Legal

Privacy Policy

Effective Date: February 23, 2026·Last Updated: February 23, 2026

SELT, Inc. ("SELT," "we," "our," or "us") operates the SELT platform — a verified campus marketplace accessible at seltapp.com and through licensed campus instances (collectively, the "Platform"). This Privacy Policy explains how we collect, use, store, and disclose information when you access or use the Platform.

By accessing the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, do not access or use the Platform.

Note for Institutional Partners: If your institution has entered into a Data Processing Agreement ("DPA") with SELT, that agreement governs to the extent it conflicts with this Privacy Policy.

1. Overview

SELT is a business-to-institution ("B2I") Software-as-a-Service platform. We do not sell to students directly. Students access SELT through an institutional license held by their university or college (each, an "Institution"). Your Institution has contracted with us to provide a verified marketplace service for its enrolled students.

This structure means that privacy protections flow through two relationships: (1) our relationship with your Institution, governed by our institutional agreement and any applicable Data Processing Agreement, and (2) your direct relationship with the Platform, governed by this Privacy Policy.

Core Privacy Commitments
  • We do not sell student data. Ever. Under any circumstances.
  • We do not use student data for advertising targeting. The Platform is ad-free.
  • We collect only what is necessary to provide verified marketplace services.
  • We do not retain FERPA-protected educational records. Authentication is the extent of our institutional data use.

2. Information We Collect

2.1 Information Provided Through Institutional SSO

To access the Platform, students authenticate through their Institution's Single Sign-On ("SSO") identity provider. SELT receives a limited authentication payload from your Institution's identity provider, which may include:

  • A unique persistent identifier assigned by your Institution (not your student ID number)
  • Your institutional email address (for in-Platform communication only)
  • A basic affiliation assertion confirming active enrollment status
  • Your display name, if your Institution's IdP configuration includes it

SELT does not receive, access, or process grades, GPA, financial aid records, disciplinary history, class schedules, housing records, or any other educational record protected by FERPA through the SSO process. Your Institution controls what is transmitted in the authentication payload.

2.2 Information You Provide Directly

When using the Platform, you may provide:

  • Listing content: Photographs, descriptions, pricing, and category selections for items you list for sale
  • Transaction communications: Messages exchanged with other users within the Platform's in-app messaging system
  • Dispute submissions: Written descriptions, supporting evidence, and communications submitted in connection with a formal dispute
  • Profile information: Optional display name and profile photograph

2.3 Information Collected Automatically

When you access the Platform, we automatically collect certain technical information, including:

  • IP address (truncated to the subnet level for analytics; full IP retained for security purposes for 30 days)
  • Device type, operating system, and browser type and version
  • Pages accessed and features used within the Platform
  • Timestamps and session duration
  • Referring URLs (if applicable)

We do not use third-party advertising trackers, social media pixels, or behavioral profiling cookies. Our analytics are first-party and aggregate by default.

2.4 Information From Your Institution

Your Institution may provide SELT with additional information in connection with administering institutional agreements, including contact information for administrative liaisons and technical integration personnel. This information is used solely for account administration and support, and is not associated with student profiles.

3. How We Use Information

We use the information we collect for the following purposes, each of which represents a legitimate basis under applicable law:

PurposeLegal BasisInformation Used
Verifying enrollment and authenticating usersPerformance of contract; Institutional agreementSSO payload; institutional identifier
Facilitating marketplace transactionsPerformance of contractListing content; messaging; profile
Resolving disputes through Student ConductLegitimate interest; Institutional agreementDispute submissions; transaction history; communications
Platform security and fraud preventionLegitimate interestIP address; device data; usage patterns
Aggregate analytics for institutional reportingLegitimate interest; Institutional agreementAnonymized/aggregated usage data
Legal compliance and record-keepingLegal obligationAs required by applicable law
Platform improvement and developmentLegitimate interestAnonymized/aggregated usage data

We do not use your information for automated individual decision-making with legal or similarly significant effects, for behavioral advertising, for resale to data brokers, or for any purpose not described in this section.

4. Disclosure of Information

SELT does not sell, rent, or trade user information. We disclose information only in the following circumstances:

4.1 Your Institution

When a dispute is formally escalated on the Platform, SELT transmits a structured dispute report to your Institution's designated Student Conduct office. This report contains the verified identities of the parties, the transaction record, and the communication history directly relevant to the dispute. This transmission is made pursuant to the institutional agreement and is the primary mechanism through which SELT enforces its verification and accountability model.

Your Institution may also receive aggregated, de-identified analytics reports about campus usage, dispute volumes, and Platform activity. These reports contain no personally identifiable information.

4.2 Service Providers

We engage third-party service providers to support Platform operations. These providers are contractually prohibited from using your information for any purpose beyond the services they provide to us, and are required to maintain appropriate security measures. Current categories of service providers include:

  • Cloud infrastructure and hosting (data stored in the United States)
  • Transactional email delivery (for system notifications only)
  • Security monitoring and threat detection

We do not engage marketing technology, advertising, or behavioral analytics service providers.

4.3 Legal Requirements

We may disclose information when required to do so by law, court order, subpoena, or governmental authority. We will provide notice to the affected user to the extent permitted by law before making any such disclosure, unless disclosure is required to be made without notice.

4.4 Safety and Security

We may disclose information where we have a good-faith belief that disclosure is necessary to prevent imminent physical harm to any person, investigate suspected fraud or illegal activity, or protect the rights, property, or safety of SELT, our users, or the public.

4.5 Business Transfers

In the event of a merger, acquisition, financing, or sale of assets, user information may be transferred as part of that transaction. We will notify affected users and institutions prior to any such transfer and will require the acquiring entity to honor the terms of this Privacy Policy.

