Privacy Policy
Last updated: March 24, 2026
Pairwise ("Pairwise," "we," "us," or "our") operates a mentorship program management platform (the "Platform") that helps organizations run mentorship, coaching, and peer-matching programs. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our Platform, visit our website at pairwise.app, or communicate with us.
If you are a participant in a mentorship program administered through Pairwise, your organization ("Client") is the data controller for the personal information collected through their program. Pairwise acts as a data processor on behalf of the Client. This Policy describes our practices as both a controller (for our direct relationship with you) and as a processor (for data managed on behalf of Clients).
1. Information We Collect
1.1 Account & Profile Information
When you create an account or are invited to a program, we collect:
- Name, email address, and password (or OAuth credentials via Google or LinkedIn)
- Profile details you provide: biography, location (city, state/province, country), timezone, LinkedIn profile URL, and profile photo
- Organization membership and role within programs
1.2 Application & Assessment Data
When you apply to a mentorship program, we collect:
- Responses to application questions configured by your program administrator
- Uploaded files (resumes, documents) submitted as part of your application
- Assessment results generated during the matching evaluation process
1.3 Session & Scheduling Data
When you use our scheduling features, we collect:
- Availability preferences and weekly schedule rules
- Session booking details: date, time, duration, video call links, and session notes
- Post-session feedback: session ratings, progress assessments, and written feedback
- Action items and next steps created during sessions
1.4 Calendar Data
If you connect your Google Calendar or Microsoft Outlook calendar, we access:
- Free/busy times — to identify scheduling conflicts (we see only that a time slot is busy, not the event details)
- Calendar event creation — to add mentoring session events to your calendar
- Event status — to detect whether a scheduled session was attended or cancelled
We do not read, store, or access the content of your other calendar events. Calendar OAuth tokens are encrypted at rest using AES-256-GCM encryption. You can disconnect your calendar at any time from your account settings.
1.5 Communication Data
Email addresses used for notifications, including: program announcements, session reminders, match introductions, and scheduling confirmations. You can control which notifications you receive through your notification preferences.
1.6 Usage & Analytics Data
We collect usage data through PostHog, including:
- Pages visited, features used, and interactions within the Platform
- Device type, browser, operating system, and screen resolution
- IP address and approximate geographic location
- Session duration and navigation patterns
1.7 Data from External Membership Systems
If your organization connects an external membership platform (such as Wild Apricot or MemberPress), we may receive contact information (name, email, membership status) to facilitate program enrollment. Raw sync data is redacted after 90 days; contact records are retained for as long as the integration is active.
2. How We Use Your Information
We use the information we collect to:
- Operate the Platform — manage accounts, process applications, facilitate matching, schedule sessions, and deliver notifications
- AI-assisted matching and assessment — process application responses through AI language models to generate match compatibility scores and assessment evaluations (see Section 3)
- Calendar integration — check your availability, create session events, and detect attendance
- Improve our service — analyze usage patterns, diagnose technical issues, and develop new features
- Communicate with you — send service-related emails (session reminders, match notifications, program updates)
- Security and compliance — detect fraud, enforce our Terms of Service, and comply with legal obligations
3. AI & Automated Processing
Pairwise uses third-party AI language models (provided through Google Gemini, OpenAI, and Anthropic) to assist with the following:
- Application assessment — evaluating application responses to generate compatibility and quality scores
- Match recommendations — generating match compatibility analyses between program participants
- Match summaries — creating human-readable summaries of why participants were matched
Application responses and relevant profile information are sent to AI model providers for processing. We use data minimization — only the information necessary for the specific evaluation is transmitted. AI-generated assessments are recommendations that assist program administrators; final matching decisions are made by human administrators.
AI processing is subject to data processing agreements with our model providers. Your data is not used to train third-party AI models.
4. How We Share Your Information
4.1 With Your Organization
Program administrators in your organization can view your application, assessment results, match information, session activity, and feedback as part of managing their mentorship program.
4.2 With Your Match Partner
When you are matched with another participant, limited profile and contact information is shared to facilitate the mentoring relationship. Your match partner does not see your assessment scores, feedback ratings about them, or your full application responses.
