1. Introduction

This Privacy Policy describes how SelfStartGlobal (“we”, “us” or “our”), a sole proprietorship (Eenmanszaak) registered in the Netherlands with its business address at Kennemerplein 6, 2011MJ Haarlem, processes your personal data when you use the SelfStartGlobal mobile application (the “App”).
We are committed to protecting your privacy and ensuring the security of your personal data. This Policy explains what information we collect, how we use it, with whom we may share it, and what rights you have as a data subject.

We process your data in compliance with the applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), the Children’s Online Privacy Protection Act (“COPPA”), and other relevant legislation. By using the App, you consent to the practices described in this Privacy Policy.


2. Data Controller

SelfStartGlobal acts as the data controller in relation to the personal data processed through the App. Although we do not currently appoint a separate Data Protection Officer (DPO), all essential responsibilities related to data protection – including the safeguarding of your personal information, handling of data subject requests, and compliance with applicable data protection laws – are carried out internally by our team.

If you have any questions about this Privacy Policy or the way your personal data is processed, you may contact us at: hello@selfstartglobal.com.


3. Categories of Personal Data We Collect

In the course of providing our services through the App, we may collect and process the following categories of personal data, depending on the specific context of your interaction with us (e.g., registration, service delivery, use of chat features, customer support, etc.):

• Identification Data: This includes your full name, date of birth or age, gender (where provided voluntarily), nationality, and other data that may be used to identify you uniquely.
• Contact Data: We collect your email address (required for registration), city and country of residence, telephone number (if provided), IP address, and other contact-related information necessary for account communication and service delivery.
• Educational and Admission Data: this includes detailed academic history (such as previous schools/universities, degrees obtained, GPA, test scores), work experience, professional and academic achievements, extracurricular activities, honors and awards, and materials required for university application processes. These may include personal statements, statements of purpose, letters of recommendation, CVs, writing samples, application essays, and information about target universities, programs, countries, and application cycles.
• Account and Platform Usage Data: this refers to your login credentials (stored in hashed form), internal user ID, session history, communication records within the App’s chat functionality (including messages, files, voice notes, and other content shared), task tracking progress, platform navigation behavior, billing status (where applicable), and other usage-related metadata. Please note: All user communication (messages, files, voice notes, and media shared in chats) is transmitted and stored through our self-hosted Matrix homeserver. Please note that the chat system does not use end-to-end encryption, meaning content may be stored in readable form on our infrastructure.
• Technical and Device Data: we may collect technical information about the devices you use to access our App, such as device type and model, operating system and version, mobile network information, app version, device identifiers, screen resolution, time zone, language settings, browser type, and usage logs. We may also collect crash logs and diagnostic reports to improve performance and stability.
• Files and Media: users (including clients and their legal representatives) may voluntarily upload files containing personal data – for example, scanned documents, academic transcripts, passports or ID cards (for identity verification purposes), photographs, certificates, voice messages, or video introductions. These materials are processed solely to provide personalized consulting and application support services.
• Parental or Guardian Data (for minors): in cases where the user is a minor, we may collect the full name, relationship, and contact details (e.g., email address and/or telephone number) of a parent or legal guardian, as well as confirmation of consent for data processing and service use.
• Payment and Transaction Data (future functionality): we may process data such as payment history, transaction amount, currency, date and time of transaction, and payment method details, if any payments are made through the platform. Payment processing will be handled by third-party providers in accordance with applicable payment security standards (e.g., PCI DSS).
• Communications and Support Data: if you contact our support team, we may collect the content of your messages, metadata (e.g., timestamps, attachments), and any follow-up interactions, for the purposes of resolving issues and improving our services.
• Analytics and Tracking Data: through the use of cookies and analytics tools (e.g., Google Analytics, Firebase, and similar SDKs), we may collect data related to how you interact with the App – including session length, pages visited, features used, navigation paths, frequency of use, referring URLs, and general engagement statistics. This data is used in aggregated or pseudonymized form to analyze trends and improve service functionality.
• Other Information Voluntarily Provided: you may also choose to provide us with other categories of personal information during your use of the App, such as preferences, survey responses, feedback, or information related to your educational goals, personal values, or career ambitions. Where relevant, we will process such data in accordance with this Privacy Policy and applicable laws.

Please note that the above list is intended to be comprehensive but not exhaustive. Depending on how the App and our services evolve, we may collect and process additional types of data that are reasonably necessary to fulfill the purposes described in this Privacy Policy. In such cases, we will update this Policy and inform users of any material changes in accordance with Section 14 below.


4. Special Considerations for Minors

We recognize the importance of protecting the personal data of minors, especially in the context of educational services.

Our App and services are intended primarily for users aged 16 years and older. However, we may work with students as young as 13, subject to appropriate parental or legal guardian involvement. Access to and use of our services by individuals under the age of 18 requires the informed consent of a parent or legal guardian. We take appropriate steps to verify such consent in accordance with applicable laws.
For users under the age of 16 who reside in the European Economic Area (EEA), we require the consent of a holder of parental responsibility, as required under the GDPR (Article 8). Similarly, for users under the age of 13, we comply with the U.S. Children’s Online Privacy Protection Act (COPPA) by not knowingly collecting personal data unless we have received verifiable parental consent.

