Privacy Policy

1. DEFINITIONS AND INTERPRETATION

1.1 Definitions

In this Privacy Policy, unless the context otherwise requires:

• "Company," "we," "our," or "us" refers to Miruvor LLC, a United States limited liability company;
• "Site" refers to the website located at medici.ac;
• "Service" refers to the Medici.ac platform and related services;
• "Personal Data" means any information relating to an identified or identifiable natural person;
• "Processing" means any operation performed on Personal Data;
• "You" or "User" refers to any individual accessing or using the Site.

2. CONTROLLER INFORMATION

Medici.ac is a peer-to-peer scholarship platform owned and operated by Miruvor LLC, a United States company. Until the full platform launches, the public website at medici.ac serves as an information page and email sign-up portal.

Data Controller Contact Information:

• Email: contact@medici.ac
• Entity: Miruvor LLC
• Jurisdiction: United States

3. CATEGORIES OF PERSONAL DATA COLLECTED

3.1 Information Collection Table

3.2 Data We Do NOT Collect

We explicitly do NOT collect or process:

• Financial information or payment data
• Government-issued identification numbers
• Health or medical information
• Biometric data
• Any other sensitive personal information as defined under applicable data protection laws

No financial transactions are currently processed through the Site.

4. COOKIES AND TRACKING TECHNOLOGIES

4.1 Use of Cookies

We employ standard web analytics services (including but not limited to Google Analytics, Plausible Analytics, or similar platforms) that utilize cookies and similar tracking technologies in your browser. These technologies serve the following functions:

• Monitor website traffic patterns and user navigation behavior
• Analyze site performance and identify areas for improvement
• Generate aggregated usage statistics

4.2 Anonymous Data Collection

Analytics cookies do NOT personally identify individual users. They focus exclusively on aggregated traffic patterns and behavioral analytics. Personal identification occurs only when you voluntarily submit information through our contact form.

4.3 Cookie Management

You retain full control over cookie settings and may clear, block, or disable cookies through your browser settings at any time. Please note that disabling cookies may affect certain website functionality.

5. LAWFUL BASIS AND PURPOSES OF PROCESSING

5.1 Essential Communications

We process your contact information to:

• Acknowledge and respond to your inquiry or interest submission
• Provide requested information regarding the upcoming platform launch
• Send direct, relevant updates about service availability

Important: We do NOT send promotional newsletters, marketing surveys, or unsolicited commercial communications.

5.2 Website Operations and Security

We process technical data to:

• Evaluate website traffic metrics and user engagement
• Debug technical issues and optimize site performance
• Detect, prevent, and respond to spam, abuse, or security threats
• Ensure system stability and availability

6. DATA SHARING AND DISCLOSURE

6.1 No Commercial Data Sales

We do NOT sell, rent, lease, or commercially trade your personal data to third parties under any circumstances.

6.2 Authorized Data Sharing

We may share your information only with the following parties under strict contractual protections:

6.2.1 Service Providers

Third-party vendors who provide essential services including:

• Cloud hosting and database management
• Email delivery and communication services
• Web analytics and performance monitoring platforms
• Technical support and maintenance services

6.2.2 Legal and Regulatory Authorities

When required by law or to protect legal rights, including:

• Compliance with valid legal process or court orders
• Response to lawful requests from law enforcement agencies
• Protection of our rights, property, or safety
• Defense against legal claims or investigations

6.2.3 Business Successors

In the event of a merger, acquisition, or asset sale, your data may be transferred to successor entities subject to the same privacy protections outlined in this Policy.

7. DATA STORAGE, SECURITY, AND INFRASTRUCTURE

7.1 Storage Infrastructure

All form submissions and user data are stored in Supabase, a United States-hosted, SOC 2 Type II compliant PostgreSQL database-as-a-service platform.

7.2 Security Measures

We implement industry-standard security protections including:

• Multi-factor authentication for all administrative access
• Encrypted data transmission (TLS/SSL)
• Access controls limited to authorized Miruvor LLC personnel only
• Regular security monitoring and updates
• Compliance with Supabase's comprehensive data protection policies

7.3 Data Processing Location

Primary data storage and processing occurs within the United States. Supabase's data protection and security policies apply to all stored information.

