Privacy Policy

1. Introduction

IB Match ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our university program matching and guidance platform.

This policy applies to all users of IB Match, including IB Students, IB Coordinators, University Agents, and Platform Administrators.

By using IB Match, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Information You Provide

The data we collect depends on your role on the platform:

• All Users: Email address, name (optional), avatar image (optional)
• Students: IB courses, predicted/actual scores, course levels (HL/SL), TOK and Extended Essay grades, field of study preferences, location preferences, saved programs
• IB Coordinators: School association, role within the school
• University Agents: University association, program management activity
• Invitation Records: When users invite others (coordinator-to-student, coordinator-to-coordinator, agent-to-agent), we store the inviter's identity, the invitee's email, invitation status, and timestamp

Information Collected Automatically

• Usage Data: Pages visited, features used, search queries
• Device Information: Browser type, device type, operating system
• Log Data: IP address, access times, referring URLs

Payment Information

For schools with paid subscriptions, payments are processed by Stripe. We do not store credit card numbers or full payment details. We retain only Stripe customer and subscription identifiers to manage your subscription.

3. How We Use Your Information

We use your information to:

• Provide personalized program recommendations (students)
• Enable student management and university guidance tools (coordinators)
• Provide program analytics and recruitment insights (university agents)
• Manage platform operations and user accounts (administrators)
• Improve our matching algorithms
• Process subscription payments (Regular schools)
• Send important service updates and invitation emails
• Respond to your inquiries
• Analyze usage patterns to improve the Service
• Enforce our Terms of Service and prevent misuse

4. Data Sharing Between Roles

We do not sell your personal information. The following describes how data is shared between different user roles within the platform:

4.1. Coordinator Access to Student Data

IB Coordinators at a school can view and, where appropriate, edit academic data for students who are linked to their school. Specifically, coordinators may access:

• Student names and email addresses
• Academic profiles (IB courses, grades, levels, TOK/EE grades)
• Program match results and recommendations
• Saved programs

Purpose limitation: This access is strictly for providing university application guidance within the school context.

Student control: Students voluntarily link to a school. A student may unlink from a school at any time, which immediately revokes coordinator access to their data.

Coordinator editing: Coordinators may edit student academic data (courses, grades) for guidance purposes, with appropriate consent from the student or as part of the school's educational guidance process.

4.2. University Agent Access to Data

University Agents can view anonymized, aggregate statistics about students who match with their university's programs. This includes:

• Total match counts per program
• Field of study distribution of matched students
• Average predicted IB scores of matched students
• Geographic interest trends

University Agents cannot access individual student names, email addresses, or personal data.

4.3. Administrator Access

Platform Administrators have access to all platform data for operational, support, and compliance purposes.

5. External Data Sharing

We may share information with third parties only in the following circumstances:

• Service Providers: Third parties that help us operate the Service (see Section 10 for a list of sub-processors)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with a merger or acquisition

6. Cookies and Tracking

We use essential cookies for:

• Authentication and session management (all user roles)
• Security (CSRF protection)
• Remembering your preferences

For details, see our Cookie Policy.

7. Data Security

We implement appropriate security measures to protect your information, including:

• Encryption of data in transit (HTTPS/TLS)
• Role-based access controls ensuring users only access data permitted by their role
• Secure authentication (magic links, OAuth)
• Regular security reviews
• Structured logging and monitoring

8. Data Retention

• Active accounts: We retain your data for as long as your account is active or as needed to provide services.
• Deleted accounts: Upon account deletion, personal data is removed. Anonymized aggregate data (e.g., platform-wide statistics) may be retained.
• School/university deletion: When a school or university deletion request is approved by an administrator, all associated data (coordinator profiles, student links, program listings) is removed.
• Invitation records: Expired or declined invitation records are retained for 90 days for security purposes, then deleted.

You may request deletion of your data at any time.

9. Your Rights

Depending on your jurisdiction (including under GDPR), you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Export your data in a portable format
• Withdraw consent for non-essential data processing
• Object to processing based on legitimate interests
• Restrict processing under certain circumstances

For Students: You may unlink from a school at any time to revoke coordinator access to your data, without deleting your account.

For Coordinators and Agents: You may request deletion of your associated school or university data through the platform. Such requests are reviewed by administrators.

To exercise your rights, contact us at privacy@ibmatch.com.

10. Data Processing Roles (GDPR)

IB Match as Data Controller

IB Match acts as the data controller for:

• User registration and account management
• Operation of the matching algorithm and recommendations
• Platform analytics and service improvement
• Direct communications with users

IB Match as Data Processor

When coordinators manage student data on behalf of their school, the school is the data controller and IB Match acts as a data processor. In this context, IB Match processes student data solely on the school's instructions (as expressed through coordinator actions on the platform).

Sub-Processors

We use the following third-party service providers to operate the platform:

All sub-processors are contractually bound to process data only as instructed and to maintain appropriate security measures.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own (including the United States, where our infrastructure providers operate). Where required, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for transfers outside the EU/EEA.

12. Children's Privacy

The Service is intended for users 13 years and older, consistent with the age of IB students. We do not knowingly collect information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last updated" date at the top of this page indicates when the latest revision was made.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: privacy@ibmatch.com

For GDPR-specific inquiries, you may also contact the relevant data protection authority in your jurisdiction.