2B consent and that university has signed a Data Processing Agreement with us.

  • You can export every byte we hold about you and request deletion at any

time. Deletion is scheduled 30 days out so you can cancel.

  • We treat consent as the legal basis: you can revoke any consent and we

log every change.

1. Who we are

ScholarAI Inc. ("we", "us") is the data controller. The product is also known as GrantPath.

2. What we collect

  • **Identifiers**: email, full name, password hash, date of birth, billing

country, IP address, user-agent.

  • **Profile**: CGPA, IELTS/TOEFL, GRE, target degree, target countries and

fields, Pakistani university, city, family financial flags.

  • **B2B contact (opt-in)**: phone, WhatsApp, LinkedIn/GitHub URLs.
  • **Activity**: tracker items, generated SOPs, interview transcripts,

consent grants and revokes.

  • **Sensitive data we do NOT collect**: religion, political views, biometric

data. Pakistani PDPB sensitive-data carve-outs apply.

3. Why we use it

  • Run the matching, drafting, and interview features you asked for.
  • Compute a lead score used internally to prioritise B2B outreach (only when

b2b_share_consent is true).

  • Comply with legal obligations (consent records, breach notification,

retention).

  • Improve the service in aggregate, anonymised form.
  • **Consent**: marketing, B2B share, optional analytics cookies.
  • **Contract**: running the features you paid for.
  • **Legitimate interest**: anti-abuse, fraud prevention, internal analytics

(anonymised).

  • **Legal obligation**: retention of consent audit logs and tax records.

5. B2B sharing (off by default)

Profile data is **never** sold or shared with third parties unless the b2b_share_consent toggle is on. With consent we may share a point-in-time snapshot of your profile with universities that have signed a Data Processing Agreement (DPA). Each share is logged in your "Shared With" list. You may revoke consent at any time; revocation stops future shares, but past shares cannot be unsent (this is disclosed in the consent dialog).

6. International transfers

Our services may store and process data in Pakistan, the EU/EEA, the UK, and the United States. We rely on Standard Contractual Clauses, UK International Data Transfer Addendum, and PDPB cross-border safeguards where applicable.

7. Retention

  • Application data: 5 years after last login (lets you re-use it).
  • SOP and interview transcripts: 2 years.
  • Consent audit log: 7 years (for legal defensibility).
  • Server logs and IP addresses: 90 days.
  • Anonymised analytics records: indefinite, no PII.

8. Your rights

You can: access, export, correct, delete, restrict, port, and object. The product surfaces these through "Settings → Privacy" and:

  • `POST /api/v1/privacy/data-export` for a full ZIP of your data;
  • `POST /api/v1/privacy/account-deletion` (scheduled 30 days out, cancel

any time).

To exercise rights specifically under GDPR, UK DPA 2018, PDPB, PIPEDA, or CCPA/CPRA, write to **privacy@scholarai.pk**. We respond within 30 days.

9. Children

Minimum age 16. Users 16–18 must provide a parental consent email which we verify before unlocking premium features.

10. Breach notification

If a breach is likely to affect you we notify you and the relevant regulators (PTA Pakistan, ICO UK, EU DPAs) within 72 hours of discovery.

11. Cookies

See the Cookie Policy. Strictly-necessary cookies require no consent; analytics and marketing cookies are opt-in.

12. Contact

privacy@scholarai.pk — Data Protection Officer