Legal

Privacy Policy

Effective date: 1 January 2025  ·  Last updated: April 2025

1. Introduction

Deans Insight ("we", "us", or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains what information we collect when you use the Deans Insight platform and website (collectively, the "Service"), how we use it, and what rights you have in relation to it.

We designed Deans Insight for higher education professionals who value discretion. We operate a minimal-footprint approach to data: we collect only what is necessary to provide the Service and do not sell your personal information to any third party, ever.

In plain terms: We collect your institutional email to authenticate you. We use privacy-respecting analytics that do not identify you personally. We do not sell your data or share it with advertisers.

2. Information We Collect

2.1 Information you provide directly

When you request access to the Service, you provide:

  • Email address — your institutional email address, used solely for authentication via a secure magic-link system.
  • Institutional affiliation — inferred from your email domain; used to verify eligibility and personalise your experience.
  • Professional profile data — where you voluntarily connect a professional network profile (such as LinkedIn), we may collect publicly available information including your name, job title, institution, and career history. This is used solely to enrich your dashboard and contextualise insights.

We do not collect payment or financial information, phone numbers, or other personally identifying information beyond the above unless you voluntarily share them through written correspondence with us.

2.2 Information collected automatically

When you use the Service, we may automatically collect:

  • Usage data — which pages or features you access, timestamps, and session duration. This data is collected via Umami Analytics (see Section 5) in an anonymised, aggregated form.
  • Technical data — browser type, operating system, and general geographic region (country level), derived from your IP address. Your IP address is not stored.
  • Authentication tokens — short-lived session tokens stored in your browser to maintain your authenticated session. These expire automatically.

2.3 Information we do not collect

We do not collect, store, or process:

  • Payment or financial information (billing is handled outside the platform);
  • Precise geographic location;
  • Sensitive personal data such as health, ethnicity, religion, or political views;
  • Social media profile data — unless you voluntarily connect a profile (e.g. LinkedIn) as part of an onboarding or enrichment flow.

3. How We Use Your Information

We use the information we collect solely to:

  • Provide and maintain the Service — authenticate your identity and grant access to your institutional dashboard;
  • Communicate with you — send you authentication links, service updates, and important notices related to your account;
  • Improve the Service — understand how features are used in aggregate to prioritise development;
  • Ensure security — detect, investigate, and prevent unauthorised access, fraud, or abuse;
  • Comply with legal obligations — respond to lawful requests from regulatory authorities where required.

We do not use your information for advertising, profiling for commercial purposes, or automated decision-making that produces legal or similarly significant effects.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar data protection laws, our legal bases for processing your personal data are:

  • Performance of a contract — processing your email address to authenticate you and provide the Service you have requested;
  • Legitimate interests — using aggregated, anonymised analytics to improve the Service, provided those interests do not override your rights;
  • Legal obligation — retaining records as required by applicable law.

5. Analytics

We use an open-source, privacy-first analytics solution specifically designed to be compliant with GDPR, CCPA, and similar regulations.

Key characteristics of our analytics implementation:

  • No personally identifiable information is collected or stored;
  • No cookies are set by the analytics script;
  • IP addresses are not stored;
  • No cross-site tracking occurs;
  • Data is not shared with any advertising network or third party.

Because our analytics collect no personal data in the GDPR sense, no cookie consent banner is required for analytics purposes. You may block the analytics script using a standard ad-blocker or script-blocking browser extension without affecting the functionality of the Service.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following limited circumstances:

  • Service providers — we work with a small number of trusted sub-processors (such as our authentication infrastructure provider and cloud hosting services) who process data on our behalf under strict contractual data protection obligations. A current list is available on request.
  • Legal requirements — we may disclose your information if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of Deans Insight, its users, or the public.
  • Business transfers — if Deans Insight is acquired, merged, or undergoes a restructuring, your information may be transferred as part of that transaction. We will notify you in advance and your rights under this Policy will continue to apply.

7. Data Retention

We retain your email address and account data for as long as your account remains active or as otherwise necessary to provide the Service. If you request deletion of your account, we will remove your personal information within 30 days, except where retention is required by law or for the resolution of disputes.

Anonymised, aggregated analytics data (which cannot be used to identify you) may be retained indefinitely for product development purposes.

8. Your Privacy Rights

Depending on your location, you may have the following rights with respect to your personal data:

Right What it means
Access Request a copy of the personal data we hold about you.
Rectification Ask us to correct inaccurate or incomplete data.
Erasure Request deletion of your personal data ("right to be forgotten").
Restriction Ask us to restrict processing of your data in certain circumstances.
Portability Receive your data in a structured, commonly-used, machine-readable format.
Objection Object to processing based on legitimate interests.
Withdraw consent Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, please contact us at dpo@deansinsight.com. We will respond within 30 days. We do not charge a fee for reasonable requests. If you believe we have not addressed your concern adequately, you have the right to lodge a complaint with your national data protection authority.

9. Cookies

We use a minimal number of cookies strictly necessary to operate the Service:

  • Authentication session cookie — a short-lived, secure, HttpOnly cookie used to maintain your authenticated session. This cookie is deleted when you log out or when your session expires.

We do not use advertising cookies, tracking pixels, third-party analytics cookies, or persistent cookies for profiling purposes. Because our analytics tool (Umami) is cookieless, no consent banner is required for analytics.

10. Data Security

We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These include:

  • Encrypted data transmission (TLS/HTTPS) for all communications;
  • Secure, token-based authentication (magic-link; no passwords stored);
  • Access controls limiting internal access to personal data on a need-to-know basis;
  • Regular security reviews of our infrastructure.

No method of electronic transmission or storage is 100% secure. We encourage you to use a secure, private network when accessing the Service and to notify us immediately if you suspect any unauthorised use of your account.

11. International Data Transfers

The Service is hosted on infrastructure that may be located outside your country of residence. If you are in the EEA or UK and your data is transferred to a country that does not provide an equivalent level of protection, we rely on appropriate safeguards — such as Standard Contractual Clauses (SCCs) approved by the European Commission — to ensure your data remains protected.

12. Children's Privacy

The Service is not directed at anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected such information, we will delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. We encourage you to review this Policy periodically.

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please reach out to us:

Deans Insight
Email: dpo@deansinsight.com

We aim to respond to all privacy-related enquiries within 30 days.