Back to StudentLife OSLegal Center
Terms of ServicePrivacy PolicyCookie PolicyData UsageAcceptable UseCommunity GuidelinesSecurityAccessibilityDMCACopyright and IP

Legal documents

  • Terms of Service
  • Privacy Policy
  • Cookie Policy
  • Data Usage
  • Acceptable Use
  • Community Guidelines
  • Security
  • Accessibility
  • DMCA
  • Copyright and IP

Legal

Privacy Policy

Last updated: June 30, 2026

What we collect, how we use it, and the choices you have.

1. Overview

StudentLife Technologies LLC operates StudentLife OS. This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have. We do not sell your personal information.

2. Information we collect

From students:

  • Email address, name, and profile information
  • School, major, graduation year, academic interests, career goals
  • Resume and portfolio content you choose to upload
  • Application and engagement activity on the Platform

From schools and organizations:

  • Institution or company name and details
  • Contact information of authorized representatives
  • Opportunity postings and usage analytics

From team members of a school or organization:

  • Name and email address of each person invited into a workspace, and the role they are assigned
  • Who invited them, when they accepted, when they last signed in, and whether they have enrolled in multi-factor authentication
  • A record of sensitive actions they take in the workspace (such as role changes, removals, exports, and billing changes), kept in a tamper-evident audit log
  • Sign-in security signals (device, approximate location from IP, and session activity) used to protect the account

A workspace owner and its administrators can see this team and account information for the workspace they manage. Multi-factor codes themselves are never stored in a readable form, and one member can never see another member's codes or secrets.

From optional integrations you choose to connect:

  • If you connect a calendar integration such as Google Calendar, we store an authorization (an access token, encrypted at rest) that lets us add your own interviews and events to your calendar and read back changes you make to those items. We request only the permission to manage calendar events and to read your account email address, never your contacts or unrelated calendar data, and you can disconnect at any time, which deletes the stored authorization. How this data flows to the calendar provider is described in Section 5.

3. How we use your information

  • To provide, maintain, and improve the Platform
  • To match students with relevant opportunities
  • To let an organization reach students who fit an opportunity through targeted outreach. When an organization sends a Bulk Outreach, it chooses audience criteria such as field of study, student type, location, interests, or skills, and the Platform uses the attributes in your profile to decide whether you are included. The organization does not receive a downloadable list of who matched; it sends a message that is delivered to matching students, and you can mute, block, report, or decline further contact at any time. You can also limit who can message you and whether you appear in search in your settings
  • To keep applicants informed about an opportunity they applied to, including application receipts, status updates, interview invitations and reminders, offers, and a final decision when an institution closes its recruiting, delivered as in-app notifications and email
  • To communicate important updates and notifications
  • To preserve your access across the student lifecycle. If you provide a personal email, we use it to keep your account reachable after you graduate, when your school email may be deactivated: we route sign-in and security codes to your verified personal email and accept it as a sign-in identifier, and we send graduation-related reminders so you do not lose access. You can add, change, or remove your personal email in your settings
  • To analyze usage in aggregate and improve the service
  • To keep accounts and the Platform secure and prevent fraud
  • To power the optional SLOS AI assistant when you choose to use it
  • To comply with legal obligations

Featured students and testimonials. We use your name, photo, and words in our marketing or on our website only if you have given us permission to be featured. We never turn your profile into a public testimonial automatically. You can withdraw your permission at any time by emailing support@studentlifeos.com, and we will remove the testimonial promptly. The license that applies when you agree to be featured is described in our Terms of Service.

4. SLOS AI application assistant

SLOS AI is an optional feature that drafts opportunity applications for you. It is off by default and runs only when you choose to use it.

  • What is sent to our AI provider: when you use SLOS AI, the relevant parts of your profile and the text of your uploaded resume are sent to a third-party AI provider that operates the model on our behalf (a sub-processor under contract that does not train its models on your data) to draft answers for the application you are completing. This is your own information going into your own application.
  • What is never sent (protected information): your demographic, EEO, and other sensitive identity information (for example race, ethnicity, gender, age, disability, or veteran status) is protected information. The assistant never reads it and never authors identity answers. It is held in a separate, consent-gated store the assistant cannot access, it is never sent to the AI provider, and it is never used to rank, score, or judge you. Those answers remain entirely your choice.
  • Demographic information on auto-apply: SLOS AI never writes demographic answers. Only if you explicitly turn on the optional consent in the SLOS AI hub may the demographic information you have already saved yourself be included when the assistant auto-submits, exactly as you entered it. If you do not consent, auto-apply behaves as if the demographic section were left blank. This never affects review-mode applications.
  • What SLOS AI knows about you: we keep a summary of the profile and resume signals the assistant uses, which you can view at any time in the SLOS AI hub. We do not re-process your resume unless it changes.
  • Accuracy is AI-estimated: a second AI reviews each draft and shows an estimated accuracy score. You are responsible for what you submit, and by default you review every application first.
  • Our AI provider processes this data only to return the draft, under contract terms that prohibit using it to train their models, and we do not sell it.

