The short version: We collect minimal information (mainly just your email if you subscribe to our newsletter), we never sell your data, we use standard analytics to improve the site, and you have complete control over your information. Keep reading for the full details.
Under data protection law, someone needs to be responsible for your personal information. For PhDme.com, that’s:
Data Controller: Daniel Leclair
Contact Email: contact@phdme.com
If you have any questions, concerns, or requests about your personal data, that’s who you contact. We take data protection seriously and respond to all privacy-related inquiries.
We believe in data minimalism—collecting only what we actually need to operate the site and provide useful services. Here’s exactly what we gather:
When we collect it: Only if you voluntarily subscribe to our newsletter or contact us directly via email.
What we collect: Just your email address. We don’t require your name, location, or any other personal details for newsletter subscription, though you can provide a name if you wish.
Why we collect it: To send you the weekly newsletter you requested, or to respond to your emails if you’ve contacted us with questions or feedback.
You control this: You can unsubscribe from the newsletter anytime with one click, and we’ll delete your email from our list. If you contact us, we keep correspondence for reference, but you can request deletion (see “Your Rights” section below).
When we collect it: Automatically whenever you visit PhDme.com, like virtually all websites.
What we collect: Technical information about your visit including:
How we collect it: We use Google Analytics (or similar analytics tools) that automatically track this information through cookies and similar technologies.
Why we collect it: To understand how people use the site so we can improve it. For example:
Important: This data is aggregated and anonymized. We see patterns and trends, not “John Smith from Toronto visited these pages.” We can’t and don’t identify individual users from this data.
When we collect it: If you email us directly, fill out a contact form, or communicate with us in other ways.
What we collect: Whatever information you choose to include in your message—your name if you provide it, your questions, feedback, partnership proposals, error reports, or any other content you send us.
Why we collect it: To respond to your inquiry, address your concerns, investigate issues you’ve reported, or discuss partnership opportunities.
How long we keep it: We retain correspondence for reference and continuity (so we remember your previous questions if you contact us again). You can request deletion of your communication history by contacting us.
It’s worth being explicit about what we don’t collect, since many websites gather far more data than necessary:
We only use the information we collect for specific, legitimate purposes:
Newsletter Delivery
If you subscribe to our newsletter, we use your email address to send you the weekly newsletter you requested. That’s it. We don’t use it for anything else without your explicit consent.
Improving the Website
We analyze aggregate visitor data to understand what’s working and what isn’t, identify technical problems, optimize performance, and make the site more useful. This analysis happens at the aggregate level—we look at overall patterns, not individual behavior.
Responding to Communication
If you email us, we use the information you provide to understand your question and respond helpfully. We may retain correspondence for future reference so we can provide continuity if you contact us again.
Legal Compliance
In rare circumstances, we may need to use or disclose information to comply with legal obligations, respond to lawful requests from authorities, protect our legal rights, or investigate suspected fraud or security issues.
What we explicitly DON’T do with your information:
We believe in transparency about every entity that might access your data, even indirectly:
Like most websites, we rely on certain third-party services to operate. These providers may process your data on our behalf, but they’re bound by contracts to use it only for providing their specific service to us, not for their own purposes.
Email Newsletter Service
We use a GDPR-compliant email marketing platform to manage newsletter subscriptions and send our weekly emails. This service stores your email address and tracks whether you open newsletters or click links (standard email marketing functionality). You control this data by unsubscribing anytime.
Website Hosting (Google Cloud Platform)
Our website is hosted on Google’s cloud infrastructure. While Google provides the physical servers and technical infrastructure, they operate as a data processor under strict contractual terms and don’t use your information for their own purposes.
Analytics Service (Google Analytics)
We use Google Analytics to understand how visitors use the site. This service collects the anonymous browsing data described earlier. We’ve configured our analytics to anonymize IP addresses and respect “Do Not Track” signals where possible.
We never share your data with:
In rare circumstances, we may be legally required to disclose information in response to valid legal processes (court orders, subpoenas, government investigations). We would:
However, given the minimal data we collect, we typically have very little to disclose even if compelled.
We don’t keep data longer than necessary. Here are our retention periods:
Newsletter Subscriber Email Addresses
Kept for as long as you remain subscribed. When you unsubscribe, we remove your email from our active list within 48 hours. We may retain unsubscribe records (just the fact that you unsubscribed, not your full data) to prevent accidentally re-adding you if there’s an import error.
Email Correspondence
Retained for up to 36 months after the last interaction, unless you request deletion sooner. This allows us to reference previous conversations if you contact us again with follow-up questions.
