Clelia

Legal

Privacy Policy

Effective date: April 3, 2026

Clelia (“we”, “us”, “our”) operates app.withclelia.com and www.withclelia.com. This policy explains what personal information we collect, why we collect it, and how we protect it. We are committed to compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation.

By creating an account on Clelia you consent to the collection and use of your information as described in this policy.

1. Information we collect

When you complete the intake form we collect the following profile information:

  • Province or territory of study
  • Enrollment status (full-time, part-time, co-op, distance)
  • Type of institution (university, college, vocational, indigenous institute)
  • Year of enrollment
  • Whether you are a dependent student
  • Immigration or residency status
  • Housing situation
  • Household income range
  • Any support programs you currently receive (optional, free text)

When you upload documents we collect the file contents and metadata (file name, type, size, upload date). Documents are stored in a secure cloud vault.

We also collect standard server logs (IP address, browser type, pages visited) for security and performance monitoring. These are not linked to your profile.

2. Why we collect it

We use your profile information exclusively to:

  • Match you against Canadian student financial support programs (grants, loans, bursaries, emergency aid) using a rules-based eligibility engine
  • Generate a personalised task queue so you know exactly what to do next
  • Send deadline reminders and renewal notifications relevant to programs you have applied to
  • Improve program coverage and rule accuracy over time

Every match recommendation is traceable to a specific eligibility rule verified against official program documentation. We never use AI to decide eligibility — the rules engine is the authoritative source.

3. How your information is stored and protected

Your account is managed by Clerk (clerk.com), a third-party authentication provider. Clerk handles password hashing, multi-factor authentication, and session management. Clelia does not store your password.

Your profile data is stored in a PostgreSQL database hosted on Supabase, with access restricted to the Clelia API server. Uploaded documents are stored in Cloudflare R2 object storage; all download links are time-limited signed URLs valid for 15 minutes.

All data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorised Clelia team members and is protected by multi-factor authentication.

4. Sharing and disclosure

We do not sell your personal information. We do not share your profile data with third parties for marketing purposes.

We may disclose your information only in the following limited circumstances:

  • To our infrastructure sub-processors (Clerk, Supabase, Cloudflare, Railway) as necessary to operate the service, each bound by their own privacy commitments
  • If required by law, court order, or regulatory authority
  • To protect the safety, rights, or property of Clelia or our users

If you arrived at Clelia through a partner referral link (e.g. your school or student union), we record that a sign-up occurred through that channel. We do not share your individual profile with the referring partner — only aggregate funnel statistics (clicks, sign-ups, applications started).

5. Retention

Your profile and application history are retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it longer.

Anonymised, aggregated statistics (e.g. how many students matched a given program) are not considered personal information and may be retained indefinitely.

6. Your rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate information via the intake form at any time
  • Request deletion of your data by contacting us or deleting your account
  • Withdraw consent (this will prevent us from providing the service)
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC)

7. Cookies and tracking

We use session cookies required for authentication (managed by Clerk). We may set a clelia_ref cookie if you arrive through a partner referral link; this cookie expires after 30 days and is used only to attribute your sign-up to the correct partner. We do not use advertising or third-party tracking cookies.

8. Changes to this policy

We will post any material changes to this page with an updated effective date. Continued use of the service after changes are posted constitutes acceptance of the updated policy.

9. Contact us

Questions or requests regarding this policy should be directed to:

Privacy Officer, Clelia
privacy@withclelia.com

← Back to Clelia·Terms of Service