5. Eligibility verification and document review

To keep the Platform trustworthy, we verify that students are real, enrolled students, that organizations are legitimate, and that schools are genuine institutions. This section explains the personal information involved and how we handle it. A plain-language overview is also published at studentlifeos.com/verification.

Students: the .edu fast path. Signup is open to any email address. A student who signs in with a verified school email ending in .edu is trusted automatically and is not asked to upload any document. This is a high-confidence shortcut, not the only path to verification.

Students: document review. A student who does not have a .edu email may upload a document that proves current enrollment so a member of our review team can confirm it by hand. We accept only a limited set of enrollment documents: a current student ID card, an official enrollment verification letter, a current class schedule, a student educational plan, an acceptance letter, or, for recent graduates, a diploma or degree confirmation. We use these documents solely to confirm enrollment eligibility. You can skip the upload when you first sign up and keep using the Platform during a grace window of ten sign-ins or thirty days, whichever comes first; after that we ask you to upload a document before continuing.

What we deliberately never ask for

We never ask for an academic transcript (transcripts often carry a Social Security number), tuition or other financial records, or a screenshot of a school portal, and we never request your Social Security number for verification. If a document you submit contains information we did not ask for, you should redact it before uploading.

You choose the document, and it is your responsibility. You decide which document to upload, and you are solely responsible for what it contains. Please upload only the enrollment documents listed above, and redact any sensitive detail first. If you choose to upload a document that includes sensitive information, such as your Social Security or taxpayer number, financial or tax records, bank or payment details, or your full date of birth, despite our guidance and the warnings we show in the product, you do so at your own risk and you, not StudentLife OS, are responsible for any consequences of that choice. If you ever send us something you should not have, contact support@studentlifeos.com and we will delete it. This is also stated in our Terms of Service.

How verification documents are protected. Uploaded documents are stored in encrypted object storage using AES-256, in a private location scoped to your account. A reviewer can open a document only through a signed link that expires within minutes, never a permanent URL, and every time a document is opened it is recorded in our tamper-evident audit trail. Verification documents are reviewed only by our dedicated review team through a single internal case queue, and are never shown to schools, organizations, or other students.

Status, badge, and timing. A student moves from pending to under review when a document is submitted, and then to verified, more information needed, or rejected after a human review, which we aim to complete within a few business days. Each student carries a verified, pending, or unverified badge that schools, departments, and organizations can see. A later confirmation from a verified school email (a .edu address, or an address at a domain a school has formally declared) can upgrade a student to verified automatically. We never use a verification document to rank, score, or judge you, and you may use the Platform during a short grace window while a review is in progress.

School-declared email format (second layer). After a school is approved, it may declare the email format its students use, for example an address ending in students.school.edu. We use this only to confirm student eligibility at scale: a student whose address matches the declared format stays verified, and a previously verified student whose address does not match is returned to a pending state so we can confirm their enrollment. The declaration is locked once the school submits it, and changes are handled by our team on request.

When we ask your school to confirm you.In limited cases, for example when a verified student's address does not match their school's declared format, our review team may ask the school you claim to attend to confirm whether you are enrolled. To do this we share your name with that school inside its portal so it can answer yes or no. We share only what is needed for that confirmation, only with a school you yourself have listed, and the school cannot suspend or remove your account; only our team can act on the answer. We never share your uploaded verification documents with the school.

Suspension, removal, and reversibility. If you do not respond to repeated requests to verify, we may temporarily suspend access to your account through our standard enforcement process, and we lift the suspension once you provide what we asked for. Accounts created to deceive, or that abuse the Platform, may be permanently removed and their email address blocked from creating a new account, always after a human review. Verification decisions are reversible: if you provide what we need, or a decision was made in error, your status is restored. You can ask us to review any decision at support@studentlifeos.com.

Retention of verification documents. We retain an uploaded verification document only as long as needed to perform and record the review and to meet our legal and safety obligations, after which it is removed in line with our Data Usage Policy. You may ask us to delete a verification document at support@studentlifeos.com.

Organizations and schools. Organizations are reviewed before approval, and we may research publicly available information about an organization to confirm it is legitimate before it can reach students. Schools are reviewed manually by a member of our team before approval, and once approved a school and its active departments are verified automatically. The information used for these reviews is the account and contact information the organization or school provides at signup, together with publicly available information we may research to confirm legitimacy. A blue verification badge we grant after review is described in our Terms of Service.