Analytics Data
Aggregate anonymized analytics data is retained according to Google Analytics’ default retention settings (typically 26 months for user-level data). Since this is anonymized, it doesn’t identify you personally.
Server Logs
Technical server logs (used for security and troubleshooting) are automatically deleted after 90 days.
Exceptions: We may retain data longer if required by law (for example, financial records if we have paying partners), or if it’s necessary for legal claims or disputes. If you exercise your right to erasure (see below), we’ll delete your data sooner unless there’s a compelling legal reason we must retain it.
We implement industry-standard security measures to protect the data we collect:
Being realistic: No security is perfect. While we implement strong protections, we can’t guarantee absolute security. If we ever experience a data breach affecting personal information, we’ll notify affected users and relevant authorities as required by law.
Under data protection law (including GDPR), you have significant rights regarding your personal information. We respect these rights and make it easy to exercise them:
You can request a copy of all personal data we hold about you. We’ll provide this in a clear, commonly used format.
How to exercise: Email us at contact@phdme.com requesting access to your data. We’ll respond within 30 days with a complete export.
If we have incorrect information about you, you can request that we correct it.
How to exercise: Email us explaining what information is incorrect and what it should be. We’ll update it promptly.
You can request that we delete your personal data, and we’ll comply unless we have a compelling legal reason to retain it.
How to exercise: Email us requesting deletion of your data. For newsletter subscribers, you can also simply unsubscribe using the link in any newsletter. We’ll confirm deletion within 30 days.
You can ask us to limit how we use your data in certain circumstances (for example, while we’re investigating whether information about you is accurate).
How to exercise: Email us explaining why you want processing restricted. We’ll comply while we resolve the situation.
You can object to our processing of your data for specific purposes, particularly if we’re processing it based on legitimate interests rather than consent.
How to exercise: Email us explaining what processing you object to. We’ll stop unless we have compelling legitimate grounds that override your interests.
You can request your data in a structured, machine-readable format that you can transfer to another service.
How to exercise: Email us requesting data portability. We’ll provide your data in a common format like CSV or JSON.
If we’re processing your data based on consent (like newsletter subscriptions), you can withdraw that consent anytime.
How to exercise: For newsletters, just click unsubscribe. For other consent-based processing, email us.
If you believe we’re not handling your data properly, you can complain to a data protection authority.
How to exercise: Contact your country’s data protection authority. For Canada, that’s the Office of the Privacy Commissioner of Canada.
Our commitment: We respond to all data rights requests within 30 days (as required by law). If your request is complex and we need more time, we’ll let you know and explain why. We never charge fees for responding to data rights requests unless they’re clearly unfounded or excessive.
Like most websites, PhDme.com uses cookies—small text files stored on your device that help the site function properly and allow us to understand how it’s being used.
Essential Cookies (Strictly Necessary)
These cookies are required for the website to function. They remember your cookie preferences, maintain security, and enable basic site features. You can’t disable these without breaking the site’s functionality.
Analytics Cookies (Performance)
These cookies (primarily from Google Analytics) help us understand how visitors use the site. They collect anonymous information about which pages you visit, how long you stay, and how you navigate. This data is aggregated and doesn’t identify you personally.
Functional Cookies
These remember your preferences and choices to improve your experience (for example, remembering if you’ve dismissed a notification banner).
What we DON’T use:
You have control over cookies:
Important: Blocking certain cookies may affect site functionality. Essential cookies cannot be disabled without breaking the site, but you can block analytics and other non-essential cookies.
PhDme.com operates primarily in Canada, but some of our service providers (like Google Cloud Platform and Google Analytics) may process data in various locations worldwide, including the United States and Europe.
When data is transferred internationally, it’s protected through:
If you’re in the European Union, your data may be transferred outside the EU to countries that may not have equivalent data protection laws. We ensure appropriate safeguards are in place for such transfers.
PhDme.com is primarily intended for students of university age and older. We don’t knowingly collect personal information from children under 13 (or under 16 in the EU) without parental consent.
If you’re a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we’ll delete it.
We may update this privacy policy periodically to reflect changes in our practices, legal requirements, or to provide additional clarity. When we make significant changes, we’ll:
Continued use of PhDme.com after changes are posted constitutes acceptance of the updated policy. We encourage you to review this page periodically, especially if you’re a regular user.
This Privacy Policy should be read alongside our other legal documents for a complete understanding:
We know privacy policies can be confusing even when written clearly. If you have questions about what information we collect, how we use it, or how to exercise your rights, please don’t hesitate to contact us.
Data Protection Contact: contact@phdme.com
We respond to all privacy inquiries within 30 days (usually much sooner).
Last updated: October 5, 2025
This privacy policy complies with the General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection laws.