Skip to content
  • There are no suggestions because the search field is empty.

Privacy Policy FAQ Assessment & Development Recommendation

FAQ Assessment - Privacy Policy

Should These Three FAQs Be Developed?

Yes — all three FAQs referenced at the end of the Privacy Policy should be developed. The assessment below explains why each is warranted and what it should accomplish.

Overall Rationale

The Privacy Policy is thorough and legally rigorous, but it serves a broad audience and necessarily uses formal language. FAQs translate that formality into plain-language, audience-specific guidance. Given that uConnect handles sensitive student data — including affinity group memberships that may reveal protected characteristics — the stakes of misunderstanding are high. Three distinct audiences have genuinely different questions, concerns, and decision-making contexts:

  • Students: concerned about what their university can actually see, how voluntary data is used, and how to exercise their rights
  • University Partners: responsible for compliance, institutional liability, and reporting to institutional leadership
  • Career Center Professionals: the day-to-day administrators of the platform who need operational guidance on data access and best practices

A single FAQ would fail all three groups. The three-FAQ structure is the right approach.

Individual FAQ Assessments

Student Privacy FAQ — Strongly Recommended

The policy's affinity group privacy notice is among the most consequential disclosures in the document — students need to understand that university staff can see sensitive identity information before they join a group, not after. The existing policy states this clearly, but a student-facing FAQ allows for fuller explanation, concrete examples, and empathetic framing. Students are also the most legally protected population under FERPA and state laws, making clear communication of their rights essential.

University Partner Privacy FAQ — Strongly Recommended

University partners are contractually responsible for how student data is governed on their campuses. They need clarity on the Data Processing Agreement, their obligations as data controllers, how to respond to student rights requests, and what happens during a breach. This FAQ also reduces inbound support volume for uConnect's client-facing team by answering predictable institutional questions proactively.

Career Center Professional FAQ — Strongly Recommended

Career counselors are the human layer between the platform and students. They access sensitive data in the course of advising — including which students are in which affinity groups — and need clear operational guidance on appropriate use. Without this FAQ, well-meaning staff may inadvertently misuse data or fail to advise students appropriately about privacy choices. This is the most operationally important of the three FAQs.

Draft versions of all three FAQs follow. These are designed for review and revision by uConnect's legal, privacy, and client success teams before publication.

Student Privacy FAQ

This FAQ answers common questions about how uConnect handles your personal information. For the full details, see the uConnect Privacy Policy.

The Basics

Q: What is uConnect, and why does it have my information?

uConnect is the career services platform your university uses to provide career exploration resources, counseling, and job search support. Your university — not uConnect — is the primary owner and controller of your data. uConnect operates the technology on your university's behalf, similar to how a university might use a third-party learning management system for coursework.

Q: Does uConnect sell my data?

No. uConnect does not sell student data and has committed to never doing so. uConnect's business model is based on providing services to universities, not on monetizing student information. This commitment applies regardless of what state you live in.

Q: Who can actually see my information?

Two parties can access your data:

  • Your university career center: All information you enter into the platform — including your profile, career searches, saved resources, and affinity group memberships — is visible to university career center staff.
  • uConnect staff: uConnect employees may access data for technical support, security monitoring, and platform improvement, subject to strict access controls and confidentiality obligations.

uConnect does not share your individual information with employers, advertisers, or any third party outside of these relationships.

Affinity Groups — Read This Carefully

Q: What are affinity groups, and why do they matter for my privacy?

Affinity groups are optional communities within the platform (such as Women in STEM, LGBTQ+ Professionals, or Students with Disabilities) that connect you to identity-specific career resources and opportunities.

Important: Joining an affinity group may reveal sensitive personal information — such as your sexual orientation, gender identity, disability status, or veteran status — to your university career center. Your university can see which affinity groups you belong to.

Affinity group membership is entirely voluntary and has no effect on your access to the platform's core features.


Q: If I leave an affinity group, does my university forget I was a member?

