Privacy Policy
Last updated: July 1, 2026
Collegium (“we,” “us”) is an AI study assistant that connects to your own Canvas account to help you keep track of and work on your coursework. This page explains, plainly, what we collect, how we store it, how we use it, and how you control it.
What we collect
- Account information. Your email address and authentication credentials, used to sign you in.
- Course data from your own Canvas session. After you explicitly consent in-product, our browser extension reads data visible in your own logged-in Canvas session — courses, assignments and due dates, syllabi, pages, and files (extracted as text) — and sends it to our servers. We never ask for or store your Canvas password; the extension only reads what your own browser session can already see.
- Profile memory you provide. Anything you tell Collegium about your voice, learning style, or preferences, so it can better tailor its help to you.
- Usage and billing records. Basic product-usage metadata (e.g. which features you use) and subscription/billing status. Payments are processed by Stripe — we never see or store your card number.
How it’s stored
Your data lives in Supabase (a hosted Postgres database), encrypted at rest, and isolated per user with row-level security (RLS) — meaning the database itself enforces that your data is only ever readable in the context of your own account. Course documents are stored as extracted text, and as searchable embeddings (numeric representations used for search) scoped to your account only.
To be precise about what we are not claiming: this is not client-side-only storage (your data is stored on our servers, not only in your browser), and it is not end-to-end encrypted (we can access it server-side to power the product, and to provide support if you ask us to). We do not claim to be “FERPA-compliant” as a certification — we take FERPA’s spirit seriously in how we handle educational records (consent gates, encryption, deletion), but that is a design commitment, not a formal compliance claim.
How we use it
Your course data and profile memory exist for one purpose: to power your own assistant — retrieving the right context and feeding it to an AI model so it can actually help with your specific courses, deadlines, and materials, instead of generic answers.
- When you chat or generate work with Collegium, relevant pieces of your course data are sent transiently to our AI providers (chat models routed through OpenRouter, and Voyage AI for the embeddings that power search) to generate a response to your request. This data is not retained by us for any purpose beyond serving that request, and none of your data is used by us to train AI models — we route AI requests only to model providers that don’t retain or train on your data.
- We do not sell your data. We do not run ads.
Your control
- Consent first. We never scrape or store your Canvas data before you explicitly consent in-product.
- Revocable anytime. You can revoke consent at any time, which stops future syncs. Previously stored data is not automatically deleted by revoking consent alone — use full deletion (below) to remove it.
- Full deletion, anytime. From Settings, you can permanently and immediately delete your account and all associated data. This cascades to your course data, embeddings, chats, and profile memory — it is not a soft delete.
Third parties we use
- Supabase — database (Postgres), authentication, and file storage.
- Vercel — application hosting.
- Stripe — payment processing (we never see your card details).
- OpenRouter and the model providers it routes to — AI inference for chat and generated work.
- Voyage AI — embeddings that power search/retrieval over your course materials.
Changes to this policy
If we make material changes to this policy, we will update the “Last updated” date above and, where appropriate, notify you in-product.
Contact
Questions about this policy or your data? Email operations.team.co@gmail.com (interim contact).