Home Privacy Policy

Privacy Policy

Your privacy matters to us. This policy explains exactly what information we collect when you use PhDme.com, why we collect it, how we protect it, and what control you have over it. We’ve written this in plain language because we believe you should actually understand what happens to your data, not just click “I agree” on something incomprehensible.

The short version: We collect minimal information (mainly just your email if you subscribe to our newsletter), we never sell your data, we use standard analytics to improve the site, and you have complete control over your information. Keep reading for the full details.

Who Controls Your Data

Under data protection law, someone needs to be responsible for your personal information. For PhDme.com, that’s:

Data Controller: Daniel Leclair
Contact Email: contact@phdme.com

If you have any questions, concerns, or requests about your personal data, that’s who you contact. We take data protection seriously and respond to all privacy-related inquiries.

What Information We Collect

We believe in data minimalism—collecting only what we actually need to operate the site and provide useful services. Here’s exactly what we gather:

Email Addresses (Only If You Subscribe)

When we collect it: Only if you voluntarily subscribe to our newsletter or contact us directly via email.

What we collect: Just your email address. We don’t require your name, location, or any other personal details for newsletter subscription, though you can provide a name if you wish.

Why we collect it: To send you the weekly newsletter you requested, or to respond to your emails if you’ve contacted us with questions or feedback.

You control this: You can unsubscribe from the newsletter anytime with one click, and we’ll delete your email from our list. If you contact us, we keep correspondence for reference, but you can request deletion (see “Your Rights” section below).

Anonymous Browsing Information (Analytics)

When we collect it: Automatically whenever you visit PhDme.com, like virtually all websites.

What we collect: Technical information about your visit including:

  • Which pages you visit and how long you spend on them
  • What links you click
  • How you arrived at our site (search engine, direct link, social media, etc.)
  • General information about your browser and device type
  • Approximate location (country/city level, not your exact address)
  • Anonymized IP address (we don’t store complete IP addresses)

How we collect it: We use Google Analytics (or similar analytics tools) that automatically track this information through cookies and similar technologies.

Why we collect it: To understand how people use the site so we can improve it. For example:

  • If everyone bounces immediately from a particular page, maybe it’s confusing or broken
  • If certain scholarship articles get lots of traffic, we know to create more content in that area
  • If most visitors come from specific countries, we can tailor content to serve those regions better
  • Understanding which devices people use helps us optimize the site’s design and performance

Important: This data is aggregated and anonymized. We see patterns and trends, not “John Smith from Toronto visited these pages.” We can’t and don’t identify individual users from this data.

Information You Voluntarily Provide

When we collect it: If you email us directly, fill out a contact form, or communicate with us in other ways.

What we collect: Whatever information you choose to include in your message—your name if you provide it, your questions, feedback, partnership proposals, error reports, or any other content you send us.

Why we collect it: To respond to your inquiry, address your concerns, investigate issues you’ve reported, or discuss partnership opportunities.

How long we keep it: We retain correspondence for reference and continuity (so we remember your previous questions if you contact us again). You can request deletion of your communication history by contacting us.

What We DON’T Collect

It’s worth being explicit about what we don’t collect, since many websites gather far more data than necessary:

  • We don’t require accounts. You don’t need to create an account, choose a password, or provide personal information just to read our content.
  • We don’t collect financial information. PhDme.com is free to use. We never collect credit card numbers, bank details, or payment information.
  • We don’t track you across other websites. We don’t use tracking pixels or technologies that follow you around the internet after you leave our site.
  • We don’t collect sensitive personal data. No information about your health, religion, political views, sexual orientation, ethnicity, or other sensitive categories.
  • We don’t use invasive profiling. We don’t build detailed profiles of individual users or attempt to infer personal characteristics beyond basic aggregate demographics.

How We Use Your Information

We only use the information we collect for specific, legitimate purposes:

Newsletter Delivery
If you subscribe to our newsletter, we use your email address to send you the weekly newsletter you requested. That’s it. We don’t use it for anything else without your explicit consent.

Improving the Website
We analyze aggregate visitor data to understand what’s working and what isn’t, identify technical problems, optimize performance, and make the site more useful. This analysis happens at the aggregate level—we look at overall patterns, not individual behavior.

Responding to Communication
If you email us, we use the information you provide to understand your question and respond helpfully. We may retain correspondence for future reference so we can provide continuity if you contact us again.

Legal Compliance
In rare circumstances, we may need to use or disclose information to comply with legal obligations, respond to lawful requests from authorities, protect our legal rights, or investigate suspected fraud or security issues.

