Privacy Policy
Last updated: June 2026 · Effective from: June 2026
1. Who We Are
KUCCPSS ("we", "us", "our") is an independent digital platform available at kuccpss.co.ke and related domains. We provide free tools to help Kenyan KCSE graduates calculate cluster points, explore courses, and plan their education pathway through the KUCCPS placement system.
KUCCPSS is not affiliated with, endorsed by, or operated by the Kenya Universities and Colleges Central Placement Service (KUCCPS), the Kenya National Examinations Council (KNEC), or any government body. The official KUCCPS portal is at kuccps.ac.ke.
For any privacy-related enquiries, contact us at: info@kuccpss.co.ke
2. What Information We Collect
2.1 Information You Provide Directly
| Data | When Collected | Required? |
|---|---|---|
| Full name | Registration / Profile | Optional |
| Email address | Registration | Yes |
| Password (hashed) | Registration | Yes (unless Google login) |
| County of residence | Profile | Optional |
| KCSE year | Profile | Optional |
| Profile picture | Profile | Optional |
| KCSE subject grades | Calculator / Career Engine | Optional (for calculations) |
| Career preferences & county preferences | Career Engine | Optional |
| Course shortlist / watchlist choices | Course browsing | Optional |
| Application tracker entries | Applications feature | Optional |
| Uploaded images (result slips for OCR) | OCR feature | Optional |
2.2 Information Collected Automatically
- Log data — IP address, browser type, pages visited, timestamps (standard web server logs)
- Session data — login session tokens stored in encrypted cookies
- Usage analytics — page views, feature usage (aggregated, not linked to personal identity where possible)
- Device information — device type, operating system, screen size (for improving mobile experience)
2.3 Information from Third Parties
- Google OAuth — if you sign in with Google, we receive your Google account email, name, and profile picture. We do not receive your Google password.
3. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Creating and managing your account | Email, name, password |
| Calculating your KCSE cluster points | Subject grades (processed locally, not shared) |
| Showing eligible and recommended courses | Cluster scores, mean grade, county, pathway preferences |
| Personalising the Career Engine results | Grades, career preferences, county |
| AI-powered career recommendations (OpenAI) | Anonymised or summarised grade/preference data sent to OpenAI API |
| OCR reading of result slips | Uploaded image sent to OpenAI GPT-4o Vision API; not stored after processing |
| Saving your watchlist and shortlist | Account ID + course IDs |
| Sending account-related notifications | Email address |
| Improving the platform | Aggregated usage analytics |
| Preventing abuse and fraud | IP address, login timestamps |
| Live chat support (Tawk.to) | Name, email (if provided in chat) |
We do not use your data for advertising, profiling for marketing, or selling to third parties.
4. Legal Basis for Processing
We process your personal data on the following bases:
- Contract performance — processing necessary to provide the services you signed up for (e.g. storing your grades to calculate cluster points).
- Legitimate interests — improving platform security, preventing abuse, and improving our services through aggregated analytics.
- Consent — for optional features such as uploading a result slip photo for OCR. You may withdraw consent at any time by not using the feature.
- Legal obligation — where we are required by law to retain certain records.
5. Who We Share Your Data With
We do not sell your personal data. We share it only in these limited circumstances:
- OpenAI (USA) — KCSE grade data and career preferences are sent to the OpenAI API to power the Career Engine recommendations and OCR result-slip reading. OpenAI processes this data under their API data usage policy and does not use API data to train their models by default.
- Tawk.to (USA) — If you use the live chat widget, your chat messages and optionally your name/email are processed by Tawk.to.
- Google (USA) — If you use Google OAuth login, authentication is handled by Google's identity services.
- Hosting / infrastructure providers — Our servers and database are hosted with a cloud provider. They access data only to provide infrastructure services and are bound by data processing agreements.
- Legal requirements — We may disclose data if required by Kenyan law or a valid court order.
