Privacy Policy

Who we are

MeritCanvas (“we,” “us,” or “our”) is an AI-assisted admissions strategy tool designed to help students preparing for BS/MD and pre-med programs. We are currently in a private pilot. If you have questions about this policy, contact us at [email protected].

What data we collect

• Account information: Name and email address provided when you sign in via Clerk (Google or email/password). We do not store passwords — authentication is handled entirely by Clerk.
• Academic profile: GPA, test scores, extracurricular activities, clinical experience hours, certifications, and other information you enter or upload (including resume PDFs). This is the core data the AI uses to generate advice.
• Essay content: Draft text you submit to the Essay Studio. Essays may describe personal and clinical experiences.
• Usage data: Pages visited, features used, and timestamps, collected automatically via server logs. We do not use third-party analytics trackers.

How we use your data

• To generate AI-powered admissions analysis, school matches, essay drafts, and task checklists personalized to your profile.
• To send transactional emails (account approval, notifications) via Resend. We do not send marketing emails.
• To maintain and improve the platform. We may review aggregate usage patterns; we do not review individual essay content for purposes other than generating your requested output.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

AI processing and third-party services

MeritCanvas sends portions of your profile and essay text to OpenAI's API to generate analysis and drafts. OpenAI processes this data under their own Privacy Policy. We use OpenAI's API terms, which prohibit using your data to train their models without consent.

We also use:

• Clerk — authentication and user management
• Resend — transactional email delivery
• Google Drive — encrypted database backups (not user-visible data)
• Brave Search API — web search used by the AI Coach feature

Data storage and security

Your data is stored in a PostgreSQL database hosted on a private server. Database backups are encrypted with AES-256 before being stored on Google Drive. We use HTTPS for all data in transit. Access to the database is restricted to authorized administrators.

We treat academic profile narratives and essay content as sensitive — we do not log raw narrative text in application logs.

Your rights

• Access: You can view all data you have entered at any time within the app.
• Deletion: To request deletion of your account and all associated data, email us at [email protected]. We will process requests within 30 days.
• Correction: You can edit your profile data directly in the app at any time.
• Data export: Available on request via email.

Minors

BS/MD applicants are often 17–18 years old. We do not knowingly collect data from children under 13. If you believe a child under 13 has provided us data, contact us and we will delete it promptly.

Changes to this policy

We may update this policy as the platform evolves. We will post the updated policy here with a new effective date. For significant changes, we will notify users via email.