Macademia ← Back to home

Privacy Policy

Last updated: 12 June 2026

Macademia is a reverse-admissions marketplace: business schools discover and reach out to candidates. Protecting your personal data is core to how the product is built: EU-hosted, minimal by design, and never sold.

This policy explains what we collect, why, how long we keep it, and the rights you have under the EU General Data Protection Regulation (GDPR). If anything here is unclear, contact us at privacy@macademia.app.

1. Who we are

Macademia (“we”, “us”) is the data controller for the personal data described in this policy. For questions about your data or to exercise your rights, contact privacy@macademia.app.

2. The data we collect

If you are a candidate (student)

We deliberately do not collect nationality, gender, age, ethnicity, religion, or other special-category data (GDPR Article 9). Matching and ranking are composition-based and never use these attributes.

If you are a recruiter (university)

3. Why we use it, and our lawful basis

PurposeLawful basis (GDPR Art. 6)
Create and operate your accountPerformance of a contract
Show your profile to relevant schools / show candidates to recruitersYour consent (candidates); legitimate interests (recruiters)
Keep the service secure and prevent abuseLegitimate interests
Comply with legal obligationsLegal obligation

Where we rely on consent, you can withdraw it at any time (see section 7). This does not affect processing carried out before withdrawal.

4. Who can see your data

Your profile is shown to recruiters in an anonymised form by default; your identity is revealed to a school only when there is a genuine mutual interest in the recruitment process. We never sell your personal data and never share it for third-party advertising.

We use a small number of processors who handle data on our behalf under contract:

5. Where your data is stored

Your data is hosted in the European Union (Frankfurt, Germany). If any processing ever occurs outside the EEA, we ensure appropriate safeguards (such as EU Standard Contractual Clauses) are in place.

6. How long we keep it

We keep your account and profile data for as long as your account is active. If you delete your account, we erase or anonymise your personal data within 30 days, except where we must retain limited records to meet a legal obligation. Audit and security logs are kept for a limited period and then deleted.

7. Your rights

Under the GDPR you have the right to:

To exercise any right, email privacy@macademia.app. You also have the right to lodge a complaint with your local data-protection authority.

8. Cookies

We use a single essential cookie to keep you signed in (a secure, httpOnly session cookie). We do not use advertising, analytics, or third-party tracking cookies. Because the cookie is strictly necessary to provide the service, it does not require consent, but we tell you about it up front.

9. Security

We protect your data with measures including encrypted connections (HTTPS), hashed passwords, strict separation between institutions (tenant isolation), and security headers. No system is perfectly secure, but we work to keep your data safe and to notify you and the relevant authority if a breach ever affects you.

10. Children

Macademia is intended for prospective graduate and postgraduate applicants and is not directed at children under 16. We do not knowingly collect data from anyone under 16.

11. Changes to this policy

We may update this policy from time to time. We will post the new version here and update the “last updated” date; material changes will be communicated to you.

See also our Terms of Service.