1-to-1 Scholarships

Privacy Policy

Last updated: April 5, 2026

1. Introduction

This Privacy Policy describes how Dreams of School ("the Platform," "we," "us," or "our") collects, uses, stores, and protects your personal information. We are committed to protecting your privacy and handling your data responsibly.

By using the Platform, you consent to the collection and use of your information as described in this policy. If you do not agree with this policy, please do not use the Platform.

2. Information We Collect

Information You Provide

  • Account information: name, email address, password, role (student, sponsor, or institution)
  • Profile information: education history, work experience, skills, goals, bio, and profile photos
  • Demographic information: nationality, country of residence, gender, date of birth, religion, and ethnicity (see Section 3 for how we handle this sensitive data)
  • Financial information: sponsorship needs, support types requested (processed by Stripe — we do not store payment card details)
  • Documents: uploaded files such as transcripts, certificates, or identification documents
  • Messages: content of messages sent through the Platform's messaging system
  • Institutional data: institution name, type, location, and student roster information (for institution accounts)

Information Collected Automatically

  • Log data: IP address, browser type, operating system, referring URLs, and pages visited
  • Session data: authentication tokens and session identifiers stored in cookies (see Section 8)
  • Usage data: features used, search queries, and interactions with other users' profiles

3. Sensitive Personal Data

The Platform collects certain categories of sensitive personal data to facilitate accurate matching between students and sponsors. This includes:

  • Religion
  • Ethnicity
  • Nationality
  • Gender
  • Date of birth

Under data protection laws such as the EU General Data Protection Regulation (GDPR), some of this data is classified as "special category data." We process this data based on your explicit consent, which you provide during the registration process. You may withdraw consent for the processing of sensitive data at any time by contacting us, though this may limit the Platform's ability to match you with sponsors.

This data is used solely for profile display and sponsor-student matching. It is never used for advertising, sold to third parties, or processed for purposes beyond the Platform's core functionality.

4. How We Use Your Information

We use your information for the following purposes:

  • Operating the Platform: creating and managing your account, displaying your profile to other users, facilitating discovery and matching
  • Communication: enabling messaging between sponsors and students, sending you notifications about sponsorship activity, and contacting you about your account
  • Payments: processing sponsorship payments through Stripe, managing payouts to student connected accounts
  • Safety and security: detecting and preventing fraud, enforcing our Terms of Service, and protecting our users
  • Platform improvement: analyzing usage patterns to improve features and user experience
  • Legal compliance: fulfilling legal obligations, responding to legal requests, and protecting our rights

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

5. How We Share Your Information

With Other Users

Your profile information is visible to other registered users on the Platform, subject to your visibility settings. Sponsors can view student profiles; students can view sponsor profiles. Messages are visible only to the participants of a conversation. Administrators may review messages for safety and compliance.

With Third-Party Service Providers

We share data with the following service providers, who process it on our behalf under contractual obligations to protect your data:

  • Stripe — payment processing. When you make or receive payments, Stripe collects and processes your payment information under their own privacy policy. We share your name, email, and country with Stripe to create and manage payment accounts.
  • Amazon Web Services (AWS) S3 — file storage. Uploaded documents and profile photos are stored on AWS S3 servers.
  • Amazon Web Services (AWS) SES — email delivery. Your email address is shared with AWS SES to send transactional emails (notifications, password resets, sponsorship updates).

With Institutions

If your account was created by an educational institution, that institution may have access to your profile information and sponsorship status.

For Legal Reasons

We may disclose your information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Retention

We retain your data for as long as your account is active and for a reasonable period afterward. Specific retention periods:

  • Account and profile data: retained while your account is active. Deleted within 30 days of account deletion request.
  • Messages: retained while both participants' accounts are active. Deleted within 30 days of account deletion request.
  • Uploaded files (S3): deleted within 30 days of account deletion request.
  • Payment records: retained for 7 years after the transaction date, as required for tax and financial compliance.
  • Activity logs: retained for 12 months for security and auditing purposes.
  • Server logs: retained for 14 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • All data transmitted between your browser and the Platform is encrypted using TLS (HTTPS)
  • Passwords are hashed using bcrypt — we never store passwords in plain text
  • Sessions are encrypted and use secure, same-site cookies
  • Sensitive payment notifications are encrypted at the application level
  • Database access is restricted and protected by authentication
  • Regular security audits and vulnerability assessments are performed

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Cookies

The Platform uses only essential cookies required for the site to function:

  • Session cookie: maintains your login state as you navigate the Platform
  • CSRF token cookie: protects against cross-site request forgery attacks

We do not use advertising cookies, tracking cookies, or third-party analytics cookies. Because our cookies are strictly necessary for the Platform to function, consent is not required under GDPR or similar laws.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Correction: request that we correct inaccurate or incomplete data
  • Deletion: request that we delete your personal data (subject to legal retention requirements)
  • Data portability: request a copy of your data in a structured, machine-readable format
  • Withdraw consent: withdraw consent for processing of sensitive personal data at any time
  • Restriction: request that we restrict processing of your data in certain circumstances
  • Objection: object to processing of your data for certain purposes

To exercise any of these rights, contact us at support@1to1scholarships.com. We will respond to your request within 30 days.

For California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

For EU/EEA Residents (GDPR)

If you are located in the EU or EEA, our legal basis for processing your personal data is:

  • Contract performance: processing necessary to provide the Platform's services (account management, matching, messaging, payments)
  • Explicit consent: processing of sensitive personal data (religion, ethnicity, etc.) based on your explicit consent during registration
  • Legitimate interests: platform security, fraud prevention, and service improvement
  • Legal obligation: retention of payment records for tax compliance

You have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.

10. Children's Privacy

The Platform is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13 without appropriate consent, we will delete it promptly.

Students between 13 and 17 may only access the Platform through an institutional account. The educational institution is responsible for obtaining parental or guardian consent before registering students under 18. We rely on the institution's representation that appropriate consent has been obtained.

11. International Data Transfers

The Platform is hosted in the United States. If you access the Platform from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

By using the Platform, you consent to the transfer of your data to the United States. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy, regardless of where it is processed.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@1to1scholarships.com.