What we explicitly DON’T do with your information:

  • Sell it to third parties (never, under any circumstances)
  • Rent or lease your email list to other companies
  • Use it for purposes you haven’t consented to
  • Share it with advertisers or data brokers
  • Send you marketing emails you didn’t sign up for

Who We Share Your Information With

We believe in transparency about every entity that might access your data, even indirectly:

Service Providers We Use

Like most websites, we rely on certain third-party services to operate. These providers may process your data on our behalf, but they’re bound by contracts to use it only for providing their specific service to us, not for their own purposes.

Email Newsletter Service
We use a GDPR-compliant email marketing platform to manage newsletter subscriptions and send our weekly emails. This service stores your email address and tracks whether you open newsletters or click links (standard email marketing functionality). You control this data by unsubscribing anytime.

Website Hosting (Google Cloud Platform)
Our website is hosted on Google’s cloud infrastructure. While Google provides the physical servers and technical infrastructure, they operate as a data processor under strict contractual terms and don’t use your information for their own purposes.

Analytics Service (Google Analytics)
We use Google Analytics to understand how visitors use the site. This service collects the anonymous browsing data described earlier. We’ve configured our analytics to anonymize IP addresses and respect “Do Not Track” signals where possible.

We never share your data with:

  • Advertisers or ad networks (we don’t run targeted advertising)
  • Data brokers or list sellers
  • Social media platforms (beyond standard social sharing buttons that only work if you actively click them)
  • Any entity for purposes unrelated to operating PhDme.com

Legal Obligations

In rare circumstances, we may be legally required to disclose information in response to valid legal processes (court orders, subpoenas, government investigations). We would:

  • Only disclose what’s legally required, not more
  • Notify you if legally permitted to do so
  • Challenge overbroad or inappropriate requests when possible

However, given the minimal data we collect, we typically have very little to disclose even if compelled.

How Long We Keep Your Data

We don’t keep data longer than necessary. Here are our retention periods:

Newsletter Subscriber Email Addresses
Kept for as long as you remain subscribed. When you unsubscribe, we remove your email from our active list within 48 hours. We may retain unsubscribe records (just the fact that you unsubscribed, not your full data) to prevent accidentally re-adding you if there’s an import error.

Email Correspondence
Retained for up to 36 months after the last interaction, unless you request deletion sooner. This allows us to reference previous conversations if you contact us again with follow-up questions.

Analytics Data
Aggregate anonymized analytics data is retained according to Google Analytics’ default retention settings (typically 26 months for user-level data). Since this is anonymized, it doesn’t identify you personally.

Server Logs
Technical server logs (used for security and troubleshooting) are automatically deleted after 90 days.

Exceptions: We may retain data longer if required by law (for example, financial records if we have paying partners), or if it’s necessary for legal claims or disputes. If you exercise your right to erasure (see below), we’ll delete your data sooner unless there’s a compelling legal reason we must retain it.

How We Protect Your Data

We implement industry-standard security measures to protect the data we collect:

  • Encryption in transit: PhDme.com uses SSL/TLS encryption (HTTPS) for all connections, so data transmitted between your browser and our servers is encrypted and protected from interception.
  • Secure hosting infrastructure: Our website is hosted on Google Cloud Platform, which employs extensive physical and digital security measures including firewalls, access controls, and intrusion detection.
  • Access controls: Only authorized team members have access to systems that might contain personal data, and access is restricted to what’s necessary for their role.
  • Regular updates: We keep our website software, plugins, and dependencies updated to patch security vulnerabilities.
  • Minimal data exposure: By collecting minimal data in the first place, we reduce the risk if there’s ever a security incident.

Being realistic: No security is perfect. While we implement strong protections, we can’t guarantee absolute security. If we ever experience a data breach affecting personal information, we’ll notify affected users and relevant authorities as required by law.

Your Rights and How to Exercise Them

Under data protection law (including GDPR), you have significant rights regarding your personal information. We respect these rights and make it easy to exercise them:

Right to Access

You can request a copy of all personal data we hold about you. We’ll provide this in a clear, commonly used format.

How to exercise: Email us at contact@phdme.com requesting access to your data. We’ll respond within 30 days with a complete export.

Right to Rectification

If we have incorrect information about you, you can request that we correct it.

How to exercise: Email us explaining what information is incorrect and what it should be. We’ll update it promptly.

Right to Erasure (“Right to be Forgotten”)

You can request that we delete your personal data, and we’ll comply unless we have a compelling legal reason to retain it.

How to exercise: Email us requesting deletion of your data. For newsletter subscribers, you can also simply unsubscribe using the link in any newsletter. We’ll confirm deletion within 30 days.