5. Data Retention

We retain information for the minimum period necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law or an institutional agreement.

Data TypeRetention PeriodBasis
Active user account dataDuration of enrollment + 90 daysOperational necessity
Listing content (active)Until removed by user or 180 days from creationOperational necessity
Transaction history3 years from transaction dateDispute resolution; legal compliance
Dispute records5 years from resolution dateLegal compliance; institutional reporting
Security logs (IP, access)90 daysSecurity monitoring
Aggregate analyticsIndefinite (no PII)Platform improvement

Upon termination of an institutional agreement, SELT will delete or return all student data within 30 days of the termination date, unless retention is required by applicable law.

6. Security

SELT implements administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. Our security program includes:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest using AES-256 or equivalent
  • Role-based access controls limiting internal access to information on a need-to-know basis
  • Regular security assessments and penetration testing
  • Incident response procedures with defined notification timelines

In the event of a data breach that creates a risk to your rights and freedoms, SELT will notify affected users and institutions within 72 hours of becoming aware of the breach, to the extent required by applicable law. Notification will include a description of the nature of the breach, the categories of data affected, likely consequences, and measures we are taking or propose to take.

No security system is impenetrable. We cannot guarantee the security of any information you transmit to us. If you believe your account has been compromised, contact us immediately at security@seltapp.com.

7. FERPA & Student Educational Records

The Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C. § 1232g, protects the privacy of student education records held by educational institutions that receive federal funding. SELT is designed to comply with FERPA in the following ways:

7.1 School Official Designation

Where an institutional agreement designates SELT as a "school official" with a "legitimate educational interest" under 34 C.F.R. § 99.31(a)(1), SELT acts within the scope of that designation. We use educational records only for the purposes specified in the institutional agreement and this Privacy Policy, and do not re-disclose educational records to third parties without appropriate authorization.

7.2 What SELT Does Not Access

SELT's SSO integration is configured to receive only the minimum authentication payload necessary to verify enrollment. We do not request, receive, or store: grades or GPA; financial aid records; disciplinary history (other than what arises from SELT disputes); class schedules, transcripts, or degree requirements; medical or disability records; or immigration records.

7.3 Dispute Records and FERPA

Records generated within SELT in connection with a formal dispute — including the dispute report transmitted to your Institution's Student Conduct office — may become part of your institution's educational records once received by the institution. Once those records are in your institution's custody, your institution's FERPA obligations govern. You have the right to request access to and correction of your educational records through your institution pursuant to FERPA.

7.4 California SOPIPA Compliance

SELT complies with California's Student Online Personal Information Protection Act ("SOPIPA"). We do not use student information to engage in targeted advertising, do not build individual student profiles for non-educational purposes, and do not sell student information. These restrictions apply to all users regardless of their state of residence.

8. Your Privacy Rights

Depending on your jurisdiction and how you access the Platform, you may have the following rights:

8.1 Rights Available to All Users

  • Access: Request a copy of the personal information SELT holds about you.
  • Correction: Request correction of inaccurate information.
  • Deletion: Request deletion of your personal information, subject to legal and institutional agreement obligations.
  • Objection: Object to processing of your information in certain circumstances.
  • Portability: Request your information in a structured, machine-readable format.

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information is collected, the right to delete, the right to correct, and the right to opt out of the sale or sharing of personal information. SELT does not sell or share personal information within the meaning of the CCPA/CPRA.

To exercise your California rights, submit a request to privacy@seltapp.com. We will respond within 45 days of receipt of a verifiable consumer request.

8.3 EU/EEA/UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area or United Kingdom, you have rights under the General Data Protection Regulation or UK GDPR, including rights of access, rectification, erasure, restriction, portability, and objection. You also have the right to lodge a complaint with your local supervisory authority. Transfers of personal data outside the EEA are made pursuant to Standard Contractual Clauses or other appropriate safeguards.

8.4 How to Exercise Your Rights

To exercise any of the rights described above, submit a written request to privacy@seltapp.com. We will respond within 30 days (or within the timeframe required by applicable law). We may require verification of your identity before processing your request. We will not retaliate against you for exercising your privacy rights.

9. Children's Privacy

The Platform is intended for use by enrolled students at accredited post-secondary institutions. SELT requires institutional SSO authentication, which inherently limits access to individuals who are enrolled at a licensed institution.

The Platform is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent as required by the Children's Online Privacy Protection Act ("COPPA"). Because SELT requires post-secondary institutional enrollment for access, we do not anticipate that users under 13 will access the Platform. However, if we become aware that a user is under 13, we will take steps to promptly delete that user's information and terminate their access.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@seltapp.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. When we make material changes, we will:

  • Post the updated Privacy Policy at seltapp.com/privacy-policy with a revised "Last Updated" date
  • Provide notice within the Platform
  • Notify institutional administrators of material changes via email

Your continued use of the Platform after the effective date of any update constitutes your acceptance of the revised Privacy Policy. If you do not agree to a material change, you should discontinue use of the Platform and contact your Institution.

11. Contact Us

For privacy-related questions, requests, or concerns:

Privacy Officer
privacy@seltapp.com
General privacy inquiries, data requests, breach reports
Technical Privacy
security@seltapp.com
Security incidents, vulnerability reports, data security
Institutional Inquiries
peace.enesi@seltapp.com
DPA questions, institutional data agreements

SELT, Inc.
seltapp.com
Lubbock, Texas

Terms of ServicePrivacy PolicyContact
© 2026 SELT, Inc. All rights reserved. Patent Pending — USPTO 2026.