← Back to home

Privacy Policy

Last updated: April 15, 2026

1. Information We Collect

When you create an account, we collect:

  • Email address (must be a @cornell.edu address) — used for account verification and login.
  • Name — used for display purposes.
  • Password — stored as a one-way bcrypt hash. We never store or see your plain-text password.

When you use the app, we store:

  • Your academic profile (major, year, college) to provide degree planning features.
  • Course reviews you submit, including your chosen display name, major, and year.

Your schedule, planned courses, and preferences are stored locally in your browser (localStorage) and are not transmitted to our servers.

2. How We Use Your Information

  • To authenticate you and maintain your session.
  • To send a one-time verification email when you create your account.
  • To display course reviews you choose to submit.

We do not sell, share, or rent your personal information to third parties. We do not use your data for advertising.

3. Third-Party Services

  • Neon (PostgreSQL) — stores account data and reviews. Data is encrypted at rest.
  • Resend — sends verification emails. Only your email address is shared with Resend for this purpose.
  • Vercel — hosts the application.
  • Cornell Classes API — we fetch public course catalog data. No personal information is sent to Cornell’s API.

4. Data Retention

Your account and associated data are retained as long as your account is active. You may request deletion of your account and all associated data by contacting us.

5. Security

We use industry-standard security measures including:

  • HTTPS encryption for all connections.
  • bcrypt password hashing with 12 rounds.
  • HttpOnly, Secure, SameSite session cookies.
  • Rate limiting on authentication endpoints.
  • Parameterized database queries to prevent SQL injection.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and data.
  • Export your data.

To exercise these rights, contact us at the email below.

7. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

8. Contact

For questions or requests regarding your data, contact us at nxtsem@cornell.edu.

NxtSem Cornell is not affiliated with Cornell University.