This Privacy Policy (the "Policy") explains how ApplyAZ Inc. ("ApplyAZ," "we," "us," or "our") collects, uses, stores, shares, and protects Personal Information when you visit, access, or use our websites (including www.applyaz.com, go.applyaz.com, italy.applyaz.com, and any other ApplyAZ-owned or operated domains and subdomains), dashboards, eligibility assessments, forms, communication channels, mobile interfaces, and any related technology services (collectively, the "Platform").

By accessing or using the Platform in any way, including browsing, creating an account, completing forms, uploading documents, communicating with us through any channel, or clicking any link, button, or call-to-action that references this Policy, you acknowledge that you have read, understood, and agree to this Policy in its entirety. If you do not agree with any part of this Policy, you must immediately discontinue all use of the Platform.

1. Who We Are and How to Contact Us

Legal Entity: ApplyAZ Inc.

Corporation Number: 1659714-9

Jurisdiction of Incorporation: Canada (Federal)

Registered Address: 290 Adelaide Street West, Toronto, ON M5V 0P3, Canada

General Inquiries: team@applyaz.com

Privacy Officer: Email team@applyaz.com with subject line "Privacy Request."

We will acknowledge your inquiry promptly and respond within a commercially reasonable timeframe, and in all cases within any period required by applicable law.

2. Nature of ApplyAZ Services

ApplyAZ operates exclusively as an online technology platform and information facilitation service. We provide digital tools and coordination services designed to help users organize, prepare, and transmit information to independent third-party institutions and service providers. We are not, and do not hold ourselves out as, an educational institution, university, college, school, visa agency, immigration consultancy, housing provider, landlord, travel agent, tour operator, insurance provider, financial advisor, legal advisor, medical advisor, employment agency, or any other regulated professional service provider.

Our facilitation services may include, without limitation: helping users organize application documents, preparing checklists and reminders, populating forms based on user-provided information, coordinating the transmission of materials to third parties on your behalf, providing informational guidance about general application processes, and communicating status updates. These activities are strictly administrative and coordinative in nature and do not constitute professional advice of any kind.

All substantive services — including but not limited to education, academic instruction, admissions decisions, degree conferral, accommodation, housing, transportation, visa processing, immigration determinations, insurance underwriting, medical services, tour operation, scholarship adjudication, financial aid determinations, and employment services — are provided exclusively by independent third-party institutions and providers under their own terms, conditions, licenses, and liability frameworks. ApplyAZ exercises no control over and assumes no responsibility for any decisions, actions, omissions, quality, safety, legality, availability, or outcomes associated with any third-party service.

3. Scope of This Policy

This Policy applies to all Personal Information we process when you:

• Visit any of our websites, subdomains, or landing pages, including pages hosted on third-party platforms that display ApplyAZ branding
• Use our dashboards, portals, or any interactive features of the Platform
• Submit eligibility information, application details, or any other data through any channel
• Create an account or user profile
• Upload documents, files, images, or any other content
• Communicate with us through email, WhatsApp, phone, SMS, video call, in-dashboard messaging, social media, or any other channel
• Make payments or authorize transactions through our payment providers
• Interact with our social media accounts, advertisements, or marketing communications
• Attend webinars, events, or informational sessions organized or promoted by ApplyAZ

Payment Information: We do not store full credit card numbers, CVV codes, or complete banking credentials. Payment processing is handled entirely by independent third-party payment processors (such as Stripe, Razorpay, or others) under their own terms and privacy policies. We receive only transaction confirmations, payment status, reference numbers, amounts, currencies, and timestamps.

Third-Party Communication Platforms: If you communicate with us through platforms such as WhatsApp, Instagram, Facebook, Telegram, LinkedIn, or any other third-party service, those platforms process your information under their own privacy policies and terms. We have no control over and accept no responsibility for their data practices.