We may collect the contact details of a parent or legal guardian in order to:

• Obtain consent for registration and data processing;
• Keep parents informed about their child’s progress and use of the platform;
• Provide support or resolve issues involving minor users;
• Comply with legal obligations concerning minors.

Parents and legal guardians have the right to:

• Review the personal data we hold about their child;
• Request that we update, correct, or delete such data;
• Withdraw consent for data processing at any time.

Requests of this nature can be made by contacting us at hello@selfstartglobal.com. We may take steps to verify the identity of the requester before fulfilling such requests. If we become aware that we have collected personal data from a child under the applicable minimum age without proper consent, we will promptly delete such data from our records.


5. Legal Bases for Processing

We process your personal data in accordance with the General Data Protection Regulation (GDPR), relying on the following legal bases depending on the context and nature of the processing:

• Consent (Article 6(1)(a) GDPR): Where required, we obtain your freely given, specific, informed, and unambiguous consent before processing your data – for example, when you agree to receive marketing communications, participate in optional surveys, or use features such as uploading additional profile materials. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Performance of a contract (Article 6(1)(b) GDPR): Most of the data processing we carry out is necessary to perform our contractual obligations to you – such as providing consulting services, maintaining your user account, tracking your admission progress, and enabling communication with your assigned consultant via the App’s chat functionality.
• Compliance with legal obligations (Article 6(1)(c) GDPR): In certain cases, we may need to process your data to comply with applicable laws and regulations – for instance, to respond to law enforcement requests, maintain tax records, or fulfill obligations related to minors’ data protection under EU and U.S. law.
• Legitimate interests (Article 6(1)(f) GDPR): We may process your personal data when it is necessary for our legitimate business interests – such as improving the functionality and security of our App, analyzing aggregated usage data, preventing fraud or abuse, and ensuring an effective user experience – provided that such interests are not overridden by your fundamental rights and freedoms. Where appropriate, we conduct a legitimate interest assessment (LIA) to ensure balance.
• Our legitimate interest (Article 6(1)(f) GDPR) in maintaining the integrity, performance, and security of the messaging system, including monitoring for abuse or technical failures.

6. How We Use Your Information

We use the personal data we collect for a variety of purposes, each of which is grounded in one or more lawful bases under data protection law. These purposes include:

• To provide access to and maintain the App’s core features. We process your data to create and manage your user account, authenticate your login credentials, enable the use of our secure chat functionality, and support your interactions with SelfStartGlobal consultants. This includes maintaining your communication history and enabling file exchange between users and consultants.
• To deliver and manage our educational consulting services. Your data is used to track your progress in the university application process, store application-related documents, manage your application targets, and support your consultants in providing personalized advice and documentation preparation.
• To personalize your experience and tailor content. We may use your data (e.g., academic background, preferences, goals) to recommend relevant services, suggest next steps in the admission process, and tailor our communications to your situation.
• To process payments and manage billing (for future features). If you purchase services through the App in the future, we will process the necessary payment and transaction data to complete the order, issue invoices, and manage subscriptions. Payment data will be processed by third-party providers under secure conditions.
• To communicate with you. We use your contact information to send you essential updates related to your account and services, including confirmations, reminders, policy updates, and support responses. We may also send optional surveys or requests for feedback (where legally permitted or with consent).
• To provide customer support and resolve issues. We retain communications with you (including chat records and support tickets) in order to resolve complaints, answer questions, or improve user satisfaction. These records may also be reviewed to ensure quality of service.
• To improve and secure the App. We analyze usage patterns and collect technical data to detect errors, monitor performance, and protect the App from security breaches, fraud, abuse, or unauthorized access. This includes use of diagnostic and analytical tools (such as Firebase) to evaluate App functionality.
• To comply with legal obligations. We may process your data to comply with tax, accounting, or consumer protection laws, fulfill reporting requirements, respond to lawful requests from public authorities, or comply with child protection rules applicable to minors.
• To enforce our rights and defend against legal claims. Where necessary, we may use your data to investigate violations of our Terms of Use or applicable laws, to protect our legal interests, or to respond to legal proceedings or regulatory inquiries.
• To deliver real-time messaging through our own infrastructure. We operate our own Matrix homeserver to provide chat functionality. Your messages, media, and communication metadata are processed and stored on our servers. Since we do not use end-to-end encryption, the content is accessible in readable form to authorized system administrators solely for technical, operational, or legal compliance purposes.
• Any other purpose for which you have provided your explicit consent. If we intend to use your data for any purpose not covered above, we will provide clear information at the time of collection and seek your prior explicit consent where required.

