Privacy Policy
Macademia is a reverse-admissions marketplace: business schools discover and reach out to candidates. Protecting your personal data is core to how the product is built: EU-hosted, minimal by design, and never sold.
1. Who we are
Macademia (“we”, “us”) is the data controller for the personal data described in this policy. For questions about your data or to exercise your rights, contact privacy@macademia.app.
2. The data we collect
If you are a candidate (student)
- Account: email address and a securely hashed password (we never store your raw password).
- Profile: name, country of residence, region, and, as you choose to add them, your sector, employer, role, years of experience, education, languages, and admissions-test scores.
- Photo: only if you upload one, and only with your consent.
- Activity: the schools that express interest in you, your application stages, and messages exchanged through the platform.
If you are a recruiter (university)
- Your name, work email, role/title, and the institution you represent.
- Recruitment activity you carry out on the platform (notes, saved views, outreach, audit events).
3. Why we use it, and our lawful basis
| Purpose | Lawful basis (GDPR Art. 6) |
|---|---|
| Create and operate your account | Performance of a contract |
| Show your profile to relevant schools / show candidates to recruiters | Your consent (candidates); legitimate interests (recruiters) |
| Keep the service secure and prevent abuse | Legitimate interests |
| Comply with legal obligations | Legal obligation |
Where we rely on consent, you can withdraw it at any time (see section 7). This does not affect processing carried out before withdrawal.
4. Who can see your data
Your profile is shown to recruiters in an anonymised form by default; your identity is revealed to a school only when there is a genuine mutual interest in the recruitment process. We never sell your personal data and never share it for third-party advertising.
We use a small number of processors who handle data on our behalf under contract:
- Hosting & database: our cloud infrastructure provider, in the EU (Frankfurt, Germany).
- AI features (only when enabled): generated text such as drafted outreach may be produced via an AI provider under a data-processing agreement; we minimise what is sent and never send special-category data.
5. Where your data is stored
Your data is hosted in the European Union (Frankfurt, Germany). If any processing ever occurs outside the EEA, we ensure appropriate safeguards (such as EU Standard Contractual Clauses) are in place.
6. How long we keep it
We keep your account and profile data for as long as your account is active. If you delete your account, we erase or anonymise your personal data within 30 days, except where we must retain limited records to meet a legal obligation. Audit and security logs are kept for a limited period and then deleted.
7. Your rights
Under the GDPR you have the right to:
- Access: get a copy of the data we hold about you (Art. 15). The platform provides a machine-readable export.
- Rectify: correct inaccurate data (Art. 16); most fields are editable in your profile.
- Erase: delete your account and data (Art. 17).
- Portability: receive your data in a structured, common format (Art. 20).
- Object / restrict: object to or restrict certain processing (Arts. 18, 21).
- Withdraw consent at any time where processing is based on consent.
To exercise any right, email privacy@macademia.app. You also have the right to lodge a complaint with your local data-protection authority.
8. Cookies
We use a single essential cookie to keep you signed in (a secure, httpOnly session cookie). We do not use advertising, analytics, or third-party tracking cookies. Because the cookie is strictly necessary to provide the service, it does not require consent, but we tell you about it up front.
9. Security
We protect your data with measures including encrypted connections (HTTPS), hashed passwords, strict separation between institutions (tenant isolation), and security headers. No system is perfectly secure, but we work to keep your data safe and to notify you and the relevant authority if a breach ever affects you.
10. Children
Macademia is intended for prospective graduate and postgraduate applicants and is not directed at children under 16. We do not knowingly collect data from anyone under 16.
11. Changes to this policy
We may update this policy from time to time. We will post the new version here and update the “last updated” date; material changes will be communicated to you.
See also our Terms of Service.
