This Privacy Policy describes how GiftMatch Compass (“GiftMatch Compass,” “we,” “us”) collects, uses, shares, and protects information when you use GiftMatch Compass (the “service”). It applies to all users, with additional terms for Schools and student users in Section 6.
| Category | Examples | Source |
|---|---|---|
| Account information | Name, email, password hash, optional profile photo, optional U.S. state. | You (at signup) or your Google sign-in if you use it. |
| Assessment responses | Your answers to the 49-question trait assessment and the resulting trait profile. | You (when you take the assessment). |
| Experience content | Resume text, job/volunteer/project/education entries you type or upload. | You. |
| Generated output | Archetype profile, narrative, career matches, reflections, and related artifacts personalized to you. | Generated by the service from the inputs above. |
| Feedback | “Was this helpful?” ratings and similar in-product feedback. | You. |
| Billing information | For paid plans, limited billing metadata (subscription status, last-four, country) received from Paddle. | Paddle, our payment processor. |
| Technical information | IP address, user agent, session cookie, timestamps, error logs. | Your browser. |
We do not intentionally collect government identifiers (SSN, driver’s license, passport), precise geolocation, biometrics, health records, or financial account numbers, and we ask you not to include such data in resume or experience entries.
We use your information to: (a) create and operate your account; (b) generate your archetype, narrative, career matches, deep dives, and reflections; (c) secure the service and prevent abuse; (d) deliver the plan you purchased and process renewals; (e) respond to support requests; (f) improve the service, including through aggregate analytics (never using covered student data for advertising); and (g) comply with legal obligations.
To generate narrative content we send relevant portions of your trait profile, archetype profile, and experience entries to third-party large-language-model providers (currently OpenAI and Anthropic) under their enterprise/API terms. These providers process inputs to return output to us and, under the API terms we have elected, do not train their public models on your content. We do not include your email address, password, or billing data in these prompts. Generated output is returned to the service and stored with your account.
We share information only as follows:
We do not sell personal information, do not use covered student information for targeted advertising, and do not build advertising profiles from student data.
When a School licenses GiftMatch Compass for its students:
If you are a parent or eligible student with questions about a School deployment, contact your School first; they can loop us in under their agreement.
We keep account and generated content for as long as your account is active. If you delete your account (or a School deletes a student account), we delete the associated records from our primary systems within a commercially reasonable period and purge them from routine backups on our standard backup-rotation schedule. We may retain a narrow set of records longer when required by law (for example, tax records related to a paid subscription).
We use commercially reasonable administrative, technical, and physical safeguards, including encrypted transport (HTTPS), hashed passwords, access controls, and audit logging. No system is perfectly secure, and we cannot guarantee that unauthorized access will never occur. If we discover a security incident affecting your information, we will notify you and applicable authorities consistent with law.
Depending on where you live, you may have rights to access, correct, delete, or export your personal information, to opt out of certain uses, and to appeal a decision we make about a request. To exercise a right, email us from the address on your account, or — if you are a student under a School license — contact your School.
California residents: you may also request a list of the categories of personal information we have collected and shared in the last twelve months. We do not “sell” personal information or share it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act.
The direct-signup service is intended for users 13 and older. We do not knowingly collect personal information from children under 13 through direct signup. If we learn we have collected such information without the required consent, we will delete it promptly. Schools may onboard students under 13 only through a signed agreement that provides verifiable parental consent consistent with COPPA.
GiftMatch Compass is operated from the United States. If you use the service from outside the U.S., you understand that your information will be processed in the U.S., which may have different data-protection laws than your country. By using the service you consent to that transfer.
We will update this Policy as the service evolves. When we make material changes, we will revise the “Last updated” date and provide additional notice when appropriate (for example, by email or in-app notice). Material changes to how we handle student data will be communicated to Schools under their agreements.
Privacy questions, data-rights requests, or School/parent inquiries can be sent to the contact address listed on our FAQ page. Please indicate whether you are an individual user, a parent/guardian, or a School administrator so we can route the request appropriately. For data-source attributions and licensing, see the notice on the How It Works page.