8. DATA RETENTION POLICY

8.1 Contact and Form Data

We retain contact information and form submissions for a maximum period of twenty-four (24) months following our last interaction with you, or until you withdraw consent, whichever occurs first.

8.2 Analytics and Usage Data

Aggregated, anonymized usage data may be retained beyond the 24-month period for legitimate business analytics purposes. Such data cannot be linked back to individual users.

8.3 Backup and Deletion Procedures

Upon deletion from active systems, all backup copies containing your personal data are permanently purged within thirty (30) days. Deletion is irreversible and complete.

9. YOUR PRIVACY RIGHTS

9.1 Applicable Rights

Depending on your jurisdiction and applicable data protection laws, you may exercise the following rights:

9.1.1 Access Rights

• Request access to personal information we hold about you
• Obtain copies of your data in a structured, commonly used format

9.1.2 Correction and Update Rights

• Correct inaccurate or incomplete personal information
• Update outdated contact or educational details

9.1.3 Deletion Rights (Right to be Forgotten)

• Request complete erasure of your personal data
• Immediate removal from all active systems and future communications

9.1.4 Processing Control Rights

• Restrict or object to certain types of processing
• Withdraw consent for future processing at any time
• Opt-out of non-essential communications

9.1.5 Data Portability Rights

• Receive your data in a machine-readable format
• Transfer data to another service provider where technically feasible

9.2 Exercising Your Rights

To exercise any of these rights, please contact us at: contact@medici.ac

We will respond to verified requests within the timeframes required by applicable law (typically 30 days for GDPR requests, 45 days for CCPA requests).

10. INTERNATIONAL DATA TRANSFERS

10.1 Cross-Border Processing

If you are located outside the United States, your personal information may be transferred to, stored, and processed in the United States, which may have different data protection laws than your jurisdiction.

10.2 Transfer Safeguards

We rely on the following legal mechanisms for international transfers:

• Your explicit consent provided when submitting information through our web form
• Standard contractual clauses with our service providers
• Adequacy decisions where applicable
• Derogations for specific situations as permitted under applicable law

11. CHILDREN'S PRIVACY PROTECTION

11.1 Age Restrictions

The Site is not directed to, intended for, or designed to attract children under the age of sixteen (16) years. We do not knowingly collect personal information from children under 16.

11.2 Parental Notice and Deletion

If we become aware that we have inadvertently collected personal information from a child under 16, we will take immediate steps to delete such information from our systems. Parents or guardians who believe their child has provided personal data should contact us immediately at contact@medici.ac.

12. POLICY UPDATES AND AMENDMENTS

12.1 Modification Authority

We reserve the right to update, modify, or amend this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations.

12.2 Notice of Changes

Material changes to this Policy will be communicated through:

• Updated "Effective Date" at the top of this document
• Prominent notice banner on the Site for significant modifications
• Direct email notification where legally required or practically feasible

12.3 Continued Use

Your continued use of the Site following the posting of changes constitutes acceptance of such changes. If you disagree with any modifications, please discontinue use and contact us to delete your information.

13. CONTACT INFORMATION AND COMPLAINTS

13.1 Primary Contact

For all privacy-related questions, concerns, or requests, please contact:

• Email: contact@medici.ac
• Response Time: We aim to respond within 5 business days
• Data Controller: Miruvor LLC

13.2 Regulatory Complaints

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority or supervisory body.

14. LEGAL COMPLIANCE AND GOVERNING LAW

14.1 Applicable Laws

This Privacy Policy and our data processing practices comply with applicable privacy and data protection laws, including but not limited to:

• General Data Protection Regulation (GDPR) - EU/EEA residents
• California Consumer Privacy Act (CCPA) - California residents
• Virginia Consumer Data Protection Act (VCDPA) - Virginia residents
• Other applicable state and federal privacy regulations

14.2 Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the United States and the state in which Miruvor LLC is organized, without regard to conflict of law principles.