Privacy Policy

1. Overview

RateYourProf ("we", "us", "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

Email verification is optional — you can submit reviews without verifying your student status, though verified reviews may be given more weight in rating calculations and moderation.

Information you provide

• Reviews: Rating scores, written feedback, course information, and verification status
• Email verification (optional): Your academic email address (if you choose to verify student status for trusted reviews)
• Reports: Information you provide when reporting a review

Information collected automatically

• Browser fingerprint: A hash of browser characteristics used for duplicate detection and rate limiting (not linked to your identity)
• IP address: Used for rate limiting, fraud prevention, and approximate geolocation (country level)
• Usage data: Anonymous analytics including pages visited, time spent, and interactions

3. Third-Party Services

We use third-party services to operate the platform, including:

• Cloud Infrastructure: Database, hosting, and content delivery services
• AI Content Moderation: Review text is analyzed by AI services for policy violations (profanity, harassment, personal information). Text is sent temporarily for analysis but not stored by these providers.
• Analytics: Privacy-respecting analytics with no personal data tracking
• Bot Protection: CAPTCHA services to prevent automated abuse
• Email Delivery: SMTP providers for sending verification emails

Data Location: Your data is stored on secure cloud infrastructure in the United States. Database backups are encrypted and stored securely.

4. How We Use Your Information

• To display reviews and ratings on professor profiles
• To verify student status via academic email
• To prevent spam, fraud, and duplicate submissions
• To enforce our content moderation policies using automated AI screening
• To improve the Service and user experience through anonymous analytics
• To maintain platform security through rate limiting

5. Anonymity of Reviews

Student reviews are published anonymously. We do not display or share your email address, IP address, or any personally identifying information alongside your reviews. Verification badges indicate that a reviewer verified their student status but do not reveal their identity.

Important: We do not store your email address at all—not even as a hash. We only store your email domain (e.g., "myschool.edu") which is public information that identifies your institution. Your verification code is generated randomly, stored locally in your browser, and is not linked to your email address in our database.

6. Data Retention

• Reviews: Retained indefinitely while the Service operates
• Verification domains: Only your email domain (e.g., "myschool.edu") is stored, never your full email address or any hash of it
• Browser fingerprints: Stored as one-way hashes used for duplicate detection and rate limiting; cannot be used to identify you
• Server logs: IP addresses in logs are retained for up to 90 days

7. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only:

• When required by law or lawful government request
• To protect the rights, safety, or property of RateYourProf or its users
• With service providers who assist in operating the Service (hosting, email delivery, content moderation) under strict confidentiality agreements
• Review text is temporarily sent to AI moderation services for content analysis but is not stored by these providers

8. Cookies and Local Storage

We use browser local storage to save your verification code and user preferences. We use privacy-respecting analytics with no personally identifiable data or cross-site tracking. We use CAPTCHA services to prevent automated abuse, which may use cookies as described in their respective privacy policies.

9. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
• Rate Limiting: API endpoints are rate-limited to prevent abuse
• Input Validation: All user input is sanitized to prevent XSS and injection attacks
• Database Security: Managed database with automated backups and encryption at rest

While we implement strong security measures, no system is completely secure. We encourage users to report any security concerns to [email protected].

10. Your Rights

Under applicable privacy laws (GDPR, CCPA), you have certain rights regarding your personal data. However, our platform is designed for maximum anonymity, which limits our ability to identify and retrieve personal data.

What we actually store about verification:

• A random verification code (generated after email confirmation, stored in your browser)
• Your email domain only (e.g., "myschool.edu" — public institution identifier, not your email address)
• A verification status flag

What we cannot identify:

• Reviews are not linked to verification codes, email addresses, or any personal identifiers
• We cannot identify which reviews belong to you, even if you provide your verification code
• IP addresses are used for rate limiting but are not stored with reviews (retained in logs for up to 90 days)
• Browser fingerprints are one-way hashes used for duplicate detection and rate limiting (especially for users behind shared IP addresses like at universities)

If you provide your verification code, we can confirm we have a record with that code and your institution's domain, but we have no way to connect it to specific reviews or other personal information. You have the right to:

• Request confirmation of your verification record (if you provide your code)
• Request deletion of your verification record
• Object to processing of your personal data
• Opt out of analytics and non-essential data collection

Important: Deleting your verification record will not remove any reviews you submitted, as we have no way to identify which reviews belong to you. Reviews are permanently anonymous once submitted.

To exercise these rights, contact us at [email protected]. We will respond within 30 days as required by applicable law.

Note: Professors who are subjects of reviews may report factual errors or reviews that violate our policies by contacting us at [email protected].

11. Children's Privacy

The Service is intended for post-secondary students aged 16 and older. We do not knowingly collect personal information from children under 16.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by posting a notice on the Service. Continued use constitutes acceptance of the revised policy.

13. Contact

For privacy-related questions or requests, contact us at [email protected].