top of page
ChatGPT Image Aug 8, 2025, 12_57_42 PM.png

Privacy Policy

Campus Credit Privacy Policy

Effective Date: January 1, 2026 

 

Introduction:


Campus Credit LLC (“Campus Credit,” “we,” “us,” or “our”) is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information through our website www.mycampuscredit.com and related services (collectively, the “Services”). Our Services are used by students and educational institutions in the United States, and we handle student records in compliance with the Family Educational Rights and Privacy Act (FERPA) and other applicable laws. Users of our platform may include minors under the authority of their schools, so we also adhere to the Children’s Online Privacy Protection Act (COPPA) and relevant state laws. We do not sell personal data or share it with third parties for marketing purposes, except as described in this Policy. By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Services.

 

Key Privacy Commitments:

  • FERPA Compliance: We handle student educational records in a FERPA-compliant manner and act as a “School Official” to educational institutions, using student data only for authorized educational purposes.

  • No Sale of Data: We do not sell your personal information to third parties, and we do not use student data for targeted advertising or marketing. Your information is used only to deliver and improve our Services.

  • Limited Sharing: We share data only with authorized parties – such as your school or service providers operating under strict contracts – and only as needed to operate our platform (see “How We Share Your Information” below). We do not build personal profiles of students beyond educational requirements.

  • Security Measures: We employ industry-standard security measures, including encryption of data in transit and at rest, access controls, and regular privacy training, to protect your information.

  • Parental Consent for Minors: If students under the age of 13 use our Services through a school, we rely on schools to obtain any necessary parental consents in accordance with COPPA. We do not knowingly collect data from children under 13 for any independent commercial use.

We encourage you to read this Privacy Policy fully to understand our practices. If you have any questions, please contact us using the information in the “Contact Us” section below.

Information We Collect

We collect personal information and student data from and about users of our Services in order to provide and improve our platform. This includes:

  • Identifying Information: Name, email address, telephone number, postal address, username, and account login credentials. If you are a student, this may include your student ID number or other identifiers provided by your school.

  • Educational Records: Academic and enrollment information such as courses taken, grades, credits earned, transcripts, enrollment status, and other information provided by your school or you directly that is part of your educational record. This can include information needed for verifying dual enrollment, high school articulation, or prior learning credits (e.g. course names, performance criteria, etc.).

  • Uploaded Documents: Documents or files you or your school upload to the platform. For example, this may include proof of course completion, transcripts, certificates, identification documents, or any other materials submitted when you “claim credit” or otherwise use our Services. These documents may contain personal information and academic details.

  • Payment Information: If you make payments through our Services (for example, to pay any fees associated with credit requests or related services), we collect information necessary for payment processing. This may include billing name and address, and payment card details. Payment card information is processed via a secure third-party payment processor and is not stored on our servers in full. We maintain records of transactions (date, amount, method) for accounting and compliance purposes.

  • Usage Data: Information about how you access and use our website and Services. This includes technical information (IP address, device type, operating system, browser type, unique device identifiers) and usage information (pages or features used, dates/times of visits, referring URLs, errors, and other analytics data). This data is collected through log files and cookies or similar tracking technologies (described below).

  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to remember your preferences, keep you logged in, and gather usage analytics. For example, we may use Google Analytics or similar tools to collect anonymized statistical information about how users interact with our platform. See “Cookies and Tracking Technologies” below for more details.

  • Communications: If you contact us for support or communicate with us (by email, phone, or through the platform), we will collect the information you provide in those interactions. This may include your contact details and the content of your communications (such as support requests or feedback).

  • Information from Schools or Third Parties: We may receive personal information about students or educators directly from the educational institutions we serve or other third parties authorized by your school. For example, a school or district may provide us with class rosters, student demographic information, or academic data to set up and integrate their systems with our Services. We collect and use any such data on behalf of the institution and in accordance with our agreement with them and this Policy.

We collect the above information either directly from you (when you provide it through our Site or Services), from your educational institution, or automatically through your use of the Service (in the case of cookies and usage data). We only collect information that is relevant and necessary for the purposes described in this Policy. You may choose not to provide certain personal information; however, this may limit your ability to use some of our Services (for example, not providing required academic documents may prevent processing a credit request).

How We Use Your Information

Campus Credit LLC uses the collected information for the following purposes:

  • Providing and Improving Services: We use personal information and student data to operate our platform’s core functionality. This includes processing credit articulation and dual enrollment requests, evaluating eligibility for credits (using the academic information and documents provided), updating academic records, and facilitating the transfer of earned credits to student information systems or transcripts as needed. We also use data to maintain and improve our Services – for example, fixing bugs, analyzing usage trends to enhance user experience, and developing new features to support students and educators.

  • Account Management and Authentication: We use your information to create and manage user accounts, verify user identities during login, authenticate authorized users (students, teachers, counselors, administrators), and prevent unauthorized access. For institutional users, this may involve confirming with the school that a registered educator is legitimate.