No. Leaving an affinity group removes your active membership, but your university may retain historical records showing you were previously a member. This is important to understand before joining: once you join a group, your university's knowledge of that membership may persist even if you leave.

If you are concerned about this, you have two options:

  • Submit a data deletion request through your university career center or directly to uConnect at security@gouconnect.com. Note that deletion of this specific data may not be possible if it is part of a broader education record your university is required to retain.
  • Contact your institution's FERPA officer to understand your rights regarding amendment or restriction of education records.

We recommend thinking carefully before joining any affinity group that reflects information about your identity you would prefer to keep private from your university.

Q: Can I use the platform without joining any affinity groups?

Yes. Affinity groups are optional. All core career exploration features — job search resources, career counseling, event listings, and employer connections — are available without joining any affinity group.

Your Rights

Q: What rights do I have over my own data?

Under FERPA and applicable state privacy laws, you have the right to:

  • Access: Request a copy of the personal information collected about you
  • Correction: Ask us to fix inaccurate or incomplete information
  • Deletion: Request that your data be deleted (note: deletion results in loss of platform access)
  • Data Portability: If you live in California, Colorado, Connecticut, Virginia, or other states with comprehensive privacy laws, you may request your data in a portable format

Q: How do I make a data request?

There are two paths:

  • Recommended: Contact your university career center. Because your university is the controller of your education records, they can process requests most efficiently and comprehensively.
  • Alternative: Email uConnect directly at security@gouconnect.com. uConnect will coordinate with your university before taking action. Expect a response within 10 business days and resolution within 45 days for access requests.

Q: What happens to my data after I graduate?

Your data remains stored in the uConnect platform after you graduate. uConnect does not automatically delete or archive student data upon graduation. Data is retained for as long as your university maintains an active subscription with uConnect and does not explicitly request deletion.

There are two situations in which your data may be removed after graduation:

  • SIS Integration: If your university uses a Student Information System (SIS) integration with uConnect and configures it to remove or deactivate users upon graduation or departure, your account may be deactivated or deleted through that process.
  • Explicit Deletion Request: Your university may submit a data deletion request to uConnect on your behalf, or you may submit one directly to uConnect at privacy@gouconnect.com.

If you would like your data deleted after graduating, we recommend contacting your university's career center or submitting a request directly to uConnect.

Q: I've graduated — how do I access or delete my data?

Your rights to access, correct, and delete your data continue after graduation. Because your university-issued email may no longer be active, contact uConnect directly at security@gouconnect.com using your personal email. Include your full name, the university you attended, your graduation year, and a brief description of your request. uConnect will verify your identity and coordinate with your former institution before taking action. Expect a response within 10 business days.

Q: I live in a state not listed in the Privacy Policy. Do I still have rights?

Yes. uConnect complies with privacy laws in all states where they apply, not just the states listed in the policy. As of 2026, more than 20 states have enacted comprehensive privacy or student data privacy laws. Regardless of where you live, uConnect honors the core rights described in this FAQ. Contact privacy@gouconnect.com to ask about rights specific to your state.

Technical & Security Questions

Q: Does uConnect track me on other websites?

No. uConnect does not track you across other websites. Within the platform, uConnect records which resources and links you access (to understand which content is most useful to students). When you click an external link, uConnect records that you clicked away, but does not follow your activity on external sites.


Q: What cookies does uConnect use?

uConnect uses cookies to:

  • Keep you logged in during a session
  • Remember your preferences
  • Analyze platform usage to improve features

You can control cookies through your browser settings. Disabling cookies may affect some platform functionality, including staying logged in.

Q: How is my data protected?

uConnect implements multiple layers of security:

  • Encryption in transit (TLS/SSL) and at rest
  • Role-based access controls limiting who can see what data
  • Regular security audits and vulnerability testing
  • Mandatory employee privacy and security training
  • Continuous monitoring for unauthorized access

uConnect is certified under the Texas Risk and Authorization Management Program (TX-RAMP) and has completed the HECVAT assessment used by higher education institutions.

