Transparency you can trust
Our policies in plain language — privacy, terms, cookies, refunds, and your data rights under GDPR and international regulations.
Educational Hub ("we," "us," "our") is committed to protecting the personal data of our users. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
1. Data We Collect
We collect personal data that you provide directly through our forms and services:
- Identity data: Full name, date of birth, nationality, passport/ID number
- Contact data: Email address, phone number, postal address
- Academic data: Transcripts, diplomas, certificates, GPA, test scores (IELTS, TOEFL, GRE, GMAT)
- Financial data: Household income range (for scholarship eligibility), payment card details (processed by our payment provider — never stored on our servers)
- Application data: Statement of purpose, reference letters, CV/resume, portfolio materials
- Uploaded documents: Scanned passport, bank statements, sponsorship letters, medical records where required
- Communication data: Messages sent through our contact forms, consultation notes, chat history
- Technical data: IP address, browser type, device information, pages visited, time on site (collected via cookies)
2. Why We Collect Your Data
Your personal data is used for the following purposes:
- Processing and managing your study-abroad applications
- Matching you with suitable universities, programs, and scholarships
- Communicating with you about application status, deadlines, and opportunities
- Providing consultation and advisory services
- Processing payments for our services
- Sending newsletters and updates (only with your explicit consent)
- Improving our services through analytics and feedback
- Complying with legal obligations
3. Legal Basis for Processing (GDPR)
For visitors from the EU/EEA and other jurisdictions with similar data protection laws, we process your personal data under the following legal bases:
- Consent (Art. 6(1)(a) GDPR): Newsletter subscriptions, marketing communications, non-essential cookies. You may withdraw consent at any time.
- Contract (Art. 6(1)(b) GDPR): Processing necessary to perform our consultancy services — application management, document handling, university matching.
- Legitimate interest (Art. 6(1)(f) GDPR): Site security, fraud prevention, service improvement through analytics, and maintaining business records.
- Legal obligation (Art. 6(1)(c) GDPR): Tax records, anti-money-laundering compliance, responding to lawful data access requests from authorities.
4. Data Retention
We retain your personal data for the following periods:
- Active applicants: Data is retained for the duration of your application process plus 3 years after completion or last activity.
- Successful placements: Records retained for 5 years post-enrollment for follow-up support and alumni services.
- Financial records: Retained for 7 years as required by Georgian tax law.
- Newsletter subscribers: Until you unsubscribe or 2 years of inactivity.
- Website analytics: Aggregated data retained indefinitely; individual session data deleted after 26 months.
After the retention period, data is securely deleted or anonymized. You may request earlier deletion (see Your Rights below).
5. Third-Party Data Sharing
We may share your personal data with:
- Partner universities and institutions: To process your application — only data necessary for admission consideration is shared, with your consent.
- Payment processors: Stripe/bank payment gateways for secure transaction processing. They are independent data controllers — see their privacy policies.
- Email service providers: For transactional emails and newsletters (currently: Resend/SendGrid).
- Cloud hosting: Our infrastructure providers (Vercel, database hosting) process data on our behalf under data processing agreements.
- Government authorities: Only when required by law (e.g., visa-related inquiries from embassies with your knowledge).
We never sell your personal data to third parties.
6. International Data Transfers
Since we serve international students and work with universities globally, your data may be transferred to and processed in countries outside your country of residence, including countries outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries with an EU adequacy decision
- Your explicit consent for transfers necessary to perform our contract with you (e.g., sending application data to a university in your chosen country)
7. Your Rights
Under GDPR and applicable data protection laws, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure ("Right to be Forgotten"): Request deletion of your data where there is no compelling reason to continue processing
- Data portability: Receive your data in a structured, machine-readable format (JSON/CSV)
- Restriction: Request that we limit how we use your data
- Objection: Object to processing based on legitimate interest
- Withdraw consent: Withdraw any previously given consent at any time without affecting prior processing
To exercise any of these rights, email privacy@educationhub.ge with the subject line "Data Rights Request." We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority.
8. Children's Data
Some of our applicants may be under 18 years of age (e.g., students applying for foundation or undergraduate programs). For applicants under 16, we require verifiable parental or guardian consent before processing personal data. For applicants aged 16–17, we process data based on their own consent but strongly encourage parental involvement. Parents or guardians may contact us at any time to review, correct, or request deletion of their child's data.
9. Data Security
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS 1.3), encryption at rest for sensitive documents, access controls, regular security audits, and staff training on data protection.
Version 2.0 — Effective 11 July 2026. Previous versions available on request via legal@educationhub.ge.