  • Communication: We use contact information (such as email addresses and in-app notifications) to communicate with you about the Service. For students, this may include notifications of status changes (e.g., when a credit request is approved or denied), reminders and alerts related to your coursework or credit claims, or responses to support inquiries. For educators and institutional administrators, we may send service-related announcements, updates about platform changes, training materials, or respond to support and account issues. We may also send confirmations and receipts for any payments made. We do not send promotional marketing emails to students, and any informational emails to school staff will comply with applicable communication laws and provide an opt-out mechanism.

  • Processing Payments: If you provide payment information for any transactions on the platform, we use that information to process the payment and complete the transaction. For example, if a fee is required to submit a prior learning credit evaluation, we will charge your provided payment method. Payment processing is done securely, and billing details are used only for payment and record-keeping.

  • Compliance and Legal Obligations: We may use and disclose personal information as necessary to comply with applicable laws, regulations, legal processes, or enforceable governmental requests. This includes using data to meet federal or state education record requirements, to respond to subpoenas or court orders, or to exercise or defend legal claims. If we are required by law to disclose data (e.g., to law enforcement or regulators), we will only do so after verifying the request’s validity and only providing the minimum necessary information. Whenever feasible, we will notify the affected institution or individual of such disclosure, unless prohibited by law.

  • Ensuring Security and Preventing Misuse: We use information (including usage data and technical logs) to monitor for suspicious or unauthorized activities on our platform, to prevent fraud or misuse, and to maintain the integrity of our systems. This can include detecting cheating or falsification of academic documents, investigating violations of our Terms of Use, and protecting the rights and safety of Campus Credit, our users, and others.

  • Analytics and Aggregated Data Uses: We may use data analytics tools to understand how the Services are used and to improve performance. Any analytics or research we conduct uses de-identified or aggregated data that does not personally identify individual users. For example, we might analyze overall trends in credit attainment across schools to help improve our offerings or generate reports for institutional partners. Internally, we may also use anonymized data to improve algorithms or user interface design. These analytics do not affect any student’s standing and are solely for product improvement.

  • Educational Reporting: For educational institutions, we may use student data to generate reports and insights for authorized school officials. For example, school administrators might receive reports on how many students claimed credits, demographic trends in credit awards, or bottlenecks in approval processes (using only the data under that institution’s control). Such reports are only shared with the relevant institution and contain information that the institution is authorized to receive.

We will use personal information only for the purposes outlined above or for purposes that are compatible with those reasons. If we need to use your personal information for an unrelated new purpose, we will notify you or the controlling educational institution and obtain the necessary consent or authorization. We do not use personal information for any form of targeted advertising or profiling outside the scope of educational or operational purposes. In particular, student data is never used to contact students for marketing, advertising, or non-educational purposes.

Cookies and Tracking Technologies

Cookies: Like most websites, our platform uses cookies and similar tracking technologies to enhance user experience and gather usage data. Cookies are small text files placed on your device that allow us to recognize you when you return. We use cookies to keep you logged in to your account as you navigate through secure areas of the site, and to remember your preferences (such as language selection or other settings). These are often called “strictly necessary” or “functional” cookies, and they ensure the Service works correctly for you.

Analytics: We also use cookies and third-party analytics services (such as Google Analytics) to collect information about how users interact with our Services. This information may include pages visited, time spent on pages, actions taken (e.g., clicking a button), and general location information (e.g., city or region, not your precise location). We use this data to analyze and improve the performance and features of our platform. The analytics data collected is typically aggregated and does not directly identify individual users. For example, analytics cookies help us understand which features are most used or if users encounter errors on certain pages. This allows us to make informed decisions on enhancing our Services.

We do not use cookies or tracking technologies for advertising or profiling of students. You will not see third-party advertising on our site, and we do not allow advertising networks to collect information about you through our platform. Any third-party tools we use (like analytics or cloud infrastructure) are contractually bound to use information solely for providing services to us, not for their own purposes.

Your Choices: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. You may also clear cookies from your browser at any time. Note: If you disable or delete cookies, some parts of our Service (especially login and account-specific features) may not function properly, because our system relies on cookies to recognize you after you log in. If you opt-out of analytics cookies, it will not affect core functionality, but it will limit our ability to understand and improve how users use the platform. For Google Analytics specifically, Google provides an opt-out browser add-on if you wish to prevent your data from being used by analytics cookies.

Do Not Track: Our Site does not currently respond to “Do Not Track” (DNT) signals. However, we treat all users’ data in accordance with this Privacy Policy, and we do not track users across third-party sites. If industry standards for DNT become formalized, we will revisit our approach to honor such signals as required.

By using our Services with cookies enabled in your browser, you consent to our use of cookies and tracking technologies as described here. For more detailed information on cookies, you can contact us using the information below.

How We Share Your Information

We do not disclose or share your personal information with third parties except in the following circumstances and always in compliance with FERPA and other privacy laws:

  • With Your Educational Institution: If you are a student using Campus Credit through your school, your school (and its authorized teachers, counselors, and administrators) will have access to your personal information and student records on our platform. For example, your school officials can view the credits you have claimed, your uploaded documents, and the status of your requests. We share and sync relevant data with the institution’s systems (such as updating the college’s Student Information System with awarded credits) as part of providing our educational service. The school’s use of your data is governed by their own policies and FERPA. We only disclose student information to the originating institution or as directed by that institution, and consider all such data to be under the control of the school.