Q: Who can I contact with privacy questions?

Contact uConnect's Privacy Officer at security@gouconnect.com. uConnect responds to all inquiries within 10 business days. You may also contact your university's career center or institutional privacy/FERPA officer.

Q: Where is my data actually stored?

Your data is stored and transmitted through two primary infrastructure providers:

  • MongoDB Atlas: uConnect uses MongoDB Atlas as its cloud database platform. Your profile, career activity, search history, affinity group memberships, and employment outcomes data are stored in MongoDB Atlas on US-based servers.
  • Amazon Web Services (AWS): uConnect's platform infrastructure runs on AWS. Student data is stored and transmitted through AWS services in US-based regions.

Both MongoDB and AWS are listed as subprocessors in uConnect's Privacy Policy and are bound by data processing agreements that prohibit use of student data for any purpose other than providing the platform service. Data is not transferred outside the United States as part of normal platform operations.

AI Search and Data Processing

Q: Does AI Search use my personal information?

When you use AI Search, your search query is transmitted to two third-party providers: Anthropic's Claude API to generate results, and Langfuse, an AI observability platform that monitors the quality and reliability of the AI Search feature. Langfuse receives your first and last name, an internal uConnect user ID, your search query, and the AI-generated response for monitoring purposes. Your email address is not transmitted to Langfuse. Anthropic receives query content only and does not receive your name or any other direct identifier. Both providers are prohibited from using this data for any purpose other than providing their respective services to uConnect, and neither may use it for AI model training or commercial purposes.

Q: Is my AI Search history stored?

Your AI Search queries are logged within the uConnect platform as part of your platform activity data. At this time, this activity is not surfaced in the career center staff view, though this may change in a future release. Query data transmitted to Anthropic and Langfuse is not retained by those providers beyond what is necessary to complete your request and perform quality monitoring.

University Partner Privacy FAQ

This FAQ is intended for university administrators, legal counsel, and privacy/compliance officers. It addresses how uConnect handles student data in the context of your institution's legal obligations and your partnership with uConnect.

Data Governance & Legal Framework

Q: How is data ownership and responsibility divided between uConnect and your university?

Under FERPA and applicable state privacy laws:

  • Your university is the data controller: Your university owns and is ultimately responsible for student education records, including data entered into the uConnect platform. They control what data is collected and how it is used.
  • uConnect is the data processor/service provider: uConnect processes student data solely as directed by your university, under the terms of your Data Processing Agreement (DPA). uConnect does not use student data for its own business purposes.

Both parties share responsibility for implementing appropriate security and privacy safeguards.

Q: What is in the Data Processing Agreement, and where can I find it?

The DPA governs uConnect's obligations as your data processor. It addresses data access limitations, security requirements, breach notification timelines, subprocessor oversight, data deletion procedures, and compliance with applicable state and federal laws. Contact your University legal department to obtain a copy or to request a review of specific provisions.

Q: Does our university's use of uConnect comply with FERPA?

Yes. uConnect operates as a 'school official with legitimate educational interest' under FERPA, which permits sharing education records with service providers without additional student consent. uConnect processes student data only for the purpose of providing career services on your behalf and is contractually prohibited from using that data for any other purpose. Your institution maintains ultimate responsibility for ensuring that its use of the platform is consistent with its FERPA obligations.

Q: Which state student data privacy laws does uConnect comply with?

uConnect complies with student data privacy laws in all states where it operates, including the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA), New Jersey's Student Data Privacy Law, and other applicable state regulations. uConnect monitors legislative developments and updates its compliance program accordingly. For questions about a specific state, contact uConnect's Privacy Officer at security@gouconnect.com.

Q: Our institution serves dual-enrollment or other minor students. What are our obligations?

