Privacy policy

Scaffolding is an editorial AI tool that critiques college applications. It is operated as a solo project; there is no parent company, holding company, or third-party controller behind it. References to “we”, “us”, and “Scaffolding” mean the same single operator.

We collect three categories of data:

• Account data — email, password hash, age bracket, the consents you granted at signup, login timestamps.
• Application data you upload — essays, activities, transcripts, supplementals, the schools you target. We need these to run the committee.
• Operational telemetry — error reports (via Sentry, scrubbed of PII before send), aggregate latency and cost stats, audit-log rows of every privileged data access we perform internally.

• To run the committee of agents that produce your First Read and revisions.
• To serve the workspace UI and keep your draft history.
• To bill you (via Stripe) and remember your subscription state.
• To send you operational email (report-ready notices, payment receipts).
• To detect product regressions (anomaly detection, eval gates) using anonymized statistics — never your raw essay text.

We do not sell your data. We do not show targeted advertising. We do not build an advertising profile of you.

We use the following processors. Each receives only the data necessary for its function. We have data-processing agreements where vendors offer them.

• Supabase — our database and auth provider. Stores account, application, and consent data with row-level security.
• Vercel — application hosting and edge runtime.
• Inngest — background job runner for committee orchestration and retention sweeps.
• Anthropic and OpenAI — large language model providers. Your essay text passes through these providers when an agent runs. Both vendors contractually do not train on API traffic by default.
• Stripe — payment processing.
• Resend — transactional email.
• Upstash Redis — rate-limit counters and short-lived caches.
• Sentry — error monitoring with PII scrubbing applied before send.
• Plausible — privacy-respecting site analytics (no cookies, no cross-site tracking).

At signup we ask, separately from the Terms of Service, whether you want to donate your essays to a research corpus if you are not admitted. The default answer is no. If you opt in, we keep an anonymized copy of your essays for up to one year after your application cycle and then de-identify them via the algorithm in lib/essay/deidentify.ts (names, schools, and city/state pairs are replaced with placeholders before the row is moved to the corpus). Originals are hard-deleted. You can revoke this consent at any time from /account/consent.

Four U.S. states give extra data protections to people under 18. Scaffolding extends these protections to every under-18 user regardless of where they live:

• California Student Online Personal Information Protection Act (SB-1177)
• Illinois Student Online Personal Protection Act (SOPPA)
• Texas SB-820
• New York Education Law §2-d

For under-18 users, we promise:

• We do not sell your data or let anyone else sell it.
• We do not show you targeted advertising or build an advertising profile of you.
• We do not share your data with third parties except the processors listed above, each of which has a contractual obligation to use the data only for the function we named.
• You can request a copy of your data or ask us to delete it at any time.

• Account data — retained while your account is active. After deletion, the account row is soft-deleted for 30 days (so accidental clicks are reversible) and then hard-deleted by the daily retention cron.
• Essays and supplementals — retained while your account is active. If you opted into the corpus, essays older than one year are de-identified into the research corpus and the originals are hard-deleted; if you did not opt in, essays are deleted on account deletion.
• Audit log (records of our internal privileged access) — retained for two years, then hard-deleted by the daily retention cron.
• Agent output logs — retained for the duration required to investigate quality regressions (typically 90 days), then hard-deleted.

• Access. You can export everything we hold about you from /account/data.
• Deletion. You can delete your account from /account. Deletion is hard-deleted after a 30-day grace window.
• Consent revocation. You can revoke any consent you granted at signup from /account/consent. Revoked consents stop applying immediately; future processing of your data respects the revocation.
• Correction. Email support@scaffolding.app and we will fix factual errors in your account record.

Scaffolding uses first-party cookies for authentication only. We do not use advertising cookies, retargeting pixels, or cross-site trackers. Plausible analytics is cookieless by design.

Material changes to this policy bump the consent version on the affected categories, which means we ask you to re-consent before continuing to use the product. Minor wording fixes do not bump the version.

Email privacy@scaffolding.app for any privacy question. For accessibility issues, email support@scaffolding.app.