4.3 With Service Providers
We use the following third-party services to operate the Platform:
| Provider | Purpose | Data shared |
|---|---|---|
| Resend | Email delivery | Email address, email content |
| Google Gemini / OpenAI / Anthropic | AI assessment & matching | Application responses, profile excerpts |
| Google Calendar API | Calendar integration | Free/busy times, session events |
| Microsoft Graph API | Calendar integration | Free/busy times, session events |
| PostHog | Product analytics | Usage data, device info, IP address |
| UploadThing | File storage | Uploaded files (application attachments) |
| Vercel | Website hosting & analytics | Page views, performance data |
4.4 We Do Not Sell Your Data
We do not sell, rent, or trade your personal information to third parties. We are not data brokers.
5. Data Security
We implement the following security measures to protect your data:
- Encryption in transit — all data transmitted between your browser and our servers uses HTTPS/TLS
- Encryption at rest — calendar OAuth tokens and integration credentials are encrypted using AES-256-GCM
- Row-level security — database policies ensure participants can only access their own data and data shared with them through their program
- Session-based authentication — secure HTTP-only session cookies; no persistent authentication tokens stored in the browser
- Rate limiting — API and email rate limiting to prevent abuse
6. Data Retention
- Account data — retained for as long as your account is active or as needed to provide services
- Program data (applications, assessments, sessions, feedback) — retained for the duration of the organization's subscription, then deleted within 90 days of contract termination
- Calendar tokens — retained while connected; deleted immediately upon disconnection
- External membership sync data — raw payloads redacted after 90 days; contact records retained while the integration is active
- Analytics data — retained per PostHog's standard retention policy
- Deactivated accounts — personal data anonymized or deleted within 90 days of a verified deletion request
7. Cookies & Tracking
7.1 Essential Cookies
We use session cookies to keep you logged in and maintain your authentication state. These are strictly necessary for the Platform to function and do not require consent.
7.2 Analytics
We use PostHog for product analytics to understand how users interact with the Platform. PostHog may set cookies or use local storage to track sessions. We use Vercel Analytics on our marketing website for aggregate page view and performance data.
7.3 No Advertising
We do not use advertising cookies, retargeting pixels, or interest-based advertising of any kind.
8. Your Rights
8.1 All Users
Regardless of where you are located, you have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — update or correct inaccurate personal information
- Deletion — request deletion of your personal information (see Section 8.4)
- Notification controls — manage your email notification preferences at any time
- Calendar disconnection — revoke calendar access at any time from your settings
8.2 Canadian Users (PIPEDA)
Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to access your personal information, challenge its accuracy, and withdraw consent for its collection, use, or disclosure. We will respond to verified requests within 30 days.
8.3 European Users (GDPR)
If you are located in the European Economic Area, you additionally have the right to:
- Object to or restrict processing of your personal data
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent at any time where processing is based on consent
- Request human review of decisions made solely by automated processing
- Lodge a complaint with your local data protection authority
8.4 Data Deletion
Since Pairwise is a B2B platform, your organization's program administrator is the primary point of contact for managing participant data during an active program. You may also request deletion of your personal information directly by contacting us at support@pairwise.app.
Upon receiving a verified deletion request, we will anonymize your personal information (name, email, profile details) within 90 days. Anonymized records (match history, aggregate session data) may be retained for program reporting purposes, but will no longer be linked to your identity.
9. International Data Transfers
Pairwise is based in Canada. Your data may be processed in Canada and the United States (where some of our service providers operate). For transfers outside of Canada, we rely on contractual safeguards, including standard contractual clauses where required, to ensure your data receives an adequate level of protection.
10. Children's Privacy
Pairwise is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child under 18 has provided us with personal information, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Platform at least 14 days before the changes take effect. Your continued use of the Platform after changes become effective constitutes acceptance of the updated Policy.
12. Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or have a privacy concern, contact us at:
Pairwise
Email: support@pairwise.app
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada (1-800-282-1376) or your local data protection authority.