Privacy Policy

Last updated: June 04, 2020 - 5:59:16PM UTC

Welcome to our Privacy Policy! We’re grateful for your interest in the iGrad community. iGrad Inc. (“iGrad”, “Enrich”, "us", "we", or "our") operates this website ( https://www.igradfinancialwellness.com/ ) and other services that link to this Privacy Policy (collectively referred to as the “Services”). We take your right to privacy and the protection of your personal data very seriously.

Our goal is to explain our Privacy Policy to you in the clearest and simplest terms possible. Should you have any question regarding our Privacy Policy or how we handle your personal data, please don’t hesitate to contact us at: [email protected].

This Privacy Policy informs you of our practices and policies regarding the collection, use, and disclosure of personal data (which we may also refer to as “personal information”) when you use our Services and the choices you have associated with that data. By using the Services, you agree to the collection and use of information in accordance with this policy. This Privacy Policy does not apply to any third-party websites, software, or applications that may integrate with our Services or perform services for us or on our behalf and require access to personal data and/or Usage Data (defined below) in order to serve their required function (“Third Party Services”) or any other third-party websites, software, applications, or businesses. If there are any aspects of this Privacy Policy that you do not agree with, please cease use of our Services (including our websites).

Table of Contents

Let’s Start With Some Definitions

Services

As we mentioned above, the Services is the iGrad website ( https://www.igradfinancialwellness.com/ )and other services that link to this Privacy Policy, as well as all instances of the Services we provide as a Software-as-a-Service (“SaaS”) to our Partner Organizations defined below.

Partner Organization(s)

A Partner Organization is an organization (e.g. your school, employer, credit union, benefits provider, or another entity or person) that entered into an agreement with iGrad to provide (and configure) that organization’s instance of the Services to you, as well as affiliated organizations, such as resellers and/or the sponsor of your instance of the Services.

Usage Data

Usage Data is data that is collected automatically and generated by the use of the Services or from the Services infrastructure itself (for example, the duration of a page visit).

Third-Party Services

Any third-party websites, software, or applications that may integrate with our Services or perform services for us or on our behalf and require access to your information and/or Usage Data in order to serve their required function.

Information We Collect and Use

Information You or Your Partner Organization(s) Choose to Provide Us

While using our Services, we may ask you to provide us with certain personally identifiable (directly or indirectly) information that can be used to contact or identify you. This information may also be securely provided to us by your Partner Organization(s), for example, through a Single Sign On (“SSO”) endpoint.

The information we collect depends on various factors, including, but not limited to the information provided by your Partner Organization(s), the configurations made to the instance of the Services provided to you by your Partner Organization(s), your choices to provide us with information during your usage of the Services, and our continually updated Services. Should you have any questions about the data your Partner Organization(s) collects or shares to provide an optimal experience with our Services, please review your Partner Organization’s privacy policy or reach out to them directly.

The following is the current list of categories of information, with examples of each, we may collect that you may choose to share with us or your Partner Organization may choose to share with us (please see the section below on How We Use Information for details on how information about you is used):

  • Account Related Information: Information such as email address, username, password, and other credentials you use to sign-in to use our Services, your account photo, your account settings, etc.
  • Contact and Biographical Information: Information such as your first and last name, email addresses, home addresses, phone number, Social Security number, driver’s license number, date of birth, etc.
  • Education Information: Information such as the name of your current, past, or intended school or Partner Organization(s); information about your student loans (e.g. loan type, balances, interest rate); your current or intended degree and school type; financial aid award letter; enrollment status; etc.
  • Career Information: Information such as the name of your current, past or intended employer or Partner Organization(s); your resume; your participation in and the details of your retirement plan, health plan, and other benefits; employment status; field or industry; career development goals; etc.
  • Financial Information: Information such as personal budget data (e.g. income, expenses, saving), general information about your credit cards excluding credit card number (e.g. credit card company/brand, balance, monthly payment), the types and dollar values for various assets and liabilities, your credit score, savings goals and progress, retirement goals and progress, types of bank accounts, insurance coverage etc.
  • Family and References Information: Information such as spousal income; marital status; dependents status; family size; the references and next of kin that you provide, such as first and last name; home address; phone number; email addresses; and the relationship of the reference or next of kin to you, etc.
  • Other Information You Provide Us: Information you provide us through online forms or other features, such as your comfort level with various financial topics, current or intended financial behaviors, indicators of personality type, financial stress level and stressors, etc. You may also provide us information about yourself via email, telephone or postal mail.

