Privacy Policy
We design Infinize with privacy, security, and governance at the core. This page explains what we collect, how we use it, how we protect it, and the choices you have.
At a glance
Key points about how we handle your data
Student & institutional data
Processed under institutional direction with role-based access and audit logs.
Security by default
Encryption in transit/at rest, SSO/MFA, RBAC, tenant isolation, and monitoring.
Compliance alignment
FERPA/GDPR practices with Data Processing Agreements (DPAs) available.
AI with governance
Transparent use, human-in-the-loop controls, and bias monitoring.
Your choices
Access, correction, deletion (where applicable), and cookie preferences.
Quick contacts
Scope & roles
For institutional deployments, your institution is typically the Data Controller and Infinize acts as a Data Processor/Service Provider. For our marketing site and outreach, Infinize is the Data Controller. Contract terms in your DPA prevail.
What data we collect and why
Platform & student success data (institutional)
- Identifiers: student IDs, institutional emails, program/major, advisor/role assignments
- Academic signals: enrollments, grades (where provided), prerequisites, schedules
- Engagement: LMS activity, nudges/alerts status, appointments, caseload tasks
- Career/transfer context (optional): skills, resume extracts, credit equivalencies
Operational & analytics data
- Logs/telemetry: API calls, job health, errors, performance
- Configuration: roles, permissions, feature flags
- Website forms: contact details, institution, interests
- Cookies (site usage): device/browser metadata
Sensitive categories (e.g., disability status) are processed only if directed by the institution and contractually permitted.
Legal bases for processing
Contractual necessity
To provide platform functionality to your institution
Legitimate interests
For security, fraud prevention, and product improvement (balanced with your rights)
Consent
For certain marketing or optional features (withdraw anytime)
Legal obligations
Where applicable (e.g., compliance, lawful requests)
How we use AI, with governance
Infinize employs AI to power features like early alerts, academic planning validation, major/career recommendations, transfer mapping, and productivity summaries. AI augments staff and faculty, it does not replace them.
Advisors and staff can review, accept, or override recommendations.
We show rationale and references where feasible and appropriate.
We monitor for disparate impact and support institutional reviews.
Customer data is not used to train foundation models unless contractually authorized.
Abuse prevention, rate limits, and content controls are enforced.
Cookies & similar technologies
We use necessary cookies for core functionality and optional analytics to improve the site. You can manage preferences at any time.
Types
Your choices
You can disable non-essential cookies via our preference tool or your browser settings.
Do Not Track: we honor applicable regional requirements and controls.
Data sharing & subprocessors
We do not sell personal data.
We share data only with trusted providers that help us deliver the service, under contract and subject to security and confidentiality obligations.
Common recipients
Your institution controls access
For institutional deployments, data flows are governed by the DPA and your institution's configuration (SSO/RBAC). Subprocessor lists are available upon request and we notify customers before material changes.
We may disclose data if required by law or to protect rights, safety, and integrity of services.
Security
Encryption
TLS in transit, AES-256 at rest; managed secrets
Identity & access
SSO/MFA, fine-grained RBAC, least privilege
Governance
Data classification, retention controls, audit logs
Isolation
Tenant separation and environment hardening
Monitoring
Vulnerability management, logging, and alerting
Continuity
Backups, disaster recovery plans, change management
Data retention & location
We retain personal data for as long as necessary to provide services or as required by our agreements and applicable laws. Retention periods are defined in institutional configurations and/or DPAs. Data residency options may be available.
Your privacy rights
Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. For institutional data, please contact your institution first; we will support them in fulfilling your request.
How to submit a request
We will respond within applicable timelines and coordinate with your institution as needed.
Automated decision-making
Infinize provides recommendations and scores to assist staff; final decisions remain with authorized humans. You may request information about logic and significance where required by law.
Children's privacy
We do not knowingly collect information from children under the age required by local law without appropriate authorization.
International data transfers
Where data is transferred across borders, we implement appropriate safeguards (e.g., Standard Contractual Clauses) and support institutional residency requirements where available.
Changes to this policy
We may update this policy to reflect changes in law, technology, or our services. We will post updates here and, when material, provide additional notice.
Questions or requests?
Contact us for privacy questions, security incidents, or data subject requests