Universities that provide uConnect access to students under 18 are responsible for obtaining any required parental or guardian consent prior to granting platform access, consistent with FERPA, COPPA (for students under 13), and applicable state laws. uConnect does not knowingly collect data from children under 13 without appropriate institutional consent mechanisms in place. If your institution serves a significant population of minors, contact uConnect at security@gouconnect.com to discuss appropriate platform configuration and data handling.

Data Access & Use

Q: What student data does uConnect collect on our behalf?

uConnect collects the following categories of data on behalf of your university:

  • Personal identification information: name, university-issued email, academic program, major, class year, and other information your institution provides
  • Affinity group memberships (voluntary, but may reveal sensitive identity information)
  • Platform usage and career search data: login activity, resources accessed, searches, saved content
  • Technical information: IP address, browser type, device information, cookies
  • Employment outcomes data (voluntary, or provided by your institution on students' behalf)

uConnect collects only information necessary for platform services. Your University’s DPA specifies the specific data elements and services applicable to your institution.

Q: Can uConnect use our students' data for research or to improve the platform?

uConnect may use de-identified and aggregated data for cross-university research, benchmarking, and platform improvement. This data has all personally identifiable information removed and cannot be used to identify individual students. uConnect does not use identifiable student data for its own research or marketing purposes.

Q: Does uConnect's use of Google Analytics constitute a "sale" or "sharing" of student data under CCPA/CPRA?

No. uConnect configures Google Analytics with IP anonymization enabled and all advertising and data-sharing features disabled. As configured, uConnect has determined that its use of Google Analytics does not constitute a "sale" or "sharing" of personal information under CCPA/CPRA. If your institution requires documentation of this configuration for compliance purposes, contact your uConnect account representative.

Q: What third parties does uConnect share student data with?

uConnect does not sell or share student data with third parties for marketing or commercial purposes. uConnect engages the following subprocessors with access to student data:

  • Pagely, Inc. — managed WordPress hosting (hosts platform infrastructure; runs on AWS infrastructure, listed separately)
  • Google LLC (BigQuery) — data warehouse and analytics
  • Google LLC (Google Analytics) — web analytics and performance monitoring, configured with advertising features disabled
  • SendGrid — email communications
  • MongoDB, Inc. (MongoDB Atlas) — cloud database platform storing student profiles, activity, affinity group memberships, and outcomes data on US-based servers
  • Amazon Web Services, Inc. (AWS) — cloud infrastructure provider for data storage and transmission underlying the platform; US-based regions only
  • Anthropic, PBC (Claude API) — AI language model provider used for the AI Search feature; query data only, no direct student identifiers transmitted; prohibited from using data for model training
  • Langfuse (Finto Technologies, Inc.) — AI observability and monitoring platform used to measure and monitor AI Search quality and system reliability; receives student first and last name, internal uConnect user IDs, query data, and model inputs/outputs for performance monitoring purposes; email addresses are not transmitted; prohibited from using data for any purpose other than platform monitoring

uConnect maintains a current subprocessor list and will notify university partners at least 30 days before adding any new subprocessor with access to student data. You have the right to object to new subprocessors under the terms of your DPA. A full subprocessor list with data access levels is available upon request from your account representative.

Q: Where is student data physically stored, and does it ever leave the United States?

Student data is stored and transmitted within the United States through two primary infrastructure providers:

  • MongoDB Atlas stores application data (profiles, activity, affinity group memberships, outcomes) in US-based clusters.
  • Amazon Web Services (AWS) provides the underlying cloud infrastructure for the platform in US-based regions.

Data is not transferred outside the United States as part of normal platform operations. Both providers are bound by Data Processing Agreements with uConnect that require US-based data residency. If your institution has specific data residency requirements — such as state laws requiring in-state storage — contact your uConnect account representative to discuss your configuration.