  • With Service Providers (Processors): We share information with trusted third-party service providers who perform services on our behalf to support the operation of our platform. This includes, for example: cloud hosting providers (for secure data storage and servers), database providers, analytics service providers (for usage analytics as described above), email or notification services (to send account alerts or communications), identity verification or single sign-on providers, and payment processors (to handle credit card transactions). These service providers are bound by contractual obligations to keep personal information confidential and to use it only for the specific services we request. They are not permitted to use your data for their own purposes. Campus Credit remains responsible for ensuring our vendors protect your information to the same standards we commit to you.

  • For Legal Requirements and Safety: We may disclose personal information if we in good faith believe such action is necessary to (a) comply with a legal obligation or valid legal process (such as a law, regulation, search warrant, subpoena, or court order); (b) protect and defend the rights or property of Campus Credit, our users, or others; (c) investigate or assist in preventing security threats, fraud, or other malicious activity; or (d) protect the personal safety of users of the Services or the public. If a law enforcement or other third party request seeks student records, we will, whenever legally permissible, redirect the request to the appropriate educational institution or notify the institution of the request. We will not hand over student education records to government or law enforcement without proper authority, and will require a subpoena or court order, as required under FERPA. In any case, we will only disclose the minimum data necessary to meet the purpose of the request.

  • With Your Consent or At Your Direction: We may share your information with third parties if you (or your parent/guardian, if you are a minor) explicitly consent to or request such sharing. For instance, if you, as a student, want us to send your credit attainment information to another platform or service (such as a scholarship application service, another college, or a program you are applying to), we will do so only with clear consent and authorization from you or your school.

  • Business Transfers: If Campus Credit LLC is involved in a merger, acquisition, sale of assets, bankruptcy, or other corporate change, personal information may be transferred to a successor or affiliate as part of that transaction. However, in the event of such a transfer, we will ensure that your personal information remains subject to the same protections outlined in this Privacy Policy. Any successor entity will only be allowed to use your information in accordance with the terms of this Policy or as otherwise permitted by law. We will provide notice on our website (and to your institution, as appropriate) before personal information is transferred and becomes subject to a different privacy policy. Notably, we will never sell student personal data or any personal information as a standalone asset to third parties, except as part of a corporate transaction as described, and even then, the new owner must honor the privacy commitments we have made (or obtain your consent).

  • De-Identified or Aggregated Data: We may share information that has been de-identified (stripped of any personal identifiers such as name, email, ID numbers, etc.) or aggregated (combined with information about many users) in a form that cannot reasonably be used to identify you. Such data is not considered personal information and may be used by Campus Credit for legitimate purposes such as research, product development, or demonstrating the platform’s effectiveness. For example, we might publish a report showing the total number of credits earned by students through our platform across all partner schools in a year, as long as that report contains no personal details. If we share de-identified data publicly or with third parties, we will ensure no individual or school is identifiable, per industry best practices.

No Unauthorized Third-Party Disclosure: We do not sell, rent, or exchange your personal information with any third parties for their marketing or advertising purposes. All sharing is limited to the situations listed above. In particular, student data is tightly controlled: it is only used for educational purposes and only shared with parties that have a legitimate educational interest or legal right to access, as permitted by FERPA and applicable laws. Campus Credit treats all student data as strictly confidential.

If you have questions about who has access to your information or with whom it has been shared, you may contact us at any time (see Contact Us section). If you are a student or parent, we also encourage you to contact your educational institution for more details on how they share and use data via our platform.

Student Data Privacy (FERPA Compliance)

Campus Credit operates as a service provider to educational institutions and is deeply committed to protecting student privacy. In handling Student Data (personal information from student education records), we adhere to FERPA and applicable state student privacy laws. Below are key points regarding student data on our platform:

  • School Official under FERPA: When we provide our Services to a college, school district, or other educational agency, we are considered a “School Official” under FERPA §99.31 with a legitimate educational interest in the education records we receive, meaning we use student information only to fulfill our duties in providing the Service. We are under the direct control of the educational institution regarding the use and maintenance of education records. In simpler terms, we act as an extension of the school’s own staff for the purpose of managing these credit articulation, dual enrollment, and prior learning workflows.

  • Authorized Use Only: We receive and use student personally identifiable information (PII) from education records only as needed to provide the Services on behalf of the educational institution. This includes things like student names, IDs, courses, grades, etc., which are necessary for verifying and granting academic credits. We will not use student data for any purpose outside the scope of our agreement with the school. We do not use or disclose student education records for targeted advertising, marketing, or any other commercial purposes. Student data is used strictly to deliver our educational services (and to improve them in ways that benefit our users while maintaining privacy). Any use of student data for product improvement is done with de-identified data only.

  • No Re-Disclosure Without Consent: Campus Credit will not re-disclose or share student education records with other parties except: (a) as directed by the educational institution; (b) as permitted by law (such as to another school where a student is enrolling, under FERPA’s transfer exception, or in response to a lawful subpoena as described in How We Share Your Information); or (c) with consent from the eligible student or parent. We are bound by FERPA’s limits on re-disclosure (34 CFR §99.33) which require that PII from education records is not disclosed to additional parties without proper authorization. For example, we will not provide student information to a third-party technology provider or researcher unless the school has authorized that disclosure consistent with FERPA. If a school asks us to assist in transferring student records to another system (for instance, if a student moves to a different college), we will do so only with the school’s explicit instruction (this is an example of a permitted redisclosure under FERPA).

