CollegeOne Privacy Policy

Effective Date: August 27, 2025

CollegeOne, LLC ("CollegeOne," "we," "our," or "us") values the trust of schools, educators, students, and families. This Privacy Policy explains how we collect, use, protect, and share personal information in connection with our Services.

1. Definitions

• School: The educational institution that contracts with or uses CollegeOne.
• Educator: Authorized teaching staff or school personnel.
• Student: An individual enrolled in a School whose educational information may be processed through the Platform.
• Parent/Guardian: The legal representatives of students who are minors.
• Personal Data: Any information relating to an identified or identifiable individual.
• FERPA: The U.S. Family Educational Rights and Privacy Act, which regulates the privacy of student education records.
• COPPA: The U.S. Children's Online Privacy Protection Act, which regulates the online collection of information from children under 13.

2. Data Controller and Processor Roles

In compliance with FERPA:

• Schools act as the data controllers of student educational information.
• CollegeOne acts as a "school official" or data processor, processing data only under the School's instructions and for authorized educational purposes.

3. Information We Collect

a) Information Provided by Schools or Educators

• Student's first and last name, and date of birth.
• Parent/Guardian contact information.
• Academic records, grades, assignments, and evaluations.
• Administrative records (enrollment, attendance, tuition, and payments, where applicable).

b) Information from Students and Parents/Guardians

• Login credentials.
• Activity within the Platform (e.g., submission of assignments, class participation).
• Communications sent through the Platform.

c) Technical Information

• IP address, device identifiers, operating system, browser type.
• Cookies and similar technologies, used solely to ensure the functionality and security of the Services.

4. How We Use Information

We use personal information only to:

1. Provide and operate CollegeOne Services.
2. Enable Schools and Educators to manage students' education.
3. Facilitate communication between Schools, Educators, Students, and Families.
4. Comply with legal and contractual obligations (FERPA, COPPA, and other applicable laws).
5. Improve the security, functionality, and user experience of the Platform.

We do not use student information for targeted advertising, commercial marketing, or the sale of data.

5. Legal Basis for Processing

Our data processing activities are based on:

• FERPA: We process data as a "school official" under contract with the School.
• COPPA: We do not collect personal information directly from children under 13 without verifiable parental/guardian consent provided through the School.
• School Contract: We process data strictly in accordance with agreements entered into with the School.

6. Data Sharing and Disclosure

We do not share personal information with third parties except in the following cases:

1. With service providers who act on our behalf (e.g., hosting, support, IT infrastructure).
2. When required by law (court orders, subpoenas, regulatory obligations).
3. In the event of a business transfer (merger, acquisition, or sale of assets, provided that equivalent privacy protections remain in place).

All third parties are bound by strict confidentiality and security obligations.

7. Rights of Schools, Parents, and Students

In accordance with FERPA and applicable laws:

• The School controls student data and is responsible for responding to requests for access, correction, updates, or deletion.
• Parents/Guardians and eligible Students may request access or correction of information through their School.
• CollegeOne will assist the School in fulfilling these requests.

8. Data Retention and Deletion

• We retain data only while the School maintains an active relationship with CollegeOne.
• At the School's request, we will delete or return student data within a reasonable timeframe.
• We periodically delete inactive data in accordance with our internal data retention policies.

9. Data Security

We implement technical, administrative, and organizational measures designed to safeguard personal information against loss, misuse, unauthorized access, or disclosure.
However, no system is completely secure, and we cannot guarantee absolute security.

10. International Data Transfers

If we process or transfer data outside the United States, we will implement appropriate safeguards in accordance with applicable data protection laws.

11. Children's Privacy

• We do not knowingly request or collect information directly from children under the age of 13.
• All collection of student data occurs through the School under its control and in compliance with COPPA and FERPA.
• Parents/Guardians should direct requests regarding their child's data to the School.

12. Changes to this Policy

We may update this Privacy Policy from time to time.
We will notify Schools of material changes and indicate the effective date.

13. Acknowledgment

By using the CollegeOne Services, you acknowledge that you have read and agreed to this Privacy Policy.
If you do not agree with our policies and practices, you should not use our Services.
Your use of the Services is always subject to our Terms of Use, which form part of this agreement.

