Overview
CRAB University (CRABU) is a student portal built to make academic life easier โ not to harvest your data. This policy explains clearly and honestly what we collect, why we collect it, and what we never do with it. We are a university student project, not a corporation. Your trust matters to us.
What We Collect
Name & Email
Collected when you sign up or log in via Google, Microsoft, GitHub, or email. Used to identify your account and display your profile.
Profile Avatar
Either your OAuth provider's photo, or a generated initial-based avatar via ui-avatars.com. Never uploaded or stored by us directly.
Academic Data You Enter
Grades, schedules, and CGPA inputs you manually provide inside the portal. Stored securely in your personal account only.
Session Cookies
HTTP-only cookies used to keep you logged in securely across pages. These are never readable by JavaScript and expire when you sign out.
What We Never Do
We never sell your data
To anyone. Ever. Full stop.
We never access your Gmail, Drive, or calendar
OAuth is used only to confirm your identity and retrieve your name and email address.
We never run ads
CRABU has no ad network, no tracking pixels, and no third-party marketing integrations.
We never share your data with third parties
Your data is only used to power features you interact with inside the portal.
Google, Microsoft & GitHub Sign-In
When you choose "Continue with Google" (or Microsoft / GitHub), you are redirected to that provider's secure login page. CRABU only requests access to your basic profile: name and email address. We do not request access to your emails, files, contacts, calendar, or any other services. The permission prompt you see is standard OAuth behaviour โ it is Google/Microsoft/GitHub confirming your identity on our behalf, not us gaining broad access to your account.
Data Storage & Security
All data is stored in Supabase, a PostgreSQL-based platform with enterprise-grade security. Your session is managed via HTTP-only secure cookies, meaning it cannot be accessed by browser scripts or extensions. Passwords (for email sign-ups) are hashed and never stored in plain text. We use Vercel for hosting, which provides HTTPS encryption on all connections.
AI Mentor Conversations
The AI Mentor feature uses Retrieval-Augmented Generation (RAG) to answer academic questions. Conversations may be temporarily processed to generate responses but are not used to train AI models, are not shared with third parties, and are not permanently stored beyond your session unless you explicitly save them. The AI is powered by university handbook data โ not your personal information.
Your Rights
Access
You can view all data associated with your account inside the portal at any time.
Deletion
You can request full account and data deletion by contacting us. We will process it within 7 days.
Correction
You can update your name and profile information from your dashboard.
Portability
You can request an export of your stored academic data at any time.
Contact
If you have any questions, concerns, or requests regarding your privacy, please reach out. CRABU is maintained by a student development team at BRAC University. We take all privacy concerns seriously and will respond promptly.
Questions? Email the CRABU dev team or open an issue on GitHub. We're students too โ we get it.
Back to Home