  • Ownership and Control: Student records and data remain the property of and under the control of the educational institution. Campus Credit does not own student data; we are merely holding and processing it on the school’s behalf. For clarity: if you are a student user, your school generally owns/controls the data you or the school provide in our system, and we handle it at their direction. We will not assert any rights to student personal information. If our contract with a school ends, or upon the school’s request, we will return or destroy student data as described in our Data Retention section.

  • FERPA Rights – Access and Correction: Under FERPA, parents of minor students and eligible students (those 18 or older or attending postsecondary institutions) have rights to access and seek amendment of their education records. If you wish to review or correct a student record that is maintained in our Service, you should direct your request to your educational institution (e.g., your school’s administration) which is the primary custodian of that record. We facilitate schools in fulfilling such requests. For instance, if a school needs our assistance to retrieve or update a record in our system in response to a parent’s request, we will cooperate promptly as part of our service obligation. We cannot generally grant direct requests from parents or students for access or deletion of education records; those must be handled via the school in compliance with FERPA.

  • State Student Privacy Laws: We comply with state laws regarding student data privacy in the jurisdictions we operate. For example, in California, if applicable, we abide by laws such as California Education Code § 49073.1 which governs contracts with ed-tech providers. We also follow other relevant state requirements, which often mirror FERPA’s protections or add additional safeguards. Our practices of not selling student data, not using it for targeted ads, and maintaining security measures align with the Student Privacy Pledge and various state statutes requiring the protection of K-12 student information.

  • Student Data and HIPAA: In the unusual case that any student information on our platform might include health-related information (e.g., a doctor’s note as part of a prior learning portfolio), please note that records provided by a school (like health information in an education record) are protected by FERPA and not by HIPAA. Therefore, we treat such information under FERPA’s confidentiality rules. (FERPA-protected data is expressly exempt from HIPAA’s scope.) Regardless, we implement stringent privacy and security measures to protect all personal data, whether academic or health-related.

  • No Advertising or Profiling of Students: To reiterate, we do not use student personal data to serve advertisements, nor do we create marketing profiles of students. We do not allow third-party advertising networks to use our platform to target students. Any analytics or product improvement involving student data is done in an aggregate or de-identified manner that does not identify individual students. Our sole focus in using student data is to enhance educational outcomes and the functionality of our service in partnership with the educational institutions.

In summary, Campus Credit maintains a FERPA-ready architecture and takes seriously the trust that schools place in us to keep student data confidential. All employees and contractors with potential access to student records are trained on FERPA obligations and are required to uphold these standards. If you have questions about our handling of student data, please contact us or have your school contact us. We are happy to provide further details to you or your school’s officials to ensure transparency and trust.

Children’s Privacy (COPPA Compliance)

Our Services are intended for use by students primarily at the direction of schools and colleges. We understand the importance of extra precautions for children’s personal information. Campus Credit does not knowingly allow children under the age of 13 to use our Services without appropriate consent. In nearly all cases, student users under 13 (and in many cases under 18) will be using the platform in a school context, with the school’s involvement and consent.

  • Role of Schools for Under-13 Users: If a student under 13 years of age is using Campus Credit as part of an educational institution’s program, the school acts in place of the parent to provide consent for the child to use our Services, as permitted under COPPA. We require that any school or teacher who enrolls students under 13 in our platform has obtained any necessary parental consent or has provided the required COPPA notice to parents. Schools should not allow a child to use our platform if the parent has not consented. By using our Services with children under 13, the institution is confirming that it has the authority to consent on the parents’ behalf or otherwise comply with COPPA’s requirements. We provide support and information to schools to facilitate COPPA compliance upon request.

  • Direct Sign-up by Minors: Our platform generally does not allow students to create an account on their own without a school or college involved. In the event we offer any direct sign-up option for a minor and the minor is under the age of 13, we will only create the account after obtaining verifiable parental consent as required by COPPA. If we learn that we have collected personal information from a child under 13 without parental consent or school authorization, we will delete that information promptly.

  • Parental Rights: Parents (or legal guardians) of children using Campus Credit (whether under 13 or older minors) have the right to review personal information collected about their children, request deletion of that information, and refuse to allow further collection or use of the child’s information. If you are a parent and you have questions or requests regarding your child’s use of Campus Credit, you should first contact your child’s school, since the school is often in the best position to provide data or make changes (for example, the school can correct a grade or remove an uploaded document). You may also contact us at support@mycampuscredit.com with your request. We will work with the school to address your concerns and, if required, provide you with the requested information or delete data, in compliance with applicable law. If a parent withdraws consent for a child’s use of our Services, we will disable the child’s account and delete or de-identify any personal information we hold about that child, as directed by the school or the parent.