4. What Information We Collect

A) Information You Provide Directly

• Identity Information: Full legal name, date of birth, gender, nationality, citizenship, passport details (number, expiry, issuing country), government-issued identification numbers, photographs
• Contact Information: Email address, phone number, mailing address, city, state/province, postal code, country of residence
• Academic and Professional Information: Transcripts, diplomas, certificates, standardized test scores, language proficiency results, curriculum vitae, statements of purpose, letters of recommendation, work history, professional qualifications, research publications
• Application-Related Information: Preferred programs, intake periods, university preferences, geographic preferences, budget information, scholarship interest, housing preferences, visa requirements, travel dates
• Financial Information: Family income information (where required for scholarship applications), bank statements (where voluntarily provided for visa support documentation), scholarship amounts, fee payment records
• Communications: Messages, emails, files, voice recordings, video recordings, meeting notes, support requests, feedback, and any other content exchanged through our communication channels
• Consent Records: Records of your acceptance of our Terms of Service, Privacy Policy, cookie preferences, marketing opt-ins, and other consent events, including timestamps and method of consent

B) Information Collected Automatically

Device and Technical Information: IP address, device type, device identifiers, operating system, browser type and version, screen resolution, language preferences

Usage Information: Pages viewed, features used, clickstream data, timestamps, session duration, referral sources, search queries within the Platform

Cookies and Similar Technologies: Information collected through cookies, web beacons, pixels, local storage, and similar technologies (see Section 13 for details)

Log Data: Server logs recording access times, error reports, and system activity

C) Information from Third Parties

• Partner Institutions: Application status updates, admission decisions, enrollment confirmations, and similar communications from universities, colleges, and other partner institutions
• Payment Processors: Transaction confirmations, payment status, and dispute information from payment service providers
• Analytics Providers: Aggregated and de-identified usage data from analytics services

D) Sensitive Documents and Special Categories

Some documents you upload may contain sensitive or special category information, including passport pages, visa documents, national identification numbers, medical records, religious affiliation, ethnic origin, or disability information. You control what you upload. You must not upload information that is not reasonably required for the services you have requested. You are solely responsible for the content you provide, and you represent that you have the legal right to share all information you submit.

5. How We Use Your Information

A) Platform Operation and Service Delivery

• Create, maintain, and manage your account
• Facilitate information organization, document preparation, and submission coordination
• Provide tracking, status updates, checklists, reminders, and dashboard functionality
• Process and coordinate workflows you initiate through the Platform
• Enable communication between you and our support team

B) Facilitation Services

• Review documents for completeness, formatting, and apparent consistency
• Prepare checklists, reminders, and document requirement summaries
• Populate application forms and prepare draft submissions based on information you provide
• Coordinate transmission of your information and documents to third-party institutions and service providers as part of workflows you initiate
• Provide general informational guidance about application processes and timelines

C) Communications and Marketing

• Send service messages, reminders, deadline alerts, and status updates necessary for your active services
• Respond to your support requests and inquiries
• Send personalized program recommendations, educational resources, event invitations, and promotional content where you have provided consent or where permitted by applicable law
• Conduct surveys and request feedback to improve our services

D) Safety, Security, and Fraud Prevention

• Prevent, detect, and investigate fraud, abuse, unauthorized access, and security threats
• Secure accounts, systems, and infrastructure
• Enforce Platform rules and investigate suspicious or prohibited activity
• Protect against fraudulent transactions and chargebacks

E) Analytics, Research, and Improvement

• Troubleshoot issues and measure Platform performance
• Analyze usage patterns to improve user experience and features
• Develop, test, and improve services, tools, and support processes
• Conduct internal research and reporting

F) Legal, Compliance, and Corporate Purposes

• Comply with applicable laws, regulations, legal processes, and governmental requests
• Maintain accounting, tax, and corporate records
• Handle disputes, claims, and legal proceedings
• Facilitate corporate transactions (mergers, acquisitions, financings, restructurings)

We do not sell your Personal Information. We do not use your Personal Information for automated decision-making that produces legal effects concerning you without human oversight, except where expressly permitted by applicable law and disclosed to you.