CollegeOne Children's and Student Privacy Policy

Effective Date: August 27, 2025

At CollegeOne, LLC ("CollegeOne"), we believe families and educators should always understand what data we collect from students, how we use it, and what control they have over it. Our goal is to empower parents, guardians, students, and schools to make informed decisions about the information they share with us.

To that end, we provide a Student Data Privacy Addendum, an agreement we enter into with schools or districts that describes in detail our duties, responsibilities, and commitments with respect to Student Data we collect or receive.

This Children's and Student Privacy Policy applies solely to CollegeOne Services (as defined in our General Privacy Policy) and does not apply to informational websites of CollegeOne that do not require user authentication.

Key Highlights

• Personal Information We Collect: Includes student and child user data, whether used in or outside a school environment.
• How We Use It: For educational, school communication, safety, and legal compliance purposes. We never ask for more data than is reasonably necessary.
• Retention and Deletion: Data is kept only as long as necessary for educational purposes and in compliance with School or legal requirements.
• Disclosure: We never sell or rent student information. Data is only shared with authorized service providers or as required by law.
• Advertising: We do not use student data for third-party advertising or behavioral marketing.
• Rights: Parents, guardians, and schools have the right to access, correct, or delete student information in compliance with applicable law.
• Security: We apply industry-leading safeguards, including encryption, role-based access, and privacy by design.

1. Personal Information We Collect

• Educational identifiers: Name, grade level, school-assigned student identifiers.
• Limited contact details: Student email (if required by School), Parent/Guardian phone or email.
• Academic content: Assignments, exams, projects, documents, images, or files submitted through the Platform.
• Administrative records: Attendance history, grades, tuition balances, or payment records.
• Usage data: Technical information such as IP address, device type, browser, and cookies, used only to improve security and performance.

We never require students to provide more personal information than necessary to use the Services.

2. How We Use Information

We use collected data exclusively to:

• Provide, maintain, and improve the Services.
• Facilitate communication between schools, educators, parents/guardians, and students.
• Process and deliver assignments, documents, images, or educational materials.
• Send administrative alerts (e.g., pending tuition balances, invoice reminders).
• Ensure security and compliance with our Terms of Use.
• Comply with legal obligations (including FERPA, COPPA, and applicable state or international privacy laws).

3. Retention and Deletion of Data

• Student data is retained only as instructed by the School or district.
• We do not keep student data longer than necessary for educational or legal purposes.
• Student accounts that remain inactive for 12 months are automatically deleted, unless the School directs otherwise for compliance reasons.

4. Data Disclosure and Sharing

We do not sell or rent student or child user data. Data may only be shared with:

• Technology service providers (hosting, storage, analytics, support), under strict contractual security obligations.
• Legal authorities when required by law.
• Schools and districts acting as controllers of student data.
• Business transfers (e.g., merger, acquisition, or reorganization), provided protections remain in effect unless explicit consent is obtained from the School or Parent/Guardian.

5. Advertising and Marketing

• We never use student data for third-party or behavioral advertising.
• We may present contextual educational content (our own or co-created with partners), but never based on personal data for targeted marketing.

6. Rights of Access, Correction, and Deletion

• Parents/Guardians and Schools may request access, correction, or deletion of student personal information.
• If data was collected via the School, CollegeOne will assist the School in fulfilling its legal obligations.
• If data was collected directly outside of a school environment, Parents/Guardians may contact CollegeOne directly.

7. Security and Privacy by Design

We adopt technical and organizational safeguards, including:

• Data encryption at rest and in transit.
• Role-based access controls.
• Regular security audits and monitoring.
• Data minimization and privacy-by-default practices.

8. Transparency and Policy Updates

We will remain transparent about our practices and notify users of any material changes to this Policy via prominent notices on our Services or by email when appropriate.
Continued use of the Services after such updates constitutes acceptance of the revised Policy.

9. Contact Us

If you have any questions or concerns about your privacy or this Privacy Policy, please contact us at: