The short version: we observe artifacts, never the people who use the systems we build. CLAVA collects data only when it is needed, explains why it is needed, and keeps the purpose bounded. If we do not need data, we should not collect it; if we no longer need it, we should delete it. CLAVA never processes applicant, learner, or student records, never sells or rents data to anyone, and builds the front door to be as private as it is accessible.
1. What this covers
This policy covers the public CLAVA website and the gated CLAVA workspace. It does not govern a client institution's own admissions platform or website — those are the client's, under the client's own privacy notice. CLAVA acts as a service provider / processor to the client under a written agreement.
2. What we collect — and what we deliberately don't
Our rule is data with a reason. If a field or artifact does not help us reply, deliver scoped work, protect a person, or maintain a trustworthy system, we should not collect it. When we do collect something, we explain the purpose in plain language and keep it tied to that purpose.
- The public site: if you email us (e.g., [email protected]) or use the interest form, we receive what you send. The public interest form routes to CLAVA's email inbox; the public site does not store form submissions, display third-party ads, use ad pixels, or use analytics cookies. Name and work email let a human reply; optional context helps us route the conversation; the safety acknowledgement reduces the risk of accidental confidential submissions. If Cloudflare Web Analytics is enabled, it is used for aggregate traffic and performance signals, not advertising or cross-site profiling. The carbon estimator runs entirely in your browser and sends nothing.
- The gated workspace: sign-in uses one-time-PIN email verification (via our hosting provider). We process the email address of an authorized person solely to grant access — not to profile them.
- Client work: we process the configuration, brand assets, and template / reusable content a client gives us to do the work. We never process applicant, learner, or student records — the content audit and tooling are scoped to templates and structure by construction, never to submitted applications, recommender letters, or decision records.
3. No surveillance of persons
Our releases carry integrity / version signals that identify the artifact (which authorized release a file is, and whether it's intact) — never the people who use or operate it. Any such signal carries no personal or behavioral data.
4. How we use it; who we share with
We use what we collect only to provide and improve the service and to communicate with you. We do not sell, rent, or trade personal data. We share data only with the infrastructure providers that host the service (e.g., our website host and access gateway), under their own terms, and only as needed to run it — plus where required by law.
5. Where it lives, retention, and deletion
Data is hosted with reputable cloud infrastructure. We keep it only as long as needed for the purpose it was collected or as a written agreement or law requires, then delete it. Client work is returned or destroyed on request at the end of an engagement. The right to be forgotten is an operating commitment: deletion should be easy to request, narrow exceptions should be explained, and retained records should have a reason.
6. Your choices and the right to be forgotten
You may ask what we hold about you, request a copy, correction, or deletion, or ask us to stop emailing you — write to [email protected]. We honor applicable privacy rights (e.g., access, correction, deletion) regardless of where you are. If a legal, security, or written client obligation requires us to keep a limited record, we will explain the reason and keep only what is necessary.
7. Children & equity
The public site is not directed at children. Because the systems we build are often a learner's first contact with an institution or program, we hold privacy to the same standard as accessibility: a right, designed in from the first pixel, never traded for convenience.
8. Changes & contact
We may update this policy; material changes will be posted here with a new version date. Questions or requests: [email protected].