  • Users Ages 13-17: For students between 13 and 17 years old, COPPA may not require parental consent, but these users are still typically under the authority of a school or parent. We encourage parents to be involved in teenagers’ online activities and for schools to obtain parental permission for minors’ data sharing when required by law or school policy. If a 13-17 year-old student is using our platform outside of a school setting (e.g. as part of a college program or a homeschool scenario), the student or parent should ensure they have reviewed and agreed to this Privacy Policy and our Terms of Use. We will handle the data of teenage users with the same care and confidentiality as described throughout this Policy.

  • No Child-Directed Advertising: We do not serve behavioral advertisements to any users of our platform, and certainly not to children. We do not knowingly market to or solicit information from children. The content of our platform is educational in nature and not directed at children for any commercial purpose.

  • Teacher and School Responsibility: We advise educators and schools to not share or post any unnecessary personal information about students on the platform. Only data relevant to the credit and enrollment processes should be provided. If you are an educator using our Services with your students, it is your responsibility to comply with any obligations you may have under laws like COPPA or FERPA to notify parents and obtain consent prior to using the Service with children. We provide tools (such as template consent forms or privacy information) to help facilitate transparency with parents as needed.

If you believe that we might have any information from or about a child under 13 that was collected without proper consent, please contact us immediately at support@mycampuscredit.com. We take children’s privacy seriously and will take prompt action to investigate and address the issue. Our goal is to ensure a safe, trusted environment for all student users and peace of mind for their parents and educators.

 

Data Security

Campus Credit uses a variety of administrative, technical, and physical security measures to protect your personal information from unauthorized access, loss, misuse, or alteration. We understand that the data we handle, especially student academic records and payment details, are sensitive, and we design our security program with that in mind. Key security measures include:

  • Encryption: We implement encryption protocols to protect data in transit and at rest. When you access our website, the connection is encrypted using TLS/SSL technology. This means that any data transmitted between your device and our servers (such as login credentials or documents you upload) is encrypted. We also encrypt personal and sensitive data at rest in our databases or storage systems. For example, if we store files like transcripts or identification documents, they are stored in encrypted form.

  • Secure Hosting: Our Services are hosted in a secure cloud environment with robust security certifications. For instance, we utilize reputable cloud service providers (such as Amazon Web Services or Microsoft Azure) that maintain high standards of security and compliance. Data centers are physically secured and have measures like access control, surveillance, and redundancy to prevent unauthorized physical access and data loss. All servers are kept up-to-date with security patches and are monitored for intrusions.

  • Access Controls: We restrict access to personal information strictly to employees and authorized contractors who need that access to operate, develop, or support our Services. Campus Credit staff members who handle student data or other personal information undergo background checks where permitted and receive training on data privacy and security requirements (including FERPA and confidentiality obligations). Each authorized user within our company has unique authentication credentials, and access is granted on a least-privilege principle (meaning they only get the minimal access necessary for their role). Administrative access to systems containing personal data is logged and audited regularly.

  • Security Testing and Monitoring: We regularly monitor our systems for possible vulnerabilities and attacks. Our network has firewalls and intrusion detection systems to guard against unauthorized access. We employ antivirus and anti-malware tools, and use secure software development practices (including code reviews and testing) to reduce security risks in our application. We may also engage third-party security experts to perform penetration testing or audits of our platform periodically.

  • Payment Security: Any payment transactions are processed using secure encryption and handled by PCI-DSS compliant payment processors. We do not store full credit card numbers or sensitive payment data on our systems; instead, such information may be tokenized or stored by the payment gateway. This adds an extra layer of security for financial information.

  • Data Backups and Recovery: We perform regular backups of critical data to prevent loss. Backups are encrypted and stored securely. In case of any system issue or data loss event, we have disaster recovery plans to restore availability of the Services and data integrity in a timely manner.

  • Employee Training and Policies: All Campus Credit personnel must agree to confidentiality obligations and are trained on privacy and security best practices. We have internal policies regarding how to handle user data, and we enforce those policies. For example, we have rules against using actual student data in testing environments, and guidelines for handling data requests.

Despite our robust measures, it is important to note that no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. However, we continuously update and improve our security practices to meet or exceed industry standards and to address new threats as they emerge.

Security Breach Procedures: In the unlikely event of a data breach that compromises personal information, we will act promptly to contain and investigate the incident. We will notify affected institutions and individuals as required by applicable law. For example, if a security incident affects student data, we will inform the relevant school officials as soon as possible (typically within the timeframe required by law or contract) so that we can coordinate any necessary notifications to students or parents. We will also report any required information to authorities and take steps to prevent a recurrence. Our incident response plan ensures we take appropriate remedial actions to protect our users.