Fraud, abuse, and enforcement. If we suspect that you submitted false information, forged or misleading verification documents, impersonated someone, maintained duplicate accounts, or otherwise violated our policies, we may collect and review additional signals (including device and IP information, account activity, verification submissions, messages, applications, and reports from schools or organizations) to investigate. We may retain verification materials, security-case records, and audit logs longer when needed for an active investigation, to prevent re-entry after removal, to respond to legal process, or to protect the Platform. We may share relevant information with a school, organization, or authority when we believe it is necessary to address fraud, safety, or legal obligations.

6. Information sharing

We share information only as follows, and we never sell it:

  • With schools and organizations: when you apply to an opportunity, the relevant institution can see your profile and application. Institutions also receive engagement analytics about their OWN activity (for example, the schools their applicants come from and the institutions that viewed their public profile). These analytics identify viewing institutions and aggregate trends, not the personal browsing of an individual, and any demographic breakdown is aggregate only and suppressed below a minimum sample size. See our Data Usage Policy.
  • AI-assisted candidate ranking: an institution on a qualifying plan may ask SLOS AI to rank the applicants to one of its own opportunities. When it does, the materials you submitted to that opportunity (your profile signals, and on a deep check the text of your resume and cover letter and any attachments the institution selects) are sent to the same third-party AI sub-processor described in Section 4, under an alias with contact details removed, solely to produce a ranking for that institution. Your demographic, EEO, and other sensitive identity answers are never sent and the ranking never uses them, and the sub-processor does not train its models on your data. The ranking is decision-support only; the institution makes every hiring decision and must not use the tool to discriminate unlawfully (see our Acceptable Use Policy).
  • Public profile:information you choose to make public. Organization and institution accounts have a public profile that students, schools, departments, and other organizations can view. On some plans an organization's entire profile is public by default; certain paid plans add controls to restrict which sections are visible. You should not place information you wish to keep private on a public profile.
  • Student profile and findability:as a student you control how discoverable you are. By default your profile is public, which means members of the Platform who have a legitimate connection to you (for example, an organization whose opportunity you applied to, or a school you are affiliated with) may view it. You can set your profile to private so that only you can see it, switch off "Show in search results" so that you do not appear in search or directories, and switch off messaging so that others cannot start a conversation with you. There is no all-students directory, and no account can browse the entire student body. These controls are enforced on our servers, so a student who turns findability off is withheld from search, from directories, from the contact lists organizations use to reach students, and from the cohorts used by our matching, and cannot be revealed by altering a link or URL.
  • AI provider: when you use SLOS AI, as described above, solely to draft your application and never to train their models.
  • Calendar provider, if you connect one:connecting a calendar integration such as Google Calendar is optional and entirely your choice. When you connect it, we add your own interviews and events to your Google Calendar (including the attendees and the meeting link) and read back changes you make to those items, so your schedule stays in sync. We send only your own calendar entries to the provider for this purpose, never another user's data, and the provider operates under its own terms. We request only the permission to manage calendar events and to read your account email address, the authorization is encrypted at rest, and disconnecting deletes it. You can use the platform fully without ever connecting a calendar.
  • Service providers (sub-processors): trusted, independently audited providers that operate the Platform on our behalf under contract, each handling only the data needed for its function: Vercel (application hosting), Supabase (managed database), Amazon Web Services (encrypted file storage), Cloudflare (network edge, content delivery, bot protection, and approximate IP-based location), Upstash (rate limiting and abuse control), Stripe (payment processing), Pusher (real-time delivery), and Resend (email delivery). We require each to protect your data and use it only to provide their service to us.
  • Legal compliance: when required by law or to protect the rights and safety of users and the Platform.
  • Analytics: aggregated, anonymized data for platform improvement.

7. Location information

We collect and store approximate location for two specific purposes: detecting suspicious sign-ins (a sudden move from one country to a far-away one is a strong indicator of a stolen session) and showing you which devices are signed into your account, and from where.

What we collect, automatically:

  • Your IP address each time you sign in or make an authenticated request.
  • The approximate city, region or state, and country your IP address resolves to, derived from our network provider Cloudflare at the edge. This is approximate, IP-based location only. We do not request, use, or store GPS or browser precise-location data, and no third-party geocoding API is involved.
  • The same IP-derived city, region, and country when you sign up for an organization, school, or department account. You can see this in your settings under Account origin.

Retention. Per-session location lives as long as the session record. Audit-log location entries are retained for 90 days, then deleted. Signup-time location stays on the account record for as long as the account exists. We never share this with other principals, never use it for advertising, and never sell it.

8. Cookies and tracking

We use strictly-necessary first-party cookies for signed-in sessions, multi-factor authentication, and remembering your cookie-consent choice, plus one small first-party analytics cookie so anonymous opportunity-view counts are honest per browser. We do not use advertising cookies and do not sell your data. For the full per-cookie inventory, see our Cookie Policy.

