Privacy Policy
Summary: This Privacy Policy explains how we collect, use, and protect your personal information. We take special care with data from users under 18 years old and comply with GDPR, COPPA, and other applicable laws.
1. Introduction
PathwayX ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Services").
Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.
This Privacy Policy is especially important for our younger users and their parents or guardians. If you are under 18 years old, please review this policy with a parent or guardian to make sure you both understand it.
2. Information We Collect
We collect several types of information from and about users of our Services:
2.1 Personal Data
For All Users:
- Contact information (such as name and email address)
- Account credentials (such as username and password)
- Profile information (such as profile picture, bio, and location)
- Educational information (such as school, grade level, subjects of interest, and academic achievements)
- Assessment results (such as personality test results, career aptitude test results, and learning style preferences)
- User-generated content (such as posts, comments, and messages)
- Usage data (such as how you interact with our Services, pages visited, time spent on pages, and navigation paths)
- Device information (such as IP address, browser type, operating system, and device identifiers)
Additional Information for Users Under 18:
For users under 18 years old, we limit the personal data we collect to what is reasonably necessary to provide our Services. We require parental consent before collecting personal information from children under 16 in the EU/EEA and under 13 in the United States and other jurisdictions.
2.2 Special Categories of Personal Data
Our career and personality assessments may collect information that could reveal aspects of your personality, preferences, and interests. While we do not intentionally collect sensitive personal data (such as information about health, race, ethnicity, political opinions, religious beliefs, or sexual orientation), some of this information might be inferred from your responses to our assessments or from content you create.
We treat all such data with the highest level of security and confidentiality and only use it for the specific purposes outlined in this Privacy Policy.
2.3 How We Collect Information
We collect information in the following ways:
- Direct Collection: Information you provide to us when you register for an account, complete a profile, fill out forms, respond to surveys, participate in assessments, or communicate with us.
- Automated Collection: As you navigate through our Services, we may use cookies, web beacons, and other tracking technologies to collect information about your equipment, browsing actions, and patterns.
- Third-Party Sources: We may receive information about you from third parties, such as educational institutions, social media platforms (if you choose to link your accounts), and other partners.
3. How We Use Your Information
We use the information we collect for various purposes, including:
3.1 Providing and Improving Our Services
- To create and manage your account
- To provide personalized career guidance and educational recommendations
- To analyze assessment results and generate insights
- To facilitate communication between users (such as messaging and commenting)
- To improve and optimize our Services
- To develop new features, products, and services
3.2 Communication
- To respond to your inquiries, comments, or questions
- To provide customer support
- To send administrative messages (such as account verification, security updates, and changes to our terms or policies)
- To send promotional communications (such as newsletters, educational resources, and event invitations) if you have opted in to receive them
3.3 Research and Analytics
- To conduct research and analysis to better understand our users and improve our Services
- To generate aggregated, anonymized, or de-identified data that we may use for research, educational, or statistical purposes
3.4 Use of Anonymized Data for Educational and Career Opportunities
We may use anonymized and aggregated user data within our platform to provide personalized educational and career opportunities from universities and companies. We will never sell your personal information to third parties or provide it to external organizations without your explicit consent.
This allows us to connect you with relevant opportunities while maintaining your privacy. When data is anonymized, all personally identifiable information is removed, making it impossible to trace the data back to any individual user.
Examples of anonymized data usage include matching students with universities based on career interests or connecting users with companies offering relevant internships. You can adjust your preferences for receiving such opportunities in your account settings.
3.5 Safety and Security
- To protect the safety and security of our users and Services
- To detect, prevent, and address technical issues, fraud, or illegal activity
- To enforce our Terms of Service and other policies
3.6 Legal Compliance
- To comply with applicable laws, regulations, and legal processes
- To respond to lawful requests from public and governmental authorities
4. Legal Basis for Processing (EU/EEA Users)
If you are in the European Union or European Economic Area, we process your personal data based on the following legal grounds:
- Performance of a Contract: Processing necessary to provide our Services to you based on our Terms of Service.
- Legitimate Interests: Processing necessary for our legitimate interests, such as improving our Services, preventing fraud, and ensuring network security, provided that these interests are not overridden by your rights and freedoms.
- Consent: Processing based on your specific consent, such as for sending marketing communications or collecting certain types of data.
- Legal Obligation: Processing necessary to comply with our legal obligations.
For users under 16 in the EU/EEA, we only process personal data based on consent provided or authorized by the holder of parental responsibility.
