Privacy Policy

CAAT (College Application Assistance Tool) is a product operated under the brand Purpl Solutions, currently run as a sole trader by Violet Mynn Nwe in Sydney, Australia. References to "we", "us", and "our" in this policy mean Purpl Solutions.

This policy covers the CAAT website, web app, and any related services we run. It does not cover third-party sites we link to, even if they look connected.

For any privacy questions, you can reach us at contact@purpl.au. We respond within 30 days, the limit set by the Australian Privacy Principles.

We only collect what we need to run CAAT:

• Account information. Your email address, name, and a hashed password when you sign up. If you sign in with Google, we receive your email and name from Google.
• Profile information you choose to add. High school, graduation year, target colleges, intended majors, scholarships you bookmark, and resume content you build inside CAAT.
• Application data. The colleges you track, the status of each application, deadlines, notes you write, and essays you draft inside our editor.
• AI feature inputs. When you use ChatCAAT, AI Essay Review, or AI Resume Review, the text you submit is sent to our AI provider so it can generate a response. See "AI features" below for what happens to that text.
• Payment information (Pro subscribers only). If you upgrade to CAAT Pro, our payment processor (Stripe) handles your card details. We never see or store your full card number, only the metadata Stripe sends back.
• Usage and device data. Browser type, approximate location based on IP, pages you visit, and actions you take inside CAAT. We use this to understand which features are working and to fix bugs.
• Cookies. Small files in your browser that keep you signed in and remember basic preferences. We do not use third-party advertising or tracking cookies.

• To create your account and let you sign in.
• To deliver the features you use: tracking applications, drafting essays, building a resume, getting AI feedback, joining the CAAT Communities feed.
• To process payments and manage subscriptions for CAAT Pro users.
• To send you product emails (account confirmations, password resets, occasional updates). You can opt out of non-essential emails any time.
• To keep the service secure and detect abuse.
• To improve CAAT based on aggregated, non-identifying usage patterns.

CAAT's AI features (ChatCAAT, AI Essay Review, AI Resume Review) are powered by Anthropic's Claude API. When you submit a prompt or essay for AI feedback:

• The text is sent over an encrypted connection to Anthropic so Claude can generate a response.
• Anthropic does not use API customer data to train its models. This is part of their Commercial Terms.
• Anthropic temporarily retains API inputs and outputs for up to 30 days for safety and abuse-prevention purposes, then deletes them.
• We may also store the text inside your CAAT account so you can come back to it later. You can delete any saved essay, chat, or resume from within CAAT at any time.

If you do not want a particular essay processed by AI, simply do not submit it to an AI feature. Drafts you keep in your private workspace are not sent anywhere outside CAAT.

We share data only with the providers we need to run CAAT:

• Anthropic for AI features, as described above.
• Vercel for hosting and serving the CAAT website.
• Supabase for storing your account and application data.
• Stripe for processing CAAT Pro subscriptions.
• Our transactional email provider for sending account confirmations and password resets.

We do not sell your data, ever. We do not share it with advertisers or data brokers. If we ever need to share data with a new provider, we'll update this policy and tell existing users.

We may disclose information if legally required (court order, subpoena), or if we genuinely believe it is necessary to prevent serious harm.

We keep your account data while your account is active. If you delete your account, we delete the personal data associated with it within 30 days, except where we are legally required to keep certain records (for example, payment records for tax purposes). Anonymised analytics may be retained beyond that.

You can, at any time:

• Access the personal data we hold about you.
• Correct anything that is wrong.
• Export your data in a portable format.
• Delete your account and the data tied to it.
• Withdraw consent for non-essential processing.
• Lodge a complaint with the Office of the Australian Information Commissioner if you think we have mishandled your data.

Email contact@purpl.au and we'll handle it.

CAAT is built for high school students working on college applications, so most of our users are under 18. By signing up, you confirm you are at least 13 years old. If you are under 13, please do not create an account, and ask a parent or guardian to contact us if they want a CAAT account on your behalf.

We collect the minimum information needed to run the product. Parents or guardians who want to review or delete a minor's data can contact us at the email above.

CAAT is operated from Australia. If you access CAAT from outside Australia, your data may be processed in Australia, the United States (Anthropic, Vercel, Stripe), or wherever our service providers operate. We rely on the standard contractual clauses and the privacy commitments published by each of those providers.

If you are in the European Economic Area, the United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, or CCPA respectively. Email us and we will honour them.

We use industry-standard practices to protect your data: encryption in transit (HTTPS), encryption at rest on our database provider, hashed passwords, and access controls so only the people who need to look at production data can. No system is perfectly secure, but we will tell affected users promptly if something serious happens.

If we change this policy in a meaningful way, we'll update the "Last updated" date above and, for active users, send you a heads-up by email. Small wording fixes will not trigger a notification.

Questions, complaints, or data requests: contact@purpl.au.