Security & privacy
A parent-grade explanation of what chance-me.ai collects, where it lives, who can see it, and how to delete it. Written in plain English. No tracking pixels, no ad networks, no sale of applicant data.
Effective: April 29, 2026 · chance-me.ai
To run an assessment, you provide your academic profile: graduation year, intended college major, GPA, test scores (SAT/PSAT/ACT), course rigor, class rank, leadership and extracurricular signals, awards, and the colleges you want odds for. You can optionally provide your high school name and country, your state, and a short freeform description of yourself.
If you submit your email, we save it so we can email your results and (for paid tiers) send refund magic links after admissions decisions. Email is set once per assessment and never replaced.
If you choose to disclose hooks (first-generation status, recruited athlete, legacy schools), those values are stored only when you explicitly opt in.
chance-me.ai is built around a deliberate set of exclusions:
Your assessment data is stored in Supabase, on Postgres in the US-East region, with row-level security enforced so each assessment is only visible via its unique ID. We use Anthropic and OpenAI for the natural-language portions of the read (translating deterministic math into prose), SendGrid for email delivery, and (when paid tiers ship) Stripe for payments. No card data ever touches our servers.
We do not use Google Analytics, Meta Pixel, or any third-party advertising tracker on chance-me.ai.
Inside the company, only the engineering team has direct database access, and only for support, debugging, and calibration work. We don't sell, share, or transfer your data to third parties for marketing or any other commercial purpose. We don't have advertisers, affiliates, or data brokers in this product.
The third parties listed above (Supabase, Anthropic/OpenAI, SendGrid, Stripe) process data on our behalf as needed to operate the service. Each has their own security and privacy programs that we vet against our standards.
Free assessments are retained for 60 days from submission, then purged from active storage. Paid assessments (Profile Audit and Application Playbook) are retained for 4 years — the typical college admissions cycle plus buffer — so that the verified-outcome refund mechanism can complete after decision letters arrive.
If you'd like your data deleted before these timelines, see How to delete below.
Email our contact form with your assessment ID and a brief request. We'll delete the record from active storage within 7 business days and confirm via reply. We may retain a minimal log entry (timestamp + assessment ID) for audit purposes, with no profile content attached.
If you submitted with an email address, you can also request all assessments tied to that email — we'll delete them as a batch.
chance-me.ai uses a small amount of browser local storage to autosave your form progress (so closing the tab mid-form doesn't lose your work). We don't use third-party cookies for tracking or advertising. Full cookie disclosure here.
When a paid customer submits a verified admissions outcome (admit, waitlist, or reject) for the schools in their original assessment, we use that data point to improve the model's accuracy on the next applicant in the same segment. The verification flow uses a hashed magic-link token issued to your email — we never store the raw token, and we issue tokens only to emails matching paid assessments.
Verified outcomes are stored in aggregate calibration tables. Your name, address, and any personally identifying information are not part of the calibration data.
chance-me.ai is intended for high school students in the United States, generally 14 years and older. We do not knowingly collect data from anyone under 13. If you believe a child under 13 has submitted an assessment, please contact us and we'll remove the record.
For users under 18, we recommend submitting alongside a parent or counselor.
If we materially change how we collect, use, or store data, we will update this page and revise the effective date at the top. For substantial changes (new third-party processors, new data fields, retention timing changes), we'll also notify any user whose email is on file.
For privacy questions, deletion requests, or anything else: use our contact form. We aim to respond within 1–2 business days.
This document is intended to be readable. It is not a substitute for legal advice. If you need formal legal language for compliance documentation, please contact us.