Privacy Policy

Overview

Pick My U is a Canadian university discovery platform. We help students identify universities that match their passions, strengths, and goals through an interactive quiz and AI-powered guidance. This service is operated as a commercial activity and is therefore subject to PIPEDA.

We collect only the minimum personal information necessary to provide our service. We do not sell your personal information to third parties.

What We Collect

The 10 PIPEDA Fair Information Principles

PIPEDA requires organizations to follow ten fair information principles. Here is how Pick My U applies each one:

1. 1

   Accountability

   Pick My U is responsible for all personal information under its control. We have designated a privacy contact (see below) who is accountable for compliance with this policy.

2. 2

   Identifying Purposes

   We collect personal information only for the following purposes: (a) to create and authenticate user accounts; (b) to personalize and save quiz results; (c) to generate AI-powered university recommendations. Purposes are identified before or at the time of collection.

3. 3

   Consent

   By creating an account or requesting AI advice, you consent to the collection, use, and disclosure of your personal information as described in this policy. You may withdraw consent at any time by deleting your account. Browsing the site requires no consent as no personal information is collected.

4. 4

   Limiting Collection

   We collect only the information necessary for the identified purposes. We do not collect sensitive personal information (health data, SIN, financial data) and will not do so without explicit, separate consent.

5. 5

   Limiting Use, Disclosure & Retention

   Your personal information is used only for the purposes for which it was collected. We do not sell, rent, or trade your data. Account data is retained until you delete your account. Quiz answers held in localStorage are under your own control and are cleared when you clear your browser data.

6. 6

   Accuracy

   We keep personal information as accurate, complete, and up-to-date as necessary. You can update your account information at any time by contacting us. If you believe information we hold about you is inaccurate, you may request a correction.

7. 7

   Safeguards

   Personal information is protected by security safeguards appropriate to the sensitivity of the information. Passwords are hashed using bcrypt (12 rounds). Session tokens are signed with a secret key. Data is stored on secured servers. We do not transmit personal information over unencrypted connections.

8. 8

   Openness

   Our privacy practices are documented in this publicly available policy. We will inform you of any material changes to this policy by updating the effective date and, where appropriate, by notice on the site.

9. 9

   Individual Access

   You have the right to access the personal information we hold about you and to challenge its accuracy and completeness. To request access, contact us at the address below. We will respond within 30 days.

10. 10

    Challenging Compliance

    If you believe we have not complied with PIPEDA, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca or contact us directly first so we can attempt to resolve the concern.

AI-Generated Advice

When you request personalized university advice, your quiz answers and matched universities are transmitted to Anthropic PBC (Claude API) to generate the response. This is a one-time, stateless request — Anthropic does not store your data for model training under their API terms. Your quiz answers are not stored on Pick My U servers at any point during this process.

You can review Anthropic's privacy practices at anthropic.com/privacy.

Cookies & Sessions

We use a single session cookie (HTTP-only, Secure, SameSite=Lax) to maintain your authenticated session. This cookie contains a signed JWT with your user ID and name. It is strictly necessary for authentication and cannot be disabled without preventing sign-in.

We do not use advertising cookies, third-party tracking pixels, or analytics services that collect personal information.

Data Retention

Your Rights Under PIPEDA

As an individual, you have the right to:

• ✓Access the personal information we hold about you (respond within 30 days)
• ✓Correct inaccurate or incomplete information
• ✓Withdraw consent and request deletion of your account and all associated data
• ✓Know whether we hold personal information about you
• ✓File a complaint with the Office of the Privacy Commissioner of Canada

To exercise any of these rights, sign in to your account page (where you can delete your account instantly) or contact us at the address below.

Security Breach Reporting

In the event of a breach of security safeguards that poses a real risk of significant harm to individuals, we will:

• Report the breach to the Office of the Privacy Commissioner of Canada as soon as feasible
• Notify affected individuals directly
• Maintain a record of all breaches for a minimum of 24 months

If you suspect your account has been compromised, please contact us immediately at the address below and change your password.

Provincial Privacy Laws

Alberta, British Columbia, and Quebec have provincial privacy laws deemed "substantially similar" to PIPEDA. For intra-provincial commercial activity in those provinces, the provincial law may apply. However, PIPEDA continues to apply to all inter-provincial and international transfers of personal information, as well as to federally regulated activities. Pick My U operates nationally and complies with both PIPEDA and applicable provincial requirements.

Contact & Complaints

For privacy-related questions, access requests, corrections, or complaints, contact our Privacy Officer:

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada:

Note: The OPC can make recommendations but enforcement may escalate to the Federal Court of Canada under PIPEDA s.14.