Student Rights & Institutional Response

Q: What should we do if a student submits a FERPA or state law data request?

uConnect recommends that institutions designate a primary contact for data requests (typically the registrar, FERPA officer, or career center director). When a student submits a request:

  • Your institution should process the request in accordance with FERPA and applicable state law timelines
  • If the request requires action on data within uConnect's systems, contact uConnect at security@gouconnect.com with your institution's authorization
  • uConnect will coordinate with your institution to execute approved actions (access, correction, or deletion)

uConnect will not take action on direct student requests without coordinating with your institution, except where required by law.

Q: What are our students' rights under the Privacy Policy?

Students have the following rights, exercisable through your institution:

  • Right to Access: Receive a copy of their personal information within 45 days
  • Right to Correction: Have inaccurate information corrected within 30 days
  • Right to Deletion: Request deletion of personal information (results in loss of platform access)
  • Right to Manage Affinity Group Membership: Join or leave groups at any time
  • Right to Data Portability: Applicable in California, Colorado, Connecticut, Virginia, and other states with comprehensive privacy laws

Security & Breach Response

Q: What security certifications does uConnect hold?

uConnect maintains the following certifications and assessments:

  • TX-RAMP Certification: Texas Risk and Authorization Management Program, demonstrating compliance with rigorous state cloud security standards
  • HECVAT Completion: The Higher Education Community Vendor Assessment Toolkit is available to university partners upon request

uConnect also implements encryption (in transit and at rest), role-based access controls, regular security audits, continuous monitoring, and mandatory employee training.

Q: What is uConnect's process if there is a data breach?

In the event of a confirmed breach involving student personal information, uConnect will notify affected university partners within 72 hours of discovering the breach, or as required by applicable law, whichever is sooner. Notification will include the nature of the breach, categories of data affected, approximate number of students impacted, and the steps uConnect is taking to contain and remediate the incident. Your institution may have independent breach notification obligations under state law and FERPA — uConnect's notification to you starts the clock on those obligations. Contact security@gouconnect.com immediately for breach-related matters.

Q: What happens to student data when our contract with uConnect ends?

Note on active subscription data retention: uConnect does not automatically delete or archive student data upon a student's graduation or departure while your institution's subscription is active. Student data persists in the platform until your institution explicitly requests deletion, configures a SIS integration to remove users, or your contract with uConnect ends. If your institution has specific data retention requirements for post-graduation data — such as annual cohort purges — please contact your uConnect account representative to discuss implementation options.

Upon contract termination with a University, uConnect will securely archive all student data associated with your institution following your data retention policies and procedures. The specific timeline and process will be governed by your university DPA. Contact your uConnect account representative to initiate the offboarding process.

Q: Who is our primary point of contact at uConnect for privacy questions?

For contract and DPA questions, contact your uConnect account representative. For privacy compliance questions, contact the Privacy Officer at security@gouconnect.com. For security incidents, contact security@gouconnect.com. uConnect responds to all inquiries within 10 business days.

Q: What security standards do MongoDB and AWS comply with?

Both subprocessors maintain industry-leading security certifications relevant to higher education data:

  • AWS holds SOC 1/2/3, ISO 27001, FedRAMP, and numerous other certifications. AWS's infrastructure is also covered under its FERPA-compliant Data Processing Addendum.
  • MongoDB Atlas holds SOC 2 Type 2, ISO 27001, and is covered under MongoDB's Data Processing Agreement.

Certification documentation for both providers is available upon request and can be provided to your institution's security or procurement team as part of a vendor review.

AI Search & Data Processing 

Q: How does the AI Search feature affect our FERPA obligations and data processing agreement?

When students use AI Search, query data is transmitted to Anthropic's Claude API for processing. Anthropic operates as a subprocessor under a Data Processing Agreement with uConnect that prohibits use of student data for model training or any purpose beyond fulfilling the search request. uConnect does not transmit student names, email addresses, or other direct identifiers to the AI processing layer unless directly included in the student's query.

Under FERPA, uConnect's engagement of Anthropic as a subprocessor is permissible under the "school official with legitimate educational interest" exception, as Anthropic processes data solely on behalf of uConnect in support of your institution's career services. Your institution's existing DPA with uConnect covers this arrangement. If you require a specific addendum addressing AI Search data flows, contact your uConnect account representative.