6. Legal Basis for Processing

We process Personal Information on the following legal bases:

• Contractual Necessity: To perform our obligations under our Terms of Service and to provide the facilitation services you request
• Consent: Where required by applicable law, including for certain marketing communications and non-essential cookies. Where you provide consent, you may withdraw it at any time by contacting us, without affecting the lawfulness of processing carried out before withdrawal
• Legitimate Interests: To operate, maintain, secure, and improve the Platform, to prevent fraud and abuse, and to communicate with you about your active services. We balance our legitimate interests against your rights and freedoms
• Legal Obligation: To comply with tax, accounting, anti-money laundering, and other legal and regulatory requirements

Where consent is the legal basis, it is provided through affirmative actions such as: clicking consent buttons, checking acknowledgment boxes, submitting forms that reference this Policy, proceeding past consent notices, enabling optional technologies, or continuing to use the Platform after being presented with this Policy.

7. How We Share Your Information

A) Your Authorization

By creating an account, submitting forms, uploading documents, selecting programs, confirming workflow steps, making payments, or taking any action on the Platform that initiates a service workflow, you expressly authorize ApplyAZ to process and transmit your information to relevant third-party institutions and service providers as reasonably necessary to fulfill the workflows you initiate.

If you do not want certain information to be transmitted to a particular third party, you must notify us in writing at team@applyaz.com before the relevant submission occurs. Once information has been transmitted, we cannot recall or control it.

B) Third-Party Institutions (Independent Data Controllers)

IMPORTANT THIRD-PARTY DATA DISCLAIMER

When your information is transmitted to universities, colleges, educational institutions, housing providers, landlords, property managers, tour operators, scholarship bodies, grant-awarding organizations, visa authorities, immigration offices, government agencies, embassies, consulates, financial institutions, insurance providers, examination bodies, or any other third parties, those recipients process your information as independent data controllers under their own privacy policies, terms of service, and legal obligations. They are not agents, subcontractors, or affiliates of ApplyAZ.

• ApplyAZ has no control over and assumes no responsibility for:
• How third parties process, store, use, disclose, or protect your information
• Third-party data security practices, standards, or certifications
• Third-party compliance with any privacy, data protection, or other laws
• Third-party data breach incidents, unauthorized access, or security failures
• Third-party retention, deletion, or archival practices
• Third-party use of your information for their own independent purposes
• Any decisions made by third parties based on your information

You must review each third party's privacy policy before authorizing the transmission of your information. By proceeding with a service request that involves transmission of your information to a third party, you acknowledge and accept that the third party's data practices are governed solely by their own policies, and that ApplyAZ bears no liability for any third-party data handling, privacy violations, data breaches, or other data-related incidents.

C) Service Providers (Data Processors)

We engage third-party vendors to help us operate the Platform, including providers of cloud hosting, data storage, database management, email delivery, SMS and messaging services, analytics, security monitoring, customer support tools, payment processing, and marketing automation. We use contractual measures designed to require these service providers to protect your Personal Information and to process it only as directed by us.

D) Legal and Regulatory Disclosures

We may disclose your information where we reasonably believe disclosure is required to: comply with applicable law, regulation, legal process, or enforceable governmental request; enforce our Terms of Service or other agreements; protect the rights, property, safety, or security of ApplyAZ, our users, or the public; detect, prevent, or address fraud, security, or technical issues; or respond to an emergency involving danger of death or serious physical injury.

E) Corporate Transactions

If ApplyAZ is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, dissolution, or sale of assets, your Personal Information may be transferred to a successor entity as part of that transaction. We will use reasonable efforts to ensure any successor is bound by privacy commitments substantially similar to those in this Policy.

F) Aggregated and De-Identified Data

We may create, use, and share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. Such data is not Personal Information under this Policy.

