Privacy Policy

This Privacy Policy describes how Mahadev Maitri Foundation ("we," "us," "our," or the "Foundation") collects, uses, and shares information when you visit the US Education Data Initiative at mahadevmaitri.org/us (the "Site").

The Foundation is a non-profit organisation incorporated in India (CIN: U85211HR2024NPL119316, NGO Darpan: HR/2024/0399439) operating the Site as a free public-interest resource. The Site provides publicly-sourced data on US K-12 schools and colleges derived entirely from US federal open datasets. We do not sell, rent, or broker personal data.

By using the Site you agree to the practices described in this Policy. If you do not agree, please discontinue use of the Site.

2.1 Information you provide directly

• Contact form submissions (name, email address, message) — transmitted via EmailJS to our team.
• Donation transactions processed through Razorpay (name, email, payment details) — we do not store payment card data; Razorpay handles PCI-DSS compliance.
• Student sponsorship enquiries submitted through our student forms — stored in our Supabase database.

2.2 Information collected automatically

• Server logs via Vercel (IP address, browser type, referring URL, pages visited, timestamp) — retained for up to 30 days for security and performance purposes.
• Anonymous usage analytics (pages visited, session duration, general geographic region) — see Section 5 for details.
• Browser local storage — we store your recent comparison history (school/college slugs only, no personal data) and your cookie consent preference locally in your browser. This data never leaves your device.

2.3 Information we do NOT collect

• We do not require account creation or login.
• We do not collect names, email addresses, or any personally identifiable information passively.
• We do not collect Social Security numbers, financial account numbers, or government ID numbers.
• We do not build individual user profiles or track users across other websites.

We use the information described above to:

• Operate and improve the Site and its data tools (school search, college comparison, state pages).
• Respond to contact form enquiries and support requests.
• Process donations and issue receipts where applicable.
• Monitor Site security and prevent abuse.
• Understand aggregate usage patterns to prioritise features.
• Comply with applicable legal obligations.

We do not use any information to make automated decisions that produce legal or similarly significant effects on individuals.

The Site uses the following third-party services. Each has its own privacy policy:

5.1 Google Analytics

We use Google Analytics to understand aggregate Site usage — pages visited, session duration, and general geographic region. We have enabled IP anonymisation. We do not use Google Analytics User-ID feature and do not link analytics data to personally identifiable information. Google Analytics is only loaded after you grant consent via our cookie banner.

5.2 Advertising

The Site may display advertisements served by Google Ads. We operate two ad modes:

• Personalised ads — only served to users who have given explicit consent via our cookie banner. Uses cookie identifiers to show relevant ads.
• Non-personalised / contextual ads — served to all users including those who decline consent. These use only page content (e.g. "this page is about college admissions in Texas") and no personal identifiers. They comply with Google's policies and do not require consent.

We do not use advertising data to build user profiles, retarget individuals across other websites (without consent), or infer sensitive characteristics.

5.3 Opting out

You may withdraw analytics and personalised ad consent at any time using the cookie preference link in the Site footer. You may also opt out of Google Analytics across all sites at tools.google.com/dlpage/gaoptout.

Cookies set by us: None. We do not set first-party cookies.

Cookies set by third parties (with consent only):

• Google Analytics (_ga, _ga_*) — analytics identifiers, 2-year expiry.
• Google Ads (IDE, 1P_JAR, etc.) — advertising identifiers, set only after consent.

Browser local storage (no consent required):

• us_compare_recent — stores the slugs (URL identifiers) of your last 5 school/college comparisons so the compare tool can show your history. Contains no personal data. Stored in your browser only, never transmitted to our servers.
• us_cookie_consent — stores your cookie consent choice (accepted/rejected) so we do not show the banner on every visit.

You can clear all local storage and cookies at any time through your browser settings.

The Site is an informational resource about educational institutions. It is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13.

The Site complies with the Children's Online Privacy Protection Act (COPPA). School and student outcome data displayed on the Site is aggregated and anonymised, sourced from public US federal datasets (NCES, EDFacts). No individual student records are stored or displayed.

If you believe we have inadvertently collected personal information from a child under 13, please contact us immediately at Director@MahadevMaitri.Org and we will delete such information promptly.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

• Right to know what personal information we collect, use, disclose, and sell.
• Right to delete personal information we have collected from you.
• Right to opt out of the sale or sharing of personal information.
• Right to correct inaccurate personal information.
• Right to non-discrimination for exercising these rights.

We do not sell or share personal information as defined by the CCPA/CPRA. The only personal data we hold about California residents who have not made a donation or submitted a contact form is server log data (IP address, browser, timestamp), which is retained for up to 30 days for security purposes only.

To exercise any of the above rights, contact us at Director@MahadevMaitri.Org. We will respond within 45 days.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or equivalent national legislation:

• Right of access — obtain a copy of personal data we hold about you.
• Right to rectification — correct inaccurate personal data.
• Right to erasure ("right to be forgotten").
• Right to restriction of processing.
• Right to data portability.
• Right to object to processing based on legitimate interests.
• Right to withdraw consent at any time (where processing is based on consent).

Our lawful bases for processing are: (a) consent — for analytics and personalised advertising; (b) legitimate interests — for security logging and fraud prevention; (c) contract — for processing donations.

The Site is hosted on Vercel infrastructure. Data may be processed in the United States. Vercel maintains Standard Contractual Clauses for EU–US data transfers. To exercise your GDPR rights, email Director@MahadevMaitri.Org. You also have the right to lodge a complaint with your local supervisory authority.

• Server logs (Vercel): up to 30 days.
• Contact form submissions: retained for up to 2 years for correspondence purposes, then deleted.
• Donation records: retained for 7 years as required by Indian financial regulations.
• Analytics data (Google Analytics): 14 months (Google default), then automatically deleted.
• Browser local storage: until you clear your browser data — we do not control this.

We implement appropriate technical and organisational measures to protect information against unauthorised access, alteration, disclosure, or destruction. These include:

• HTTPS encryption for all data in transit (TLS 1.2+).
• Supabase Row Level Security (RLS) — the public site has read-only access to pre-approved data tables only.
• No storage of payment card data — Razorpay handles all payment processing.
• Environment variables for all API keys — never exposed in client-side code.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

The Site contains links to external websites including US federal data sources (NCES, IPEDS, EDFacts, Opportunity Atlas) and college or school official websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies separately. Our inclusion of a link does not constitute an endorsement.

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide a more prominent notice. Your continued use of the Site after any change constitutes acceptance of the updated Policy.

For privacy-related enquiries, data subject requests, or concerns:

We aim to respond to all privacy enquiries within 30 days. For GDPR-related requests, we will respond within the legally required 30-day window (extendable to 90 days for complex requests).