Q: Does Anthropic use our students' data to train its AI models?

No. uConnect's agreement with Anthropic prohibits the use of student data for model training or any commercial purpose beyond processing the immediate query. This commitment is reflected in uConnect's subprocessor agreement with Anthropic and is consistent with Anthropic's enterprise data handling terms.

Career Center Professional FAQ

This FAQ is for career counselors, advisors, and career center staff who use uConnect to support students. It provides practical guidance on appropriate data access, sensitive data handling, and how to advise students on their privacy choices.

Your Role & Data Access

Q: What student data can career center staff access through uConnect?

As authorized university staff, you can access:

  • Student profile information: name, email, major, class year, academic program
  • Affinity group memberships — including groups that may reveal sensitive identity information
  • Platform activity: career searches, resources accessed, saved jobs and bookmarks, login frequency
  • Employment outcomes data students have submitted or that your institution has entered

Reminder: Access to student data should be limited to what is necessary for providing career services. Review your institution's data access policies and uConnect's role-based access controls to ensure your permissions are appropriately scoped.

Q: I can see which affinity groups a student belongs to. What are the rules around using that information?

Affinity group membership can reveal sensitive information about a student's identity — including sexual orientation, gender identity, disability status, or veteran status. This information is subject to heightened privacy protections. Appropriate uses include:

  • Connecting students with relevant opportunities, resources, or programs they may not know about
  • Ensuring students from underrepresented groups have equitable access to career services

Inappropriate uses include:

  • Sharing affinity group membership with employers, colleagues without a need to know, or any third party
  • Making assumptions about a student's identity, qualifications, or preferences based solely on affinity group membership
  • Referencing a student's affinity group membership in advising conversations without the student having raised it first

Misuse of affinity group data — including sharing it with employers, colleagues without a need to know, or using it in ways that could disadvantage a student — may violate FERPA, applicable state privacy laws, and your institution's anti-discrimination policies. If you are uncertain whether a particular use of affinity group data is appropriate, consult your institution's FERPA officer or legal counsel before proceeding. Report any suspected misuse of student data to your institution's privacy officer and to uConnect at security@gouconnect.com.

Best Practice: Treat affinity group membership with the same discretion you would apply to any sensitive personal characteristic. When in doubt, do not reference it unless the student raises it themselves.

Q: Can I share a student's platform data with an employer?

No. uConnect data should not be shared with employers without the student's explicit consent. This includes career search history, affinity group memberships, platform activity, and employment outcomes. If an employer requests information about a student, refer the employer to the student directly and advise the student of their right to control what information they share.

Advising Students on Privacy

Q: How should I explain affinity groups to students who ask about the privacy implications?

Be direct and clear. Students deserve to make an informed choice. A suggested approach:

'Affinity groups are optional and don't affect your access to any core features on the platform. If you join a group, it helps us connect you with relevant resources — but our career center staff will be able to see which groups you've joined. Some groups may reflect sensitive aspects of your identity, so please only join groups you're comfortable with us seeing.'

Do not minimize the disclosure or suggest the information is completely confidential within the career center — it is not.

Q: A student is concerned about what their university can see. How should I respond?

Validate the concern — it is legitimate. Explain clearly:

  • As university career center staff, you have access to their profile, activity, affinity group memberships, and any outcomes data they've submitted
  • This access is governed by FERPA, which allows university officials with legitimate educational interest to access student records
  • uConnect does not share their data with employers, advertisers, or outside parties without consent
  • If they have specific concerns, they can contact the career center (you), uConnect directly at security@gouconnect.com, or their institution's FERPA officer

Q: A student wants to delete their data. What should I tell them?

Students have the right to request deletion of their personal information. Walk them through the process:

  • They should submit a request through the career center (the recommended path, as your institution coordinates with uConnect)
  • The process typically takes up to 45 days

If your institution has a FERPA officer or privacy office, loop them in for formal deletion requests.