8. International Data Processing and Transfers

ApplyAZ operates internationally and uses infrastructure, service providers, and partner institutions located in multiple jurisdictions, including but not limited to Canada, India, Italy, other European Union and European Economic Area member states, the United States, and other countries. Your Personal Information may be processed and stored in any of these jurisdictions.

Processing locations may change at any time based on provider architecture, operational needs, and the jurisdictions involved in your specific service requests. Data protection laws in some jurisdictions may differ from those in your country of residence.

Where required by applicable law, we use lawful data transfer mechanisms designed to support cross-border processing, which may include standard contractual clauses, adequacy decisions, or other approved mechanisms.

By using the Platform, you expressly acknowledge and consent to the international processing and transfer of your Personal Information as described in this Policy.

9. Data Retention

We retain Personal Information for as long as reasonably necessary to: provide and improve our services; maintain your account; comply with legal, tax, accounting, and regulatory obligations; resolve disputes and enforce agreements; prevent fraud and maintain security; and fulfill any other legitimate business purpose.

Specific retention periods vary by data type, purpose, and applicable legal requirements. In practice, certain records (including application records, payment records, communications, and consent records) may be retained for periods of up to seven (7) years or longer where required by law or for legitimate business, legal, or compliance purposes.

Where you request deletion of your Personal Information, we will delete or de-identify it within a commercially reasonable timeframe, except to the extent we are required or permitted to retain it for legal obligations, ongoing disputes, security and fraud prevention, enforcement of our Terms, or other purposes described in this Policy.

10. Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect Personal Information against unauthorized access, loss, alteration, disclosure, and destruction. These measures are commensurate with the nature and sensitivity of the information we process and the risks involved.

No system is perfectly secure. Despite our efforts, we cannot guarantee and do not warrant the absolute security of your Personal Information. Unauthorized access, hardware or software failure, human error, and other factors may compromise security at any time.

You are solely responsible for: keeping your login credentials, passwords, and account access information confidential; using strong and unique passwords; logging out of shared or public devices; and notifying us immediately at team@applyaz.com if you suspect any unauthorized access to your account.

In the event of a security incident affecting your Personal Information, we will notify affected individuals and relevant authorities where and to the extent required by applicable law, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the European Union General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act (DPDPA), and any other applicable breach notification requirements.

11. Your Privacy Rights

A) Canada (PIPEDA and Provincial Laws)

If you are a resident of Canada, you have the right to: request access to the Personal Information we hold about you; request correction of inaccurate or incomplete information; withdraw consent to certain processing (subject to legal or contractual restrictions); and file a complaint with the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner. To exercise your rights, email team@applyaz.com with the subject line "Privacy Request."

B) European Union / European Economic Area / Italy (GDPR)

If you are located in the EU, EEA, or Italy, you may have the right to: access your Personal Information; rectify inaccurate data; request erasure (right to be forgotten); restrict processing; object to processing based on legitimate interests; request data portability; withdraw consent at any time; and lodge a complaint with your local data protection authority (in Italy, the Garante per la protezione dei dati personali).

C) India (DPDPA and IT Act)

If you are a resident of India, you may have rights under the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000, including the right to: access, correct, and erase your Personal Information; nominate a representative; and file a grievance. Our Grievance Officer for India-based users can be reached at team@applyaz.com with the subject line "India Privacy Grievance."

D) Other Jurisdictions

Additional rights may apply under the laws of your jurisdiction. Contact us at team@applyaz.com for information about rights that may be available to you.

We may need to verify your identity before processing any privacy request. We may decline, limit, delay, or charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive, to the extent permitted by applicable law.

12. Cookies and Similar Technologies

We use cookies, web beacons, pixels, local storage, and similar technologies for the following purposes:

• Essential: Operating core Platform functionality, maintaining session state, enabling security features, preventing fraud and abuse
• Performance and Analytics: Measuring traffic, usage patterns, performance, and user behavior to improve the Platform
• Marketing and Advertising: Attribution, campaign measurement, retargeting, and personalized advertising, where you have provided consent or where permitted by law

Where required by applicable law (including EU/EEA cookie consent requirements), non-essential cookies will remain disabled until you provide affirmative consent through our cookie banner or settings. You may manage cookie preferences through your browser settings or our cookie management interface, where available. Blocking essential cookies may impair Platform functionality.

