Back to Institute

Legal

Privacy Policy

Effective date: July 1, 2026  ·  Last updated: July 1, 2026

1. Who We Are

Summr Institute (“the Institute,” “we,” “us,” or “our”) is a nonprofit education platform operated by Summr Institute Inc., a Delaware nonprofit corporation. We are organizationally separate from Summr Capital Management LLC, a registered investment adviser. The Institute does not manage investment assets or solicit investors.

Our platform is accessible at summr.institute and associated subdomains. Questions regarding this Policy may be directed to privacy@summr.tech.

2. Information We Collect

Information you provide directly:

  • Registration data — first name, last name, student email address, phone number, education level, degree or field of study, university or college name, and LinkedIn profile URL.
  • Account credentials — email address and hashed password created during platform sign-up. We never store passwords in plain text.
  • Course and learning activity — modules completed, lessons viewed, quiz responses, deliverable submissions, and certification progress.
  • Communications — emails, support requests, or feedback you send to us.

Information collected automatically:

  • Usage data — pages visited, features accessed, time on platform, scroll depth, and click patterns.
  • Device and technical data — IP address, browser type, operating system, device identifiers, and referring URLs.
  • Cookies and similar technologies — session cookies, authentication tokens, and analytics identifiers. See our Cookie Policy for details.

3. How We Use Your Information

  • To create and maintain your student account and authenticate your identity.
  • To deliver and personalise educational content, track progress, and issue certifications.
  • To communicate with you about your enrolment status, curriculum updates, cohort announcements, and platform changes.
  • To evaluate and improve curriculum design, platform performance, and student outcomes.
  • To process payments for paid programmes through our third-party payment processor (Stripe). We do not store full payment card numbers.
  • To facilitate introductions to internship opportunities or partner organisations where you have opted in.
  • To comply with applicable law, respond to lawful requests, and enforce our Terms of Use.

We do not sell your personal data to third parties. We do not share your data with Summr Capital Management for investment solicitation purposes.

4. Legal Basis for Processing (EEA / UK Residents)

Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we rely on the following legal bases:

  • Contract — processing necessary to provide the services you registered for.
  • Legitimate interests — analytics, platform improvement, and fraud prevention, where these do not override your rights.
  • Consent — marketing communications and non-essential cookies, which you may withdraw at any time.
  • Legal obligation — compliance with applicable financial education and nonprofit regulations.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide our services. If you request deletion of your account, we will remove personally identifiable data within 30 days, except where retention is required by law or for legitimate dispute resolution purposes. Anonymised usage data may be retained indefinitely for analytics purposes.

6. Sharing and Disclosure

We share data only in the following limited circumstances:

  • Service providers — Supabase (database and authentication), Vercel (hosting and edge functions), Stripe (payment processing), and Vercel Blob (media storage). Each provider is contractually bound to process data only on our instructions.
  • Institutional partners — if you enrol through a university or organisation partner, we may share aggregated, non-identifiable progress data with that institution. Individual data is shared only with your explicit consent.
  • Legal requirements — if required by subpoena, court order, or applicable law, or to protect the safety, rights, or property of the Institute, its students, or the public.
  • Business transitions — in the event of a merger, acquisition, or transfer of assets, your data may be transferred; we will notify you in advance and ensure equivalent protections apply.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data (subject to legal retention obligations).
  • Restrict or object to certain processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, email privacy@summr.tech. We will respond within 30 days.

8. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, row-level security on our database, and strict access controls limiting which personnel can access student data. No system is perfectly secure; we will notify you of any data breach affecting your information as required by applicable law.

9. Children

The Summr Institute platform is intended for undergraduate and graduate students (18 years of age or older). We do not knowingly collect data from anyone under 16 years old. If you believe a minor has registered, contact us immediately and we will remove the account.

10. Changes to This Policy

We may update this Policy periodically. Material changes will be communicated by email to registered users or by posting a prominent notice on the platform. Continued use of the platform after the effective date constitutes acceptance of the revised Policy.

11. Contact

Summr Institute Inc. · Privacy Team · privacy@summr.tech