Data collection basics
During the admission process, DreamApply collects different types of data at different stages. To ensure clarity and trust, it is important to understand:
- What types of data DreamApply collects
- Who is responsible for managing this data
- What options applicants and institutions have to handle this data
Roles and responsibilities
In DreamApply, data collection responsibilities are divided between the platform and an institution:
- DreamApply acts as a data processor. It operates the admission management system, delivers authentication, account management and application processing functions and tools.
- An institution acts as a data controller. It decides what applicant data is collected during the admission process, defines how this data is used and how long it is retained.
In short, DreamApply provides the platform, while the institution decides the scope and purpose of data use.
DreamID
To log in to the DreamApply portal, applicants must create a DreamID.
A DreamID simplifies authentication tasks and helps secure login activities. All authentication tasks are performed in a dedicated service that follows strict security protocols and industry best practices.
A DreamID is mandatory for all applicants who want to interact with the DreamApply portal and submit their applications through it. DreamApply creates a DreamID record when applicants sign up for the DreamApply portal. At this stage, the system collects only a limited set of information, including:
- Full name
- Email address
- Password (stored securely in a hashed form)
- Profile ID (if an applicant chooses to register using a social media account)
- Multi-factor authentication details (if this option is enabled)
DreamApply also records login history and security-related events, such as password changes. This information is used only to create and manage a DreamID and is never used for other purposes.
Data collected during the admission process
When applicants sign in for the first time with their DreamID, the system displays a registration form. At this stage, applicants provide additional personal information that is collected and linked to their applicant accounts as metadata.
Once the application process begins, institutions collect further information needed to evaluate applications. This can include:
- Personal information, such as official photo and date of birth
- Academic history
- Supporting documents
DreamApply collects this information and organizes it into different types of resources. These resources are stored separately to support account management and application processing. For details, see Understanding application data.
Data retention and deletion
All data collected through the admission process is managed by an institution. The institution determines for how long applicant data is stored and when it is deleted.
Applicants have the ability to delete their data using the following types of requests:
Once an applicant submits a data deletion request, the institution must review and confirm the request. After confirmation, DreamApply erases the data within 24 hours.
If no action is requested by an applicant, DreamApply retains inactive applicant accounts for up to 5 years. Accounts that are inactive and have not had login activities for 5 years are automatically deleted from the system.