← Back to home

Privacy Policy

Last updated: April 18, 2026

1. Introduction

EduCRM ("we", "us", "our") is operated by GN. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our websites educrmapp.com and educrm.gr and use our services, including our customer relationship management platform hosted at app.educrmapp.com.

2. Information We Collect

We may collect the following types of information:

  • Personal Information: Name, email address, company name, and phone number provided when you create an account, fill out a contact form, or subscribe to our service.
  • Account Data: Information you enter into the platform, including student records, session logs, payment records, and application data.
  • Usage Data: Information about how you interact with our website and platform, including IP address, browser type, pages visited, and time spent.
  • Payment Information: Billing details processed securely through Stripe. We do not store your credit card information on our servers.

3. How We Use Your Information

  • To provide, operate, and maintain our services
  • To process your transactions and manage your subscription
  • To communicate with you, including responding to inquiries and sending service updates
  • To improve our website and services
  • To comply with legal obligations

4. Data Sharing

We do not sell your personal information. We share data only with sub-processors necessary to operate the Service:

  • Google Cloud (Firebase, Firestore, Cloud Functions, KMS) hosting, database, authentication, OAuth-token encryption. Region: europe-west1.
  • Anthropic (Claude API) AI classification, summarization, drafting.
  • Vercel frontend hosting.
  • Stripe payment processing.
  • Resend transactional email (invites, notifications).

All sub-processors are bound by their own privacy policies and data processing agreements. A current sub-processor list is available at educrmapp.com/security on request.

5. Google User Data Gmail Integration

EduCRM integrates with Gmail using the Google OAuth 2.0 flow. When a student authorizes the integration, we request the following scopes:

  • gmail.readonly to read the student's incoming email related to university applications, so the consultant can track responses.
  • gmail.send to send email on the student's behalf, from the student's account, at the consultant's direction.

We do not request any other Gmail scope. Every authorization requires explicit per-student consent via our consent portal at student.educrmapp.com, and can be revoked at any time from that portal or from https://myaccount.google.com/permissions.

EduCRM's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

6. AI Processing

Email content captured via the Gmail integration is sent to Anthropic (Claude) for classification (urgency, category, entities), summarization (per-student state summaries), and reply drafting. Anthropic processes this data as a sub-processor under our data processing agreement. Claude does not train on our customers' data.

AI-generated drafts are never sent automatically. Every draft is reviewed by the consultant and subject to a 30-second undo window before dispatch.

7. Data Retention

  • Workspace and account data: retained for as long as your account is active. Exported and deleted within 30 days of account closure on request.
  • Gmail-synced email data: retained for up to 2 years after the associated connection is revoked or expires, then auto-purged.
  • AI processing logs (usage counters, audit events): retained for 12 months.
  • Payment records: retained for 7 years, as required by tax law.

You may request immediate deletion of any personal data by contacting us at the address below.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data is transmitted over encrypted connections (HTTPS/TLS).

9. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Request portability of your data
  • Withdraw consent at any time

To exercise any of these rights, please contact us at the email below.

10. Cookies

We use essential cookies to ensure the proper functioning of our website and platform. We may also use analytics cookies to understand how visitors interact with our site. You can control cookie preferences through your browser settings.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

GN
Email: privacy@educrmapp.com