We encourage you to also play a part in protecting your information. Please use a strong password for your account, do not share your login credentials, and notify us immediately at support@mycampuscredit.com if you suspect any unauthorized access to your account or any security vulnerabilities. Together, we can help keep the platform safe and secure for everyone.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements. Because our Services often involve official academic records, we handle data retention carefully in accordance with both our clients’ needs (schools) and legal obligations:

  • Student Accounts and Records: If you are a student using Campus Credit through your school, your student data is retained for as long as your educational institution authorizes us to maintain it. In practice, this generally means we keep your data active for the duration of the agreement with the institution and as needed to support the educational purposes (e.g., until you have been awarded credit and that credit has been transferred to the college’s system, and for a reasonable time thereafter for auditing or verification). We do not knowingly retain student data longer than necessary for the school’s purposes. In many cases, schools will have policies on record retention and may instruct us to delete certain data when it’s no longer needed (for example, a school may ask us to delete records of students who have graduated after a certain period). We will comply with the school’s directions in this regard. If a school terminates its use of Campus Credit, we will, at the school’s option, either return all student data to the school and/or delete it from our systems (except for any data we are legally required to retain). Upon deletion, we will ensure student records are removed from live databases and we will certify deletion to the school if requested. Backup copies may persist for a short period but are then overwritten in accordance with our backup retention schedule.

  • User Accounts (Educators and Others): For teacher, counselor, or administrator accounts, we retain your personal information for as long as your account is active or as needed to provide you services. If you cease to be associated with a school that uses Campus Credit or if you request deletion of your account, we will delete or de-activate your account data upon verification (except where retention is required by law or legitimate interests as noted below). We may keep a minimal record of your account (e.g., name, email) to document that you had an account and that it was deleted, for purposes such as auditing or to prevent fraud.

  • Payment and Transaction Data: We retain payment records and related transaction data as long as required for financial reporting and audits, typically at least seven years or a period required by tax and accounting laws. However, sensitive payment details (like full credit card numbers) are not stored by us as mentioned.

  • Legal Obligations and Disputes: We may retain certain information for longer periods if necessary to comply with legal obligations (such as maintaining records of consents, opt-outs, or other preferences; or fulfilling compliance with federal and state education laws). Also, if a dispute, investigation, or litigation is pending or reasonably anticipated, we will retain relevant information until that issue is resolved.

  • Backups and Residual Storage: Even after active data is deleted, it may persist in securely stored backups for a limited time until those backups are cycled out. We have retention limits on backup media and use secure deletion or encryption to protect any residual data. Any such backups are accessible only by authorized personnel and are eventually deleted or destroyed safely. Additionally, some data (for example, data in server logs or aggregated analytics) may not be feasible to isolate and delete. We may retain such data in its aggregated or anonymized form (stripped of personal identifiers). Once data is properly anonymized, it is no longer considered personal information and we may retain it indefinitely for statistical or product improvement purposes without further notice to you.

  • Account Inactivity: If an account (student or educator) becomes inactive (for example, a student graduates or stops using the platform, or a teacher’s school no longer uses Campus Credit), we typically will archive or delete personal information after a period of inactivity, as determined in consultation with the institution or by our internal policies. We might, for example, archive an account after [X] years of inactivity. Archived data is restricted and used only as needed for compliance or reactivation if needed. We do not use archived personal data for any new purposes.

In summary, we retain data only as long as necessary. When personal information is no longer needed, we will ensure it is securely deleted or anonymized. If you have specific questions about our data retention practices (for example, “Does Campus Credit still have my data from 5 years ago when I used it at College X?”), please contact us. Keep in mind that for student data, your school may also have insights or policies on how long data should be kept. We coordinate our retention and deletion with our client institutions to honor both the letter and spirit of student privacy regulations.

 

California Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights apply to personal information about you that we have collected, subject to certain exceptions (for example, CCPA’s education-related exemption may apply to some data we handle on behalf of schools, but we will outline the rights here for completeness). We are committed to facilitating your California privacy rights as described below:

  • Right to Know (Access): You have the right to request that we disclose what personal information we collect, use, and disclose about you. This includes the categories of personal information we have collected, the categories of sources of that information, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it. You also have the right to request access to the specific pieces of personal information we have collected about you over the past 12 months.

  • Right to Delete: You have the right to request deletion of personal information that we have collected from you, with certain exceptions. For example, we may not delete information that we are required to keep for legal reasons or that is necessary to complete a transaction or provide a service you requested (such as completing a credit articulation you initiated), or data that is needed to detect security incidents or comply with a legal obligation. If your request to delete is subject to an exception, we will inform you of that in our response.

  • Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you. If you believe any of your information in our records is incorrect or outdated, you may request a correction. For student information obtained through a school, we may need to coordinate with your school to verify and implement corrections (since academic records might need to be corrected at the source).

  • Right to Opt-Out of Sale or Sharing: You have the right to opt out of the “sale” of your personal information, or the “sharing” of your personal information for cross-context behavioral advertising. However, please note: We do not sell personal information to third parties (as “sell” is defined under CCPA), nor do we share personal information for targeted advertising purposes. Therefore, there is no need for you to take action to opt out – by default, we do not engage in these practices. We also do not use or disclose sensitive personal information for any purpose that would trigger a right to limit under California law (aside from providing our Services).

  • Right to Limit Use of Sensitive Personal Information: In some cases, California residents can direct businesses to limit the use of “sensitive personal information” to certain permitted purposes. Types of sensitive data we might collect include account login credentials (which we protect), precise geolocation (which we do not collect), racial or ethnic origin (we do not collect this unless a school provides it for reporting and then we treat it as student data), or student records (which are arguably sensitive by nature). We already limit our use of any sensitive information strictly to the necessary educational purposes for which it was provided, in line with this Policy. If you have concerns or requests regarding sensitive data, you may contact us.