Right to Restrict Processing

You can ask us to limit how we use your data in certain circumstances (for example, while we’re investigating whether information about you is accurate).

How to exercise: Email us explaining why you want processing restricted. We’ll comply while we resolve the situation.

Right to Object

You can object to our processing of your data for specific purposes, particularly if we’re processing it based on legitimate interests rather than consent.

How to exercise: Email us explaining what processing you object to. We’ll stop unless we have compelling legitimate grounds that override your interests.

Right to Data Portability

You can request your data in a structured, machine-readable format that you can transfer to another service.

How to exercise: Email us requesting data portability. We’ll provide your data in a common format like CSV or JSON.

Right to Withdraw Consent

If we’re processing your data based on consent (like newsletter subscriptions), you can withdraw that consent anytime.

How to exercise: For newsletters, just click unsubscribe. For other consent-based processing, email us.

Right to Complain

If you believe we’re not handling your data properly, you can complain to a data protection authority.

How to exercise: Contact your country’s data protection authority. For Canada, that’s the Office of the Privacy Commissioner of Canada.

Our commitment: We respond to all data rights requests within 30 days (as required by law). If your request is complex and we need more time, we’ll let you know and explain why. We never charge fees for responding to data rights requests unless they’re clearly unfounded or excessive.

Cookies and Similar Technologies

Like most websites, PhDme.com uses cookies—small text files stored on your device that help the site function properly and allow us to understand how it’s being used.

What Cookies We Use

Essential Cookies (Strictly Necessary)
These cookies are required for the website to function. They remember your cookie preferences, maintain security, and enable basic site features. You can’t disable these without breaking the site’s functionality.

Analytics Cookies (Performance)
These cookies (primarily from Google Analytics) help us understand how visitors use the site. They collect anonymous information about which pages you visit, how long you stay, and how you navigate. This data is aggregated and doesn’t identify you personally.

Functional Cookies
These remember your preferences and choices to improve your experience (for example, remembering if you’ve dismissed a notification banner).

What we DON’T use:

  • Advertising cookies or tracking pixels for targeted ads
  • Social media tracking cookies (beyond basic share buttons)
  • Third-party cookies for purposes unrelated to operating the site

Managing Cookies

You have control over cookies:

  • Cookie consent banner: When you first visit PhDme.com, you’ll see a banner allowing you to accept or decline non-essential cookies. Your choice is remembered.
  • Browser settings: All modern browsers allow you to refuse cookies, delete existing cookies, or ask to be notified when cookies are set. Check your browser’s help documentation for instructions.
  • Opt-out tools: You can opt out of Google Analytics specifically using their browser add-on.
  • “Do Not Track” signals: We respect Do Not Track browser settings where possible, though note that there’s no universal standard for how websites should respond to these signals.

Important: Blocking certain cookies may affect site functionality. Essential cookies cannot be disabled without breaking the site, but you can block analytics and other non-essential cookies.

International Data Transfers

PhDme.com operates primarily in Canada, but some of our service providers (like Google Cloud Platform and Google Analytics) may process data in various locations worldwide, including the United States and Europe.

When data is transferred internationally, it’s protected through:

  • Standard contractual clauses approved by data protection authorities
  • Service providers’ adherence to international privacy frameworks
  • Technical and organizational security measures

If you’re in the European Union, your data may be transferred outside the EU to countries that may not have equivalent data protection laws. We ensure appropriate safeguards are in place for such transfers.

Children’s Privacy

PhDme.com is primarily intended for students of university age and older. We don’t knowingly collect personal information from children under 13 (or under 16 in the EU) without parental consent.

If you’re a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we’ll delete it.

Changes to This Privacy Policy

We may update this privacy policy periodically to reflect changes in our practices, legal requirements, or to provide additional clarity. When we make significant changes, we’ll:

  • Update the “Last Updated” date at the bottom of this page
  • For material changes that affect how we handle your data, we’ll notify newsletter subscribers
  • For significant changes, we may also post a notice on our homepage

Continued use of PhDme.com after changes are posted constitutes acceptance of the updated policy. We encourage you to review this page periodically, especially if you’re a regular user.

How This Policy Relates to Other Documents

This Privacy Policy should be read alongside our other legal documents for a complete understanding:

Questions About Your Privacy?

We know privacy policies can be confusing even when written clearly. If you have questions about what information we collect, how we use it, or how to exercise your rights, please don’t hesitate to contact us.

Data Protection Contact: contact@phdme.com

We respond to all privacy inquiries within 30 days (usually much sooner).

Last updated: October 5, 2025

This privacy policy complies with the General Data Protection Regulation (GDPR), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable data protection laws.