9. Data security

We protect your data with encryption in transit and at rest, secure credential hashing, access controls, multi-factor authentication, and continuous monitoring. See our Security page for more.

10. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and data
  • Export your data (portability)
  • Opt out of marketing communications
  • Object to or restrict certain processing
  • Control your discoverability (students): set your profile to public or private, choose whether you appear in search and directories, and choose whether others can message you. These settings are enforced on our servers, so if you choose not to be found, you are not found.

To exercise these rights, contact support@studentlifeos.com. We honor applicable rights under FERPA, GDPR, and the CCPA. See our Data Usage Policy for how data is used and retained.

11. Children's privacy

The Platform is intended for high school, college, and university students and recent graduates. If you are under 18, you may use it only with parent or guardian consent. We do not knowingly collect data from children under 13. If you believe we have, contact us and we will delete it.

12. International users

If you access the Platform from outside the United States, your data may be processed in the United States. Where required, we rely on appropriate safeguards for international transfers, and you retain the rights described above.

13. Legal bases for processing (EEA and UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data on these legal bases:

  • Contract: to provide the Platform and the features you ask for, including your account, applications, messaging, and scheduling.
  • Legitimate interests: to keep accounts and the Platform secure, prevent fraud and abuse, understand usage in aggregate, and improve the service, balanced against your rights.
  • Consent: for optional features you turn on, such as the SLOS AI assistant, a connected calendar integration, the optional demographics you choose to share, and any non-essential communications. You may withdraw consent at any time.
  • Legal obligation: to comply with applicable law and lawful requests.

14. Your California privacy rights

If you are a California resident, you have the right to know what personal information we collect and how we use and disclose it, to request access to and a copy of it, to request correction, to request deletion, and to not be discriminated against for exercising these rights. We do not sell your personal information and we do not share it for cross-context behavioral advertising, so there is no sale or targeted-advertising opt-out to exercise. The categories of information we collect and the purposes for which we use them are described in the sections above. To exercise a right, contact support@studentlifeos.com; we will verify your request through your account and respond within the timeframes the law requires. You may use an authorized agent where the law permits.

15. Automated processing, matching, and AI

The Platform uses automated processing to operate, and we are transparent about it. Opportunity matching ranks opportunities for a student, and the optional SLOS AI candidate match ranks applicants for an institution. These are decision-support tools that produce estimates and suggestions; they do not by themselves make a hiring, admission, or funding decision about you, the institution does. Demographic and other protected information is never used by any matching or AI ranking and is never sent to the AI provider. The SLOS AI assistant runs only when a user chooses to use it and is grounded only in that user's own saved data. You can ask us about the automated processing that affects you by contacting support@studentlifeos.com.

When an institution runs the SLOS AI candidate match on the applicants to one of its opportunities, your application is protected before anything is sent to the AI provider: you are referred to only by an alias, so no name, email, or school name is sent; the text of your resume, cover letter, and free-text answers is stripped of contact details such as email addresses and phone numbers; and your demographic information is never included. The match produces a relevance estimate and a short written explanation to help the institution review applicants. It never makes the decision, and it never changes your verification status or trust badge. The institution remains responsible for every hiring, admission, or funding decision it makes, and you can ask whether an institution used the match on your application by contacting the institution or us.

16. Data retention

We keep personal data for as long as your account is active or as needed to provide the Platform, and longer only where a specific purpose requires it.

  • Account and profile data: retained while your account exists, and removed or anonymized after deletion except for records we are required or permitted to keep.
  • Graduate and alumni accounts: after graduation your account is retained in recent graduate status with full access for a defined period (currently five years), then alumni access ends and the account is retired and kept only for audit. You can request a copy of your data, or deletion, at any time by contacting support.
  • Per-session location and device data: retained for the life of the session record; security audit-log location entries are retained for approximately 90 days, then deleted.
  • Signup-time account origin: retained on the account record for as long as the account exists.
  • Security, audit, and safety records: retained for a limited period for legal, security, and integrity reasons even after account deletion.
  • Aggregated, anonymized analytics that can no longer identify you may be retained.

17. Security incidents

We protect your data with the measures described in our Security page. If we become aware of a data breach that affects your personal information, we will notify affected users and the appropriate authorities as required by applicable law, and we will describe what happened, what we are doing, and the steps you can take.

18. Changes to this policy

We will notify you of significant changes by email or Platform notification before they take effect. The Last updated date above reflects the most recent revision.

19. Contact us

For privacy questions or to exercise your rights, contact us:

StudentLife Technologies LLC

1 Sansome St, Suite 1400, San Francisco, CA 94104

Email: support@studentlifeos.com

Phone: (415) 508-8610