  • Right of Non-Discrimination: We will not discriminate against you for exercising any of your California privacy rights. This means, for example, we will not deny you our Services, charge you a different price, or provide a different level of quality of service just because you exercised your rights under CCPA. The only scenario where we might not be able to fulfill a request is if doing so would violate legal requirements or interfere with our ability to provide the Service you’ve asked for – and in such cases, we will explain the situation to you.

Submitting Requests: If you are a California resident and wish to exercise your access, deletion, or correction rights, you (or your authorized agent) can submit a request to us by emailing support@mycampuscredit.com or by mail at the address provided in Contact Us below. Please specify in your request which right you seek to exercise and provide us with enough information to verify your identity. For example, we may ask you to provide details like your name, email address, or other information we have on file, and possibly to confirm your request via a reply, in order to ensure that we are fulfilling requests only for the correct individual. In the case of student data that we hold on behalf of a school, we may need to direct your request to your school or work with them to fulfill it, since in many cases they are the controllers of that data.

Verification: For your protection, we will only fulfill requests when we have confidence in the requester’s identity. If an authorized agent is making the request on your behalf, we may ask for proof of authorization (such as a signed permission from you or power of attorney documentation, plus verification of the agent’s identity). If we cannot verify the requestor’s identity or authority to make the request, we will not disclose or delete the information in question, but will inform you of the inability to verify.

Response Timing: We will acknowledge receipt of your request within 10 business days and aim to substantively respond within 45 calendar days. If we need more time (up to an additional 45 days, for a total of 90 days), we will inform you of the reason and extension in writing. Our response will typically cover the 12-month period preceding the request. In some cases, we may provide information beyond 12 months as required by CPRA (which can require going beyond 12 months for data collected after January 1, 2022, in response to access requests, unless it’s unduly burdensome).

Categories of Personal Information Collected: In the “Information We Collect” section of this Policy, we describe the categories of personal information we collect. To summarize for California consumers, in the last 12 months we may have collected the following categories of information (as listed in the CCPA’s definition of personal information): identifiers (e.g., name, email, student ID); personal information categories listed in Cal. Civ. Code §1798.80(e) (e.g., contact information, payment card information – however, we do not keep card numbers beyond processing needs); characteristics of protected classifications under California or federal law (e.g., age, if a birthdate is collected; or demographic info if provided by a school; note this is generally considered sensitive); commercial information (transaction records of payments); internet or other electronic network activity information (device and usage data, cookies, etc.); education information (academic records, transcripts, grades, which are also protected by FERPA); and in some cases, sensitive personal information such as account login credentials (which are required for account security), precise geolocation (we do not collect this), racial or ethnic origin (only if provided by a school for lawful purposes), or student identification numbers. We collect these categories from the sources and for the purposes described earlier in this Policy. Importantly, all educational records and information from students are used strictly for educational purposes and handled in accordance with FERPA as well.

Disclosure of Personal Information: We also describe in this Policy the categories of third parties with whom we share personal information (see “How We Share Your Information”). In the past 12 months, we may have disclosed the above categories of personal information for business or educational purposes to the following categories of recipients: your educational institution and its agents, service providers (cloud providers, analytics, payment processors) who help us run the Service, and other parties as required by law or with consent. We do not sell personal information, and we have not sold or shared (for behavioral advertising) any personal information of California residents, including minors, in the preceding 12 months. As a result, we do not provide a “Do Not Sell or Share My Personal Information” link, because it is not applicable.

For more detailed information or any questions about our privacy practices and your rights under CCPA/CPRA, you can always contact us. If you are an educational institution using Campus Credit, please note that student information we handle may be exempt from some CCPA provisions due to FERPA; however, we stand ready to assist our institutional clients in responding to any privacy-related requests. Our goal is to be transparent and helpful to both the institutions we serve and the individuals (students, educators, parents) who use our platform.

International Data and GDPR Compliance

While Campus Credit is based in the United States and primarily serves U.S. educational institutions, we recognize that our website and Services may be accessible to users in other countries, including in the European Economic Area (EEA), United Kingdom (UK), or other regions with data protection laws. If you are using our Services from outside the United States, please be aware of the following:

  • Data Transfers: Personal information collected through our Services will be stored and processed in the United States. This means that if you are in another country, your personal data will be transferred to and maintained on servers or databases located in the U.S. The U.S. may not have the same data protection laws as your home country. By using our Services and providing your information, you acknowledge and consent to the transfer of your personal data to the United States for processing. We will protect your data in accordance with this Privacy Policy no matter where it is processed. If you are in the EEA/UK, we rely on legally-provided mechanisms to transfer data, such as the European Commission’s Standard Contractual Clauses (SCCs) or other appropriate safeguards, to ensure an adequate level of protection.

  • GDPR (General Data Protection Regulation): To the extent the GDPR or UK GDPR applies to any personal data we process, you may have additional rights under those laws. These may include:

    • Right of Access: You have the right to request confirmation of whether we have personal data about you, and to obtain a copy of that data, as well as information about how we process it.

    • Right of Rectification: You have the right to request that we correct any inaccuracies in your personal data.

