Privacy Policy
Last updated: 21 May 2026
Study Path ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website and services. We comply with the General Data Protection Regulation (GDPR) and Dutch data protection laws (AVG).
1Data Controller
For any privacy-related questions or to exercise your rights, contact us at [email protected].
2What Data We Collect
We collect the following categories of personal data:
2.1 Data you provide directly
- Account data: name, email address, password (encrypted)
- Profile data: nationality, education background, target programs
- Application documents: diplomas, transcripts, motivation letters, CVs
- Communication: messages, support requests, feedback
- Payment data: billing address, payment method (processed by Stripe)
2.2 Data collected automatically
- Technical data: IP address, browser type, device information
- Usage data: pages visited, features used, time spent (collected via Google Analytics and DataFast)
- Cookies: see our Cookie Policy
2.3 Data from third parties
- Google Sign-In: name, email, profile picture (if you use Google login)
3Why We Process Your Data (Legal Basis)
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Provide our services (application support, document review) | Contract performance (Art. 6(1)(b)) |
| Create and manage your account | Contract performance (Art. 6(1)(b)) |
| Process payments | Contract performance (Art. 6(1)(b)) |
| Send service-related communications | Contract performance (Art. 6(1)(b)) |
| Respond to support requests | Legitimate interest (Art. 6(1)(f)) |
| Improve our website and services | Legitimate interest (Art. 6(1)(f)) |
| Analytics (anonymized) | Legitimate interest (Art. 6(1)(f)) |
| Onboarding and marketing emails (with one-click opt-out) | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance (tax, fraud prevention) | Legal obligation (Art. 6(1)(c)) |
3.1 Email Communications
We send two types of emails:
- Transactional emails — account verification, payment confirmations, document status updates, deadline reminders, and support replies. These are tied to your use of the service and you continue to receive them as long as you have an active account.
- Onboarding and marketing emails — a short welcome series sent to new signups (five emails over two weeks) introducing our application checklist, guides, deadlines, and services. We send these on the basis of legitimate interest in the customer relationship you established by signing up. The series stops automatically if you purchase a service package.
You can opt out of marketing emails at any time using the one-click Unsubscribe link in the footer of every marketing email — no login required. We store your preference and honor it on all future marketing emails. Opting out of marketing does not stop transactional emails — those continue because they are necessary for the service you signed up for.
If you change your mind, you can re-enable marketing emails by contacting us at [email protected].
4Who We Share Data With
We do not sell your personal data. We share data only with:
Service Providers (Processors)
- Supabase Inc. — Database hosting, authentication (USA, EU data region)
- Stripe Inc. — Payment processing (USA, PCI-DSS compliant)
- DataFast — Website analytics (EU)
- Google LLC — Authentication via Google Sign-In (USA)
- Google Analytics (GA4) — Website analytics and traffic measurement (USA, Google LLC)
- Hetzner Online GmbH — Website hosting (Germany, EU)
- Resend, Inc. — Transactional and onboarding email delivery (USA)
- Cloudflare, Inc. — Secure storage of documents you upload with a service order (e.g. CV, transcripts, diplomas) via Cloudflare R2 (USA, EU storage region)
With Your Consent
If you ask us to communicate with universities or authorities on your behalf, we share relevant information with them as needed.
Legal Requirements
We may disclose data if required by law, court order, or to protect our legal rights.
5International Transfers
Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States. We ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework certification (where applicable)
- Standard Contractual Clauses (SCCs) approved by the EU
- Binding Corporate Rules
You can request a copy of applicable safeguards by contacting us.
6Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 12 months |
| Application documents | 12 months after service completion |
| Payment records | 7 years (Dutch tax law requirement) |
| Communication history | 3 years |
| Analytics data | 26 months (anonymized) |
| Marketing consent records | Until consent withdrawn + 3 years |
After the retention period, data is securely deleted or anonymized.
7Your Rights (GDPR)
Under GDPR, you have the following rights:
To exercise your rights, email us at [email protected]. We respond within 30 days.
You also have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens
8Data Security
We implement appropriate security measures including:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for sensitive data
- Access controls and authentication
- Regular security assessments
- Employee training on data protection
While we take reasonable precautions, no system is 100% secure. Please use strong passwords and keep your login credentials safe.
9Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect data from children under 16. If you believe a child has provided us data, contact us and we will delete it.
10Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For significant changes, we will notify you via email or website notification.
11Contact Us
For any privacy-related questions, requests, or concerns:
Email: [email protected]
Address: Study Path, Kratonkade 710, 3024EX Rotterdam, Netherlands
Phone: +31 6 12 93 73 24