6. Third-Party Services
The following third-party services are integrated into KUCCPSS. Each has its own privacy policy:
| Service | Purpose | Privacy Policy |
|---|---|---|
| Google OAuth | Sign-in with Google | policies.google.com/privacy |
| OpenAI API | Career engine AI & OCR | openai.com/policies/privacy-policy |
| Tawk.to | Live chat support widget | tawk.to/privacy-policy |
| Bootstrap CDN / jsDelivr | UI framework delivery | jsdelivr.com privacy policy |
| Google Fonts | Web fonts | policies.google.com/privacy |
7. Cookies & Local Storage
We use the following cookies and browser storage:
| Name | Type | Purpose | Duration |
|---|---|---|---|
| sessionid | Essential | Keeps you logged in during a session | Browser session |
| csrftoken | Essential | Protects against cross-site request forgery | 1 year |
| remember_token | Functional | "Remember me" — persistent login | 72 hours |
| dark_mode | Functional | Saves your dark/light mode preference | Persistent (localStorage) |
| Tawk.to cookies | Third-party | Live chat session | Session / persistent |
We do not use advertising cookies or tracking cookies for marketing purposes. You can disable cookies in your browser settings, but some features (login, CSRF protection) require essential cookies to function.
8. How Long We Keep Your Data
- Account data — kept for as long as your account is active. Deleted within 30 days of account deletion request.
- KCSE grades / cluster results — kept linked to your account until you delete them or your account is deleted.
- Uploaded result slip images (OCR) — sent to OpenAI for processing and not stored on our servers after the OCR result is returned.
- Career Engine snapshots — kept linked to your account; overwritten each time you re-run the engine for the same pathway.
- Server logs — retained for up to 90 days for security and debugging purposes, then deleted.
- Chat transcripts (Tawk.to) — retained by Tawk.to per their policy.
9. Your Rights
You have the following rights regarding your personal data:
- Access — You can view the personal information we hold about you by visiting your Profile page.
- Correction — You can update your name, county, KCSE year, and other profile details at any time.
- Deletion — You can request deletion of your account and all associated data by emailing info@kuccpss.co.ke. We will process deletion requests within 30 days.
- Data portability — You can request a copy of your personal data in a readable format by emailing us.
- Withdraw consent — You can stop using optional features (e.g. OCR upload, career engine) at any time. This does not affect data already processed.
- Object to processing — You may object to certain processing activities by contacting us.
To exercise any of these rights, email us at info@kuccpss.co.ke. We will respond within 14 days.
10. Children's Privacy
KUCCPSS is designed for KCSE graduates, who are typically 17 years of age and older. We do not knowingly collect personal data from children under 13 years of age.
If you are a parent or guardian and believe your child under 13 has created an account on KUCCPSS, please contact us at info@kuccpss.co.ke and we will delete the account promptly.
Students aged 13–17 should have a parent or guardian's awareness before creating an account, though they may use the calculator and course browsing features without an account.
11. Security
We take reasonable technical and organisational measures to protect your data, including:
- Passwords are hashed using Django's PBKDF2 algorithm — we never store plain-text passwords
- All connections to our site use HTTPS (TLS encryption)
- CSRF protection on all forms
- Rate limiting on login and registration to prevent brute-force attacks
- Session tokens are stored in HttpOnly cookies
- Database access is restricted to the application server only
No system is completely secure. If you believe your account has been compromised, change your password immediately and contact us at info@kuccpss.co.ke.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where the changes are significant, notify registered users by email or via an in-app notification.
Continued use of KUCCPSS after changes are published constitutes acceptance of the updated policy. We encourage you to review this page periodically.
13. Contact Us
For any questions, requests, or concerns about this Privacy Policy or how we handle your data:
You also have the right to lodge a complaint with Kenya's Office of the Data Protection Commissioner (ODPC) at odpc.go.ke if you believe your data has been mishandled.