13. Marketing Communications and CASL Compliance

We comply with Canada's Anti-Spam Legislation (CASL) and other applicable anti-spam and marketing laws. Where you have provided consent (including through our "By proceeding" acknowledgment during registration or form submission), we may send you:

• Personalized program recommendations and educational resources
• Updates about ApplyAZ services, features, and events
• Newsletters, blog content, webinar invitations, and industry news
• Partner program announcements and promotional offers

You may opt out of marketing communications at any time by: clicking the unsubscribe link in any marketing email; emailing team@applyaz.com with "Unsubscribe" in the subject line; or adjusting your communication preferences in your account settings.

Opting out of marketing does not stop essential service communications necessary for the operation of your account and active service workflows, such as deadline reminders, status updates, document requests, and payment confirmations.

14. Call and Meeting Recordings

We may record telephone calls, video meetings, and screen-sharing sessions for quality assurance, training, fraud prevention, dispute resolution, and documentation purposes. Where required by applicable law, we will provide notice and, where necessary, obtain your consent before recording. Recordings are retained in accordance with our data retention practices described in Section 9.

15. Children and Minors

The Platform is not directed at children under the age of 16. We do not knowingly collect Personal Information from children under 16 without parental or guardian consent. If we become aware that we have collected information from a child under 16 without appropriate consent, we will take steps to delete it.

Where a user's account involves a minor (under the age of majority in the applicable jurisdiction), we may require verification of parental or guardian consent and may limit processing or account functionality until such verification is provided.

16. Third-Party Websites and Social Media

The Platform may contain links to third-party websites, applications, and social media platforms. These third parties operate independently and have their own privacy policies, terms, and practices. We are not responsible for and do not endorse, control, or assume liability for any third-party privacy practices, content, or security.

Our presence on social media platforms (including Instagram, Facebook, LinkedIn, YouTube, TikTok, Twitter/X, and others) is subject to those platforms' terms of service and privacy policies. Any information you share with us through social media is also subject to that platform's data practices. We are not responsible for information collected by third-party platforms in connection with your interaction with our social media profiles.

17. Testimonials, Reviews, and User-Generated Content

With your consent, we may display testimonials, reviews, success stories, and other user-generated content on the Platform, marketing materials, or social media. If you wish to have your testimonial or review updated or removed, contact us at team@applyaz.com.

Some testimonials, success stories, student profiles, images, statistics, program outcomes, financial figures, and other content displayed on our Platform, marketing materials, social media, or advertisements may be illustrative, representative, composite, or hypothetical in nature. Individual results vary significantly based on personal circumstances, academic background, institution policies, government decisions, and numerous other factors beyond ApplyAZ's control. Past performance, outcomes, or experiences described in any testimonial or marketing material do not guarantee, promise, or predict future results for any user.

18. Changes to This Privacy Policy

We may update this Policy at any time by posting an updated version on the Platform with a revised "Last Updated" date. Where changes are material, we will use reasonable efforts to provide advance notice through the Platform, email, or other appropriate channels.

Your continued use of the Platform after any update constitutes your acceptance of the revised Policy. If you do not agree with any changes, you must discontinue use of the Platform and contact us to request deletion of your account and Personal Information, subject to our retention obligations.

19. Contact Information

ApplyAZ Inc.

290 Adelaide Street West, Toronto, ON M5V 0P3, Canada

General Inquiries: team@applyaz.com

Privacy Requests: team@applyaz.com (subject line: "Privacy Request")

India Privacy Grievances: team@applyaz.com (subject line: "India Privacy Grievance")

Legal Notices: legal@applyaz.com