    • Right to Erasure: You have the right to request deletion of your personal data (“right to be forgotten”) under certain circumstances – for example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent (where applicable) and no other legal ground for processing applies. Note that this right may be limited in educational contexts by legal obligations to maintain certain records, but we will evaluate requests on a case-by-case basis.

    • Right to Restrict Processing: You can ask us to restrict the processing of your personal data in certain situations, such as while we verify or correct a contested piece of data, or if the processing is unlawful and you prefer restriction to deletion.

    • Right to Data Portability: Where applicable, you have the right to request a copy of certain personal data in a commonly used, machine-readable format, and to have that information transmitted to another data controller where technically feasible. This right typically applies to data processed by us by automated means, based on your consent or a contract you have with us.

    • Right to Object: You have the right to object to our processing of your personal data in certain circumstances. For example, if we were processing your data based on legitimate interests, you could object if you believe your fundamental rights and freedoms outweigh our legitimate interest. If we ever were to use your data for direct marketing (which we do not for students), you could object at any time.

    • Right not to be subject to Automated Decisions: Campus Credit does not make any decisions about individuals using purely automated means without any human involvement that produce legal or similarly significant effects. If that ever changes, you would have rights related to such profiling or automated decision-making.

    • Right to Withdraw Consent: In the limited cases where we might rely on your consent to process personal data (for example, if you are an EU user who independently signed up and consented to our use of cookies, or provided optional information), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

    • Right to Complaint: If you are in the EU or UK and have concerns about our data practices, you have the right to lodge a complaint with a supervisory authority (such as the Data Protection Authority in your country or the UK’s Information Commissioner’s Office). We would, however, appreciate the chance to address your concerns directly before you do so, and invite you to contact us with any issues.

  • Legal Bases for Processing: We typically process personal data of users on one or more of the following legal bases under GDPR: (1) Performance of a contract: We process data to provide our Services pursuant to our contracts (for example, our contract with an educational institution, or our Terms of Use with an individual user). This covers most of our processing of student and educator data – the data is needed to deliver the educational platform services you or your school have requested. (2) Legitimate interests: We may process data as necessary for our legitimate interests in operating, maintaining, and improving our Services – for instance, using certain analytics to improve user experience, or preventing fraud and securing our platform. When we rely on legitimate interests, we ensure that our interests are not overridden by individuals’ data protection rights. (3) Legal obligation: In some cases, we must process or retain data to comply with laws (e.g., education record-keeping laws, tax laws). (4) Consent: If we ever ask for and rely on your consent, you will have the freedom to grant or deny consent, and you can withdraw consent later. For example, if an EU student outside of a school context signs up, we might ask for consent to collect certain information; or we might seek consent to send a newsletter to an educator. In all cases, we would make clear when consent is the basis and what you are consenting to.

  • Data Processor vs. Controller: In GDPR terms, for most student data we receive through our school clients, the educational institution is the data controller and Campus Credit is a data processor. This means we process data on documented instructions from the school, as defined in our contract (Data Processing Addendum) with that school. If you are an EU/EEA school or user, we are willing to sign standard data protection agreements to ensure compliance. For some data, like data collected from visitors to our marketing website or an educator signing up directly, Campus Credit might be a controller. In those cases, we take on the responsibilities of a controller under GDPR for that data. We apply rigorous privacy protections in both roles.

  • International Users – Note: If you are in a jurisdiction outside the U.S., the privacy and data protection laws in the United States may differ from those in your country. As noted above, by using our Services, you consent to having your data transferred to and processed in the United States. We will handle it in accordance with this Policy and, where applicable, with the standard contractual measures or other safeguards required. If you have any specific questions about international data handling, please contact us.

We value the privacy of all our users around the world. Even if you are not in California or the EU, if you contact us about your privacy preferences or requests, we will do our best to accommodate you in line with applicable laws. We strive to uphold principles of transparency, fairness, and user control universally.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will notify users in a manner proportionate to the change. For minor or routine updates, we may post the revised Policy with a new effective date on our website. For significant changes (for example, if we were to expand how we use personal data or start collecting new categories of data), we may provide a more prominent notice or seek consent as required by law.

Policy Version and Effective Date: The Effective Date of this Policy is listed at the top. Earlier versions of the Privacy Policy can be obtained from us upon request. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

If you continue to use our Services after a Privacy Policy update takes effect, it will signify your acceptance of the updated terms (to the extent permitted by law). If you do not agree to any revised terms, you should discontinue use of the Services and contact us if you wish to request deletion of your data.

 

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us as follows:

Email: support@mycampuscredit.com
Postal Mail: Campus Credit LLC – Privacy Team, 3150 Hilltop Mall Rd, Richmond, CA, Unit 61, USA

We will gladly respond to inquiries or requests related to your personal information. If you are an educational institution or other enterprise customer, you may also reach out to your account representative or our support channel for assistance.

By contacting us, you consent to our use of the information you provide (including your contact information) to respond to you. We will handle any such communications and information in accordance with this Privacy Policy.

Thank you for trusting Campus Credit with your educational journey. We are dedicated to keeping that trust by safeguarding your privacy and being transparent about our practices.

bottom of page