5. How We Share Your Information
We may share your information with the following categories of recipients:
5.1 Service Providers
We may share your information with third-party service providers who perform services on our behalf, such as hosting, data analysis, payment processing, customer service, email delivery, and auditing. These service providers are contractually obligated to use your information only for the purposes of providing services to us and in accordance with this Privacy Policy.
5.2 Educational Institutions
If you access our Services through an educational institution, we may share your information with that institution as necessary to provide our Services and as permitted by our agreement with the institution.
5.3 Other Users
Certain information, such as your username, profile picture, and content you post publicly, will be visible to other users of our Services. You can control the visibility of your profile and content through your account settings.
5.4 Business Transfers
If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
5.5 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We may also disclose your information to protect our rights, privacy, safety, or property, or that of our users or others.
5.6 With Your Consent
We may share your information with third parties when you have given us your consent to do so.
6. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you
- Whether there is a legal obligation to which we are subject
- Whether retention is advisable in light of our legal position (such as for statutes of limitations)
For users under 18, we implement enhanced data retention practices, including shorter retention periods where appropriate and automatic deletion of certain data when no longer needed.
7. Data Security
We have implemented appropriate technical and organizational measures to protect the security of your personal information. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
Our security measures include:
- Encryption of personal data in transit and at rest
- Regular security assessments and testing
- Access controls and authentication procedures
- Staff training on data protection and security
- Incident response procedures
8. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information. These may include:
8.1 Access and Information
You have the right to access the personal information we hold about you and to receive information about how we use it.
8.2 Correction
You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
8.3 Deletion
You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
8.4 Restriction of Processing
You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data.
8.5 Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
8.6 Objection
You have the right to object to the processing of your personal information in certain circumstances, such as for direct marketing purposes.
8.7 Withdrawal of Consent
If we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.
8.8 Complaint
You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal information violates applicable law.
To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within the timeframe required by applicable law.
8.9 Account Settings
You can update certain information about your account and your preferences directly within your account settings. If you have any issues or questions about this, please contact us.
8.10 Marketing Communications
You can opt out of receiving marketing communications from us by following the unsubscribe instructions included in each communication or by updating your preferences in your account settings.
9. Children's Privacy
We are committed to protecting the privacy of children. Our Services are designed for users of all ages, including children, but with special protections for younger users.
9.1 Users Under 13 (United States)
In compliance with the Children's Online Privacy Protection Act (COPPA), we require parental consent before collecting personal information from children under 13 in the United States. If we learn that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as soon as possible.
9.2 Users Under 16 (EU/EEA)
In compliance with the General Data Protection Regulation (GDPR), we require consent from a parent or guardian before processing the personal data of children under 16 in the EU/EEA.
9.3 Parental Rights
Parents or guardians of users under 18 have the right to:
- Review their child's personal information
- Request that we delete their child's personal information
- Refuse to allow further collection or use of their child's personal information
To exercise these rights, please contact us using the information provided in the "Contact Us" section below.
9.4 Educational Institutions
If our Services are used by an educational institution with students under 18, we may rely on the educational institution to provide appropriate consents and notices to parents in accordance with applicable laws.
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to track activity on our Services and hold certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier.
10.1 Types of Cookies We Use
- Essential Cookies: Necessary for the operation of our Services, such as cookies that enable you to log into secure areas.
- Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our Services.
- Functionality Cookies: Used to recognize you when you return to our Services, enabling us to personalize our content for you.
- Targeting Cookies: Record your visit to our Services, the pages you have visited, and the links you have followed.
10.2 Your Choices Regarding Cookies
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services. You can learn more about cookies and how to manage them in your browser's settings.
For EU/EEA users, we obtain your consent before placing non-essential cookies on your device, in accordance with applicable law.
11. International Data Transfers
We are based in the United Kingdom and may process, store, and transfer your personal information in countries which may have different data protection laws than your country of residence. We take appropriate measures to ensure that your personal information remains protected in accordance with this Privacy Policy and applicable law.
If we transfer your personal information from the EU/EEA to countries not deemed to provide an adequate level of data protection, we will use appropriate safeguards, such as standard contractual clauses approved by the European Commission, to protect your personal information.
12. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. For significant changes, we will provide a more prominent notice, such as an email notification.
We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of such changes.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: privacy@pathwayx.ai
Postal Address:
PathwayX Ltd.
37 Rutland Gate
Knightsbridge, London
SW7 1PD
United Kingdom
Phone: +41 78 705 22 12
13.1 Data Protection Officer
We have appointed a Data Protection Officer who can be contacted at dpo@pathwayx.ai.
13.2 EU Representative
For users in the EU/EEA, our representative under Article 27 of the GDPR is:
PathwayX EU Representative
[Address in EU]
Email: eu-rep@pathwayx.ai