Back to Home

GDPR Compliance

Last updated: April 14, 2026

1. Our Commitment to GDPR

ScholarPath is committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines how we handle personal data of EU residents and your rights under the regulation.

2. Data Controller

ScholarPath is the data controller for personal information collected through our website and services. We determine the purposes and means of processing your data.

Contact: castarokio@gmail.com

3. Legal Basis for Processing

We process your data based on:

  • Consent: When you subscribe to newsletters or opt into marketing communications
  • Contract: When you enroll in our services (we need your data to provide guidance)
  • Legitimate interests: To improve our services, prevent fraud, and ensure security
  • Legal obligations: To comply with tax, accounting, or regulatory requirements

4. Your Rights Under GDPR

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("Right to be Forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Rights Related to Automated Decision-Making: We do not use automated decision-making or profiling

5. How to Exercise Your Rights

To exercise any of your GDPR rights:

  1. 1. Email us at castarokio@gmail.com
  2. 2. Specify which right you wish to exercise
  3. 3. We will respond within 30 calendar days
  4. 4. No fees apply unless requests are manifestly unfounded or excessive

6. Data Transfers Outside the EEA

We may transfer your data outside the European Economic Area (EEA) to countries such as the United States (via Supabase and Vercel). We ensure appropriate safeguards are in place, including Standard Contractual Clauses and adequacy decisions.

7. Data Retention

We retain personal data only as long as necessary. After account closure, data is deleted within 90 days unless we have a legal obligation to retain it longer.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including SSL encryption, encrypted databases, access controls, and regular security audits.

9. Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority. In the EU, you can contact your national data protection authority for assistance.

10. Data Processing Agreement (DPA)

If you are an organization using ScholarPath services, a Data Processing Agreement is available upon request. Contact us at castarokio@gmail.com

Want to Delete Your Data?

You can request complete data removal at any time.

1