Privacy Policy

1. Introduction

Welcome to Course Mapper ("we," "us," or "our"). We're committed to protecting your privacy and being transparent about how we collect and use data. This Privacy Policy explains what information we collect, how we use it, and your rights under privacy laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Canada's Anti-Spam Legislation (CASL).

Course Mapper is an educational tool that visualizes university course prerequisites and relationships. We're based in Ontario, Canada, and operated as a solo developer project.

2. Information We Collect

2.1 Automatically Collected Data

When you use Course Mapper, we automatically collect:

• Page views and navigation: Pages visited, time spent, courses explored
• Click tracking: Interactions with course nodes, ads, and UI elements
• Technical information: Browser type, device type, screen resolution, referring URL
• Anonymized IP address: We hash your IP address using SHA-256 encryption for privacy-conscious analytics. We cannot identify you from this hashed value.
• Location data: Approximate geographic location (city/region level) for showing relevant schools

2.2 Voluntarily Provided Data

You may choose to provide:

• Contact form submissions: Name, email, subject, message (when reporting issues or contacting us)
• Course flags: Reports about incorrect prerequisites or course information
• Advertiser inquiries: Business contact information if you express interest in advertising

2.3 Cookies and Similar Technologies

We use cookies and local storage for:

• Essential cookies: Session management, selected school preference, cookie consent preferences
• Analytics cookies: Google Analytics 4, Statsig (for feature usage and performance tracking)
• Advertising cookies: Google AdSense (if ads are displayed)

See our Cookie Notice for detailed information.

3. How We Use Your Information

We use collected data for:

• Service delivery: Displaying course visualizations, personalizing school selection
• Analytics and improvement: Understanding how users navigate the site, identifying popular courses and features
• Quality assurance: Reviewing flagged course data, fixing errors
• Communication: Responding to contact form submissions
• Advertising: Showing relevant ads, tracking ad performance (impressions, clicks)
• Compliance: Meeting legal obligations, preventing abuse

4. Third-Party Services

We use the following third-party services that may collect data:

5. Data Retention

• Analytics data: Retained for 365 days (1 year), then automatically deleted
• Ad impressions/clicks: Retained for 365 days for performance tracking
• Contact submissions: Retained until resolved, then archived or deleted upon request
• Course flags: Retained until reviewed and resolved

6. Your Privacy Rights

6.1 GDPR Rights (EU Users)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Opt out of analytics/advertising cookies at any time

6.2 CCPA Rights (California Users)

You have the right to:

• Know: What personal information we collect and how it's used
• Delete: Request deletion of your personal information
• Opt-out: Opt out of the "sale" of personal information (we do not sell data)
• Non-discrimination: Equal service regardless of privacy choices

6.3 How to Exercise Your Rights

To exercise any of these rights, contact us via our contact form. We'll respond within 30 days and may need to verify your identity to process your request.

7. Data Security

We take reasonable measures to protect your data:

• IP addresses are hashed using SHA-256 before storage
• HTTPS encryption for all data transmission
• Secure database storage with access controls
• Regular security audits and updates
• Minimal data collection (privacy by design)

However, no internet transmission is 100% secure. We cannot guarantee absolute security.

8. International Data Transfers

Course Mapper is hosted on servers that may be located in various countries. When you use our service, your data may be transferred to and processed in countries outside your own, including the United States. We ensure such transfers comply with applicable data protection laws and use appropriate safeguards (e.g., Standard Contractual Clauses).

9. Children's Privacy

Course Mapper is designed for university students (typically 18+). We do not knowingly collect data from children under 13. If you believe we've collected data from a child, please contact us via our contact form and we'll delete it promptly.

10. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Currently, we do not respond to DNT signals, but you can manage cookie preferences through our consent banner.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We'll post the updated policy with a new "Last updated" date. Significant changes will be communicated via a notice on our homepage.

12. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights:

13. Supervisory Authority

If you're in the EU/EEA and believe we've violated GDPR, you have the right to lodge a complaint with your local data protection authority. Canadian users can contact the Office of the Privacy Commissioner of Canada.