Q: A student asks if their job search history is truly private from employers. What do I say?

Yes — career search history within the platform is not shared with employers. Employers cannot see which students have viewed their listings or searched for positions at their company. Only university career center staff and uConnect (for technical purposes) can see platform activity. Students should still exercise caution on external employer websites they access through links in the platform, as those sites have their own privacy policies.

Operational Questions

Q: How should I handle a student's request to see their own data?

Your institution is the recommended first point of contact for data access requests. Steps:

  • If your career center has administrative access to export student data, you can fulfill the request directly
  • For requests you cannot fulfill, contact uConnect at security@gouconnect.com with your institution's authorization
  • uConnect will provide the student's data within 45 days of a verified request

Check with your institution's FERPA officer or privacy office to ensure your handling of the request is consistent with institutional policy.

Q: Can I use student platform data to identify at-risk students for outreach?

Before using platform data for proactive outreach, confirm with your institution's FERPA officer that your intended use falls within the "legitimate educational interest" exception. Document the basis for your outreach in case the student or a third party later questions how you obtained the information that prompted your contact. If your institution has a formal early alert or student success system, consider whether platform data should be funneled through that system rather than acted on informally.

Q: What should I do if I suspect a data breach or unauthorized access?

Report it immediately through the following channels:

  • Contact uConnect at security@gouconnect.com right away
  • Notify your institution's IT security or privacy officer
  • Do not attempt to investigate the breach yourself or access additional data to 'check' the scope

uConnect has documented incident response procedures and will coordinate with your institution. Your institution may also have breach notification obligations under FERPA and state law.

Q: Who do I contact at uConnect for privacy or data questions?

For career center operational questions, contact your uConnect client success representative.

For security or privacy questions: security@gouconnect.com

uConnect responds to all inquiries within 10 business days.

Q: Should I keep records of student data requests I receive?

Yes. Maintain a log of any student data access, correction, or deletion requests you receive, including the date, the student's name, the nature of the request, and what action was taken. This documentation protects your institution in the event of a compliance audit or legal challenge. Share the log with your institution's FERPA officer or privacy office as required by your institution's records management policy.


AI Search — What Staff Need to Know

Q: Can I see what a student searched for using AI Search?

Not in the current version of the platform. The ability for career center staff to view individual student AI Search queries is a capability that may be made available in a future release. At this time, AI Search activity is not surfaced as part of the student activity view accessible to staff. We will update this FAQ as additional AI Search functionality becomes available.

Q: Should I tell students that their AI Search queries are visible to career center staff?

Not in the current version of the platform. If a student asks whether their AI Search activity is visible to career center staff, you can let them know that AI Search queries are not currently surfaced as part of the student activity view accessible to staff. The ability for career center staff to view individual AI Search queries may be made available in a future release, at which point this guidance will be updated.

What you can tell students now: their AI Search queries are transmitted to third-party service providers (Anthropic for processing and Langfuse for quality monitoring) as described in the Student Privacy FAQ and Privacy Policy. You may refer students to those resources if they have questions about how their data is handled.

Q: A student is worried about what they searched for using AI Search. How should I handle it?

Reassure the student that their search history is not shared with employers or any outside party. If the student wants their search history deleted, walk them through the data deletion request process. Treat any sensitive search topics (e.g., searches related to disability accommodations, mental health careers, or LGBTQ+ resources) with the same discretion you would apply to affinity group membership.

Q: If AI Search gives a student a career recommendation, should I treat it as authoritative?

No. AI Search recommendations are informational tools, not authoritative assessments of a student's qualifications or career fit. When referencing AI Search outputs in an advising context, treat them as a starting point for conversation — not as a definitive assessment. Students have the right to understand how automated recommendations are generated and to disregard them. If a student questions a recommendation, encourage them to explore additional resources and to raise any concerns with you directly.