7. Sharing of Information

We treat your personal data with care and confidentiality. However, in certain situations, we may share your data with third parties as outlined below:

• With service providers and processors. We engage trusted third-party vendors who assist us in operating and maintaining the App. These may include providers of cloud hosting services, analytics platforms (such as Firebase and Google Analytics), technical support tools, communication systems, and data storage solutions. These providers act on our behalf and are contractually bound by data processing agreements to protect your data and only use it in accordance with our instructions.
• With educational institutions or third-party organizations. At your explicit request and with your prior consent, we may share relevant data (e.g., application documents or recommendations) with universities, scholarship foundations, or educational platforms in connection with your admission process.
• With parents or legal guardians (for minors). If the user is under the age of 18, we may share progress-related information, account activity, or other relevant data with the parent or legal guardian associated with the account – particularly where such disclosure is necessary to fulfill our contractual obligations, ensure legal compliance, or respond to a guardian’s data subject request.
• With government or regulatory authorities. We may disclose your information if required to do so by law or in response to valid legal processes (e.g., subpoenas, court orders, or official investigations). This includes cases involving fraud prevention, child protection, or compliance with applicable data protection or tax laws.
• In connection with a business transfer. If SelfStartGlobal undergoes a merger, acquisition, reorganization, or asset sale, your personal data may be transferred as part of that transaction – provided that the recipient commits to respecting the terms of this Privacy Policy.

Messages and media shared in chats ARE NOT transmitted through third-party messaging providers. All communication is processed through our self-hosted Matrix homeserver, which we operate and maintain directly. We do not share message content with any external entities unless required by law.

We DO NOT sell, rent, or exchange your personal data with third parties for marketing or commercial purposes.

Where data is transferred outside of the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses or other lawful transfer mechanisms recognized under GDPR.


8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described above or as required by law. If you delete your account or withdraw consent, we will delete or anonymize your data unless retention is legally mandated.


9. International Data Transfers

All personal data, including chat messages, is stored and processed within the European Economic Area (EEA), on servers we directly control and operate. We may transfer your data to third countries outside the EU/EEA. In such cases, we ensure adequate safeguards (e.g., Standard Contractual Clauses or adequacy decisions).


10. Your Rights
We respect your rights as a data subject and are committed to providing transparent control over your personal data. Depending on your location and applicable law, you may exercise the following rights:

If you are located in the European Economic Area (EEA) or are otherwise subject to the GDPR, you have the right to:

• Access your data: Request confirmation as to whether we process your personal data and, if so, obtain a copy of that data along with information about how and why it is processed.
• Rectify inaccurate or incomplete data: Ask us to correct or complete personal data that you believe is incorrect or incomplete.
• Request erasure (“right to be forgotten”): Request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent and no other legal basis applies, or if processing was unlawful.
• Restrict processing: Request a temporary or permanent halt to processing some or all of your personal data, for example while a dispute about its accuracy or use is being resolved.
• Object to processing: Object to the processing of your personal data when such processing is based on our legitimate interests (including profiling), unless we demonstrate compelling legitimate grounds to continue.
• Data portability: Receive a structured, commonly used, and machine-readable copy of your personal data, and request that we transfer such data to another controller, where technically feasible and legally required.
• Withdraw consent: If we rely on your consent to process your data, you may withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to:

• Know what personal information we collect, use, disclose, or sell: You may request detailed information about the categories of data collected, the purposes for collection, and the categories of third parties to whom your data may be disclosed.
• Access your personal information: You may request a copy of specific pieces of personal information we hold about you.
• Request deletion of your personal information: Similar to the GDPR, you may ask us to delete personal data we hold about you, subject to certain exceptions (e.g., legal obligations or ongoing services).
• Opt out of the sale of personal information: While we do not sell your personal data as defined under the CCPA, you retain the right to formally opt out of such practices if they were to occur.
• Non-discrimination: You have the right not to be discriminated against for exercising your CCPA rights – for example, we will not deny services, charge different prices, or offer different levels of service if you submit a privacy request.

To exercise any of the above rights, please contact us at hello@selfstartglobal.com. We may ask you to verify your identity before processing your request. If your request concerns a minor’s data, we may also require verification of your legal authority as a parent or guardian.

We will respond to all legitimate requests in accordance with applicable legal timelines – typically within one month under the GDPR and 45 days under the CCPA, with possible extensions where legally permitted.


11. Data Security

We use administrative, technical, and physical safeguards to protect your data. These include encryption, access controls, and regular security audits.

We maintain and operate our own secure infrastructure for messaging. Access to chat content stored on our Matrix homeserver is restricted to a minimal number of authorized personnel and governed by internal data access policies. Although end-to-end encryption is not used, we implement robust network and system-level safeguards, such as encrypted transport (TLS), access logging, and regular security updates.


12. Analytics and Tracking Technologies

We use cookies and analytics tools (e.g., Google Analytics, Firebase) to understand usage patterns and improve our services. You can manage your cookie preferences in your device or browser settings.


13. Third-Party Services

Our App may link to or integrate third-party services. This Privacy Policy does not apply to those services, and we are not responsible for their practices.


14. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available in the App and on our website.


15. Contact Us

If you have questions or complaints about this Privacy Policy, please contact us at hello@selfstartglobal.com

This Privacy Policy is intended to comply with Apple App Store requirements and relevant global data protection laws including GDPR, CCPA, and COPPA.