Privacy Policy

Last updated: 4 May 2026

1. Data We Collect

• You give us: first name, WhatsApp number (with country code), intake year, GPA, work experience (optional), budget, and target course. Email address is optional.
• We derive: scholarship match list, persona segments (e.g., late_planner), funnel stage, qualification flag.
• Tracking: page views, form submissions, WhatsApp / email delivery and replies, opt-out events. We capture hashed IP (one-way SHA-256), user agent, UTM parameters, Facebook click identifiers (fbp, fbc).
• We do NOT collect: date of birth, passport details, financial documents, academic transcripts, or any data we did not ask for.

2. Why We Use It

• Send you a personalised UK university shortlist by WhatsApp (and email, if you provided one).
• Run a 5-email + 3-WhatsApp nurture sequence with consent, with a one-tap unsubscribe in every message.
• Measure ad performance using Facebook Conversions API (server-side; PII is SHA-256 hashed before transmission).
• Comply with legal obligations and protect against fraud/abuse.

3. Retention

• If you opt out (reply STOP on WhatsApp, click the unsubscribe link, or email us): personal fields are purged within 48 hours. We retain only an anonymised opt-out marker so we don't accidentally contact you again.
• Active leads: kept for up to 2 years from last interaction, then deleted automatically.
• Backups: encrypted daily backups are kept for 30 days on Cloudflare R2 (UK/EU regions) and then deleted.

4. Who Sees Your Data

• Only authorised MentorFunnel counsellors with admin login can view decrypted personal fields, and every access is logged in our audit trail (with hashed IP).
• We use the following processors strictly to deliver the service: WhatsApp Business Cloud API / Twilio (messaging), SendGrid (email, optional), Cloudflare (hosting + CDN + R2 storage), Meta (advertising measurement, hashed PII only).
• We never sell or rent your data, and we never share it with universities or third-party agents without your explicit, written consent on a per-shortlist basis.

5. Your Rights

• Stop messages: reply STOP on WhatsApp, click Unsubscribe in any email, or visit /unsubscribe/<your-id>.
• Right to deletion: email privacy@mentorfunnel.example and we will purge within 48 hours and confirm in writing.
• Right of access / correction: request a copy of all data we hold about you, or ask us to correct it, by emailing the address above.
• Right to withdraw consent: applies even after submission. We will not send you anything further.

6. Security

• WhatsApp number and email are encrypted at rest with AES-256-GCM; lookup uses HMAC-SHA-256 (no plaintext stored anywhere).
• Admin dashboard requires password authentication, has rate-limited login (5 failures / 15 min lockout), and audit-logs every login and data purge.
• All traffic is TLS-only. Webhooks are signature-verified (HMAC-SHA-256 / HMAC-SHA-1).
• Form submissions are protected by Cloudflare Turnstile and per-IP rate limiting (3/hour).

7. Age

This service is for prospective students aged 18 or older. The form requires explicit age confirmation; we do not knowingly collect data from minors.

8. Changes

If we materially change this policy we will email all active subscribers at least 7 days before it takes effect, and the "Last updated" date above will change.

← Back to home · Terms of Service