Privacy Policy

Last Updated: February 23, 2026

1. Introduction

Welcome to CAA Readiness Index ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, create an account, subscribe to our services, and interact with our platform.

2. Information We Collect

2.1 Account Information — When you create an account, we collect your email address, display name (optional), and profile picture (optional). Account data is stored securely via Supabase.

2.2 Academic Information — When you use our CRI Calculator, we collect the academic information you voluntarily submit, including:

Cumulative GPA
Science GPA
Test scores (MCAT or GRE)
Test type selection

2.3 Saved Results — When you save a CRI result, we store your CRI score, input metrics, percentiles, and the date saved in your account on our servers.

2.4 Personal Statement Swapper Data — When you use the PS Swapper feature, we collect your first name, last name, and email address for matching purposes. If you upload a personal statement file, it is stored securely in Supabase Storage. If you provide a Google Docs link, we store the link. Your PS is shared only with your matched reviewer. We also store your PS Swapper preferences (participation mode, daily limits) and match history.

2.5 Payment Information — Premium subscription payments are processed by Stripe. We do not directly collect, store, or have access to your full credit card number or payment card details. Stripe handles all payment data in compliance with PCI-DSS standards. We receive only a confirmation of payment status, subscription tier, and Stripe customer ID.

2.6 Automatically Collected Information — We automatically collect certain information when you visit our website, including browser type and version, device information, IP address (anonymized), pages visited and time spent, and referring website.

3. How We Use Your Information

We use the information we collect to:

Create and manage your account
Calculate your personalized CRI score
Store and display your saved results
Process subscription payments and manage billing
Provide comparative analytics and percentile rankings
Generate distribution charts and feedback
Facilitate anonymous peer review via the Personal Statement Swapper
Power features like Program Matcher and Live Analytics (Premium)
Improve our algorithms and services
Analyze aggregate trends and statistics
Monitor website performance and user experience
Prevent fraud and ensure website security

4. Data Storage and Security

Your account data and saved results are stored on secure servers managed by Supabase. Payment processing is handled by Stripe. Both services employ industry-standard encryption, access controls, and security practices.

We implement appropriate technical and organizational security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. All data transmitted between your browser and our servers is encrypted via HTTPS.

5. Third-Party Services

We use the following third-party services:

Supabase — Authentication, database, file storage for user accounts, saved results, and PS Swapper documents
Stripe — Payment processing for Premium subscriptions. Stripe's privacy policy governs their handling of your payment data.
Google Analytics — Anonymized website usage analytics. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to manage your authentication session, remember your preferences, and understand how visitors use our site via Google Analytics. You can control cookies through your browser settings, though disabling them may affect login functionality.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. Personal statements submitted via the PS Swapper are shared only with your matched reviewer and are not used for any other purpose. We may share anonymized, aggregated data for research and statistical purposes. We may disclose your information if required by law or to protect our rights and safety. Payment data is shared only with Stripe for the purpose of processing transactions.

8. Your Rights

Access the information we store about you via your Account Settings
Update your display name, profile picture, and email
Delete individual saved results from the Saved Results page
Manage your PS Swapper preferences and participation mode
Delete your entire account and all associated data from Account Settings
Cancel your Premium subscription at any time via the Stripe billing portal
Opt out of Google Analytics tracking
Request a copy of your data by contacting us

9. Data Retention

We retain your data as follows:

Account data: Retained until you delete your account
Saved results: Retained until you delete them or delete your account
PS Swapper files: Deleted when a submission is resolved or denied with no re-match; removed when you delete your account
Subscription records: Retained as required for billing and legal compliance
Analytics data: 26 months via Google Analytics (anonymized)
Server logs: 90 days

10. Children's Privacy

Our services are intended for individuals who are at least 18 years old or have parental consent. We do not knowingly collect information from children under 13.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at: criscore.org@gmail.com