Privacy Policy

CRAB University (CRABU) is a student portal built to make academic life easier — not to harvest your data. This policy explains clearly and honestly what we collect, why we collect it, and what we never do with it. We are a university student project, not a corporation. Your trust matters to us.

• Name & Email

  Collected when you sign up or log in via Google, Microsoft, GitHub, or email. Used to identify your account and display your profile.

• Profile Avatar

  Either your OAuth provider's photo, or a generated initial-based avatar via ui-avatars.com. Never uploaded or stored by us directly.

• Academic Data You Enter

  Grades, schedules, and CGPA inputs you manually provide inside the portal. Stored securely in your personal account only.

• Session Cookies

  HTTP-only cookies used to keep you logged in securely across pages. These are never readable by JavaScript and expire when you sign out.

• We never sell your data

  To anyone. Ever. Full stop.

• We never access your Gmail, Drive, or calendar

  OAuth is used only to confirm your identity and retrieve your name and email address.

• We never run ads

  CRABU has no ad network, no tracking pixels, and no third-party marketing integrations.

• We never share your data with third parties

  Your data is only used to power features you interact with inside the portal.

When you choose "Continue with Google" (or Microsoft / GitHub), you are redirected to that provider's secure login page. CRABU only requests access to your basic profile: name and email address. We do not request access to your emails, files, contacts, calendar, or any other services. The permission prompt you see is standard OAuth behaviour — it is Google/Microsoft/GitHub confirming your identity on our behalf, not us gaining broad access to your account.

All data is stored in Supabase, a PostgreSQL-based platform with enterprise-grade security. Your session is managed via HTTP-only secure cookies, meaning it cannot be accessed by browser scripts or extensions. Passwords (for email sign-ups) are hashed and never stored in plain text. We use Vercel for hosting, which provides HTTPS encryption on all connections.

The AI Mentor feature uses Retrieval-Augmented Generation (RAG) to answer academic questions. Conversations may be temporarily processed to generate responses but are not used to train AI models, are not shared with third parties, and are not permanently stored beyond your session unless you explicitly save them. The AI is powered by university handbook data — not your personal information.

• Access

  You can view all data associated with your account inside the portal at any time.

• Deletion

  You can request full account and data deletion by contacting us. We will process it within 7 days.

• Correction

  You can update your name and profile information from your dashboard.

• Portability

  You can request an export of your stored academic data at any time.

If you have any questions, concerns, or requests regarding your privacy, please reach out. CRABU is maintained by a student development team at BRAC University. We take all privacy concerns seriously and will respond promptly.