Skip to main content

edRoo - Privacy Policy

Last updated on March 2026.

This Privacy Policy describes how edRooPty Ltd (“we”, “us”, “our”) collects, uses, and shares your personal information when you use the edRooplatform and website (collectively, the “Services”).

1. What We Collect

We collect the following categories of personal information:

  • Account information: name, email address, and password (hashed) when you create an account.
  • Profile and academic data: grades, GPA, English test scores, qualifications, study gap details, and other information you provide to build your admissions profile.
  • Documents: transcripts, English test certificates, statements of purpose, and identity documents you upload for checklist verification.
  • Application data: program selections, application status, and submission history.
  • Payment information: subscription billing data processed by Stripe. We do not store raw card details.
  • Usage data: pages visited, features used, and session timestamps — collected for platform analytics and improvement.

2. How We Collect It

  • Directly from you: when you register, complete your profile, upload documents, or contact us.
  • Automatically: anonymised usage data collected via Plausible Analytics (no cookies, no personal data) and optional Google Analytics 4 (consent-based, cookie-controlled).
  • From third-party services: authentication events from Supabase Auth (email/password sign-in only).

3. How We Use Your Data

We use your personal information to:

  • Operate and deliver the Services, including calculating your competitiveness score and managing your admissions checklist.
  • Submit your application to Australian universities and institutions on your behalf (one-click submission), following your instruction.
  • Verify your documents for admissions readiness (human review by QEAC-certified advisor and/or automated AI pre-checks).
  • Process your subscription payment via Stripe.
  • Send you in-app notifications and transactional emails related to your application status.
  • Improve platform features through aggregate, anonymised analytics.

We do not use your data for advertising, sell it to third parties, or share it with partner universities except upon a specific application submission you initiate.

4. Who We Share With

  • Partner universities and institutions: your application data and documents are shared with the specific institution you apply to, at the point of submission only.
  • Supabase: database and file storage provider. Data stored in Australian data centres. Supabase acts as a data processor under our instructions.
  • Stripe:payment processor. Handles subscription billing. Subject to Stripe's own privacy policy.
  • OpenAI (Azure OpenAI Service): used for AI-assisted checklist and document pre-checks. Data is not used to train OpenAI models under our enterprise agreement.
  • Plausible Analytics: privacy-first, cookie-less website analytics. No personal data transmitted.
  • Google Analytics 4: optional analytics, activated only upon your cookie consent.

We do not share your data with any other third parties except as required by law.

5. Data Storage & Retention

All student personal data and uploaded documents are stored in Supabase-managed Australian data centres (Sydney region). We retain your data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

6. Analytics

Plausible Analytics is used on the edRoo public website. It is cookie-free and collects no personal identifiers — only anonymous aggregate page visit data. You cannot be tracked across websites.

Google Analytics 4 is used for deeper product analytics and is only activated after you provide explicit cookie consent. You can withdraw consent at any time via the cookie preferences banner.

7. Your Rights

Under the Australian Privacy Act 1988 (Cth) and relevant state privacy law, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated personal data.
  • Portability: receive a copy of your data in a machine-readable format on request.
  • Withdraw consent to optional data processing (such as GA4 analytics) at any time.

To exercise any of these rights, contact us at hello@edroo.io.

8. Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, and role-based access controls. Uploaded documents are stored in private Supabase Storage buckets inaccessible without authenticated session tokens.

Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at hello@edroo.io.

9. Changes to This Policy

We may update this Privacy Policy periodically. When we do, we will update the “Last updated” date at the top of this page. Material changes will be communicated via in-app notification or email.

10. Contact

For privacy enquiries or to exercise your data rights, contact us at hello@edroo.io. We aim to respond within 5 business days.