Information We Collect When You Use Our Services

When you use our Services, we may also collect information regarding how the Services are accessed and used, such as Usage Data (defined above). The information we collect may include information such as your IP address, browser type, browser version, search queries you submit (such as content, scholarships and jobs searches, etc.), the pages of our Services that you visit, the objects you clicked, the content that you viewed, the time and date of your visit, the time spent on those pages, and other diagnostic data. The information we collect may also include geographical data, such as language, country, state, and city.

We also collect content and other information you create or provide while interacting with our Services, such as content that you add to your favorites (e.g., content, courses, scholarships, etc.); content that you found helpful or unhelpful; your course scores and progress; action plan and Money Personality assessments; recommendations delivered via the Financial Wellness Checkup; progress and personalized outputs of interactive exercises and calculators; and questions, answers, and comments you submit in the Community and comment areas of our Services.

Information We Collect With Cookies

We use cookies and similar tracking technologies to track the activity on our Services and hold certain information. Some cookies are associated with your account and information about you in order to personalize and provide our Services. Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies similar to cookies that we may also use are beacons, tags, and scripts to collect and track information and to provide, improve and analyze our Services. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. Most browsers allow you to instruct your browser to refuse all cookies or to indicate when a cookie is being sent. You can also delete individual cookies from your browser. However, if you do not accept or if you delete cookies, you may not be able to use some portions of our Services. For more information about how we use cookies, please read our Cookie Policy.

“Do Not Track” Signals

The “do not track” (or “DNT”) concept has been promoted by regulatory authorities for the internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites. Various web browsers offer a DNT option that sends a signal to websites visited by the user’s browser about the user's DNT preference. You can usually access your browser's DNT option in your browser's “preferences” or similar settings. As of the time of the posting of this Privacy Policy, there is no internet industry DNT technology standard. With regard to DNT, our websites and services do not currently respond to DNT signals in browsers because, as mentioned above, no DNT standard has been adopted. However, as we explain in this Privacy Policy, we take privacy and security seriously and you do have choices regarding how your browser handles cookies and other similar technologies.

How We Use Information

We use the collected data for various, legitimate business purposes, such as to provide you with and maintain our Services, to fulfill the agreement entered into with your Partner Organization(s), and/or in adherence with legal obligations. More specifically, we use the information we collect and receive:

  • To create your account and allow you to log in. If you choose to create an account using the Services sign up form, we will use the information provided to create your account and allow you to log in. If you choose to access our Services through Single Sign On (SSO) with a third-party account (such as the account you use with your Partner Organization), we use the information collected to create a seamless login experience and to personalize the experience of the Services for you.
  • To provide, update, maintain, and protect our Services and manage our contractual relationships. We use collected information to support delivery of our Services, prevent or address security and technical issues, and analyze and monitor usage and other activities. In support of the delivery of our Services, we may use information about you for purposes such as personalizing your experience (e.g., recommending relevant articles or videos, or using your name in website messaging), improving educational experiences (e.g., tailoring course content to better meet your goals and situation), and enabling tools to help you achieve your goals (e.g., comparing student loan repayment options, projecting retirement savings, or saving your inputs to a budgeting tool for ease of use). We may also use your information to manage and comply with our contractual relationship with you and your Partner Organization(s).
  • To send emails and other communications. We may send you emails, messages, and other types of communications. These communications may include, but are not limited to information about the Services and its features, contests and other promotions, changes to our policies and Services, providing you with user support, and administrative communications. With the exception of administrative communications, such as resetting a password, you can opt-out of various categories of emails at any time by using the unsubscribe link(s) contained in the email. You may also opt out of all emails by contacting us at: [email protected].
  • To serve targeted advertising and offers. We may use your information to display (or send to you) content, promotions, offers, and advertisements (from us or from our third-party partners) that are personalized to your needs, goals, interests, and/or situation.
  • To enable community related features and user-to-user communications. We may use your information to post questions or answers in our discussion forum(s), to display your first name and account photo in leaderboards and other features, to administer contests and sweepstakes, and/or to post testimonials.
  • To request feedback. We may use your information to request feedback to improve our Service.
  • To respond to your inquiries. We may use your information to respond to your inquiries and fulfill any of your requests.
  • To comply with applicable law. We may use your information as required by applicable law, legal process or regulation.
  • To enforce our terms, conditions, and policies. We may use your information to enforce our terms, conditions, and policies, such as our Terms of Service.
  • For other purposes with your consent. We may use your information in any other way we may describe when you provide the information and for any other purpose with your consent.

How Long We Retain Information

We will retain your information only for as long as is necessary for the purposes set out in this Privacy Policy. The criteria we use to determine our retention periods include:

  • We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
  • The length of time we have an ongoing relationship with you or Partner Organization(s) (e.g., for as long as you have an account with us or keep using our Services).
  • We will also retain Usage Data for legitimate internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods. When we have no ongoing legitimate business need to retain your information, we will delete or anonymize it.

We may receive information about you from your Partner Organization(s) (as we stated above) and we may retain that information consistent with this Privacy Policy after our agreement with your Partner Organization terminates. However, if our agreement with your Partner Organization requires us to delete information about you, we delete the information in accordance with the Partner Organization agreement.

How We Share and Disclose Information

Business Transaction

If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, we may be required to disclose your information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

We may disclose your information in the good faith belief that such action is necessary:

  • To comply with a legal obligation.
  • To protect and defend the rights or property of iGrad.
  • To prevent or investigate possible wrongdoing in connection with the Services.
  • To protect the personal safety of users of the Services or the public.
  • To protect against legal liability.

Partner Organization

We may share your information to provide reporting to your Partner Organization(s). We may provide collected data via a reporting console, as well as through other secure transfer methods, to your Partner Organization(s) in order for them to provide you with services, analyze usage and efficacy, and for other uses determined by your Partner Organization(s). Should you have any questions about how your Partner Organization(s) is using your data, please review your Partner Organization’s privacy policy or reach out to them directly.

Third-Party Services

Overview
We may share your information with Third-Party Services (defined above). Examples may include: using a calculator, email delivery, searching for a job, providing a resume critique, or running analytics on Usage Data. These third parties have access to your information only to perform tasks, such as these, on our behalf and are obligated not to disclose or use it for any other purpose.

TopResume
TopResume is a career services company that offers free resume analysis, as well as paid professional resume services. At your request and with your consent, we will send your first name, email, and uploaded resume to TopResume (which operates in the United States only), so that they may provide you with a free resume analysis. We encourage you to review TopResume’s privacy policy before accepting TopResume’s analysis and services. In order to make a data or deletion request to TopResume, you can contact TopResume’s Data Privacy team here: [email protected].

Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Services available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page.

Other Users

When you share your information, such as adding a question or answer to a discussion group, or otherwise interact with community areas of our Services, your information may be viewed by all users, such as your account photo, first name, and/or comments.

With Your Consent

We may share your information for other purposes only when you offer your explicit consent.

Security and Keeping Your Information Safe

The security of your data is of the utmost importance to us. iGrad has implemented reasonable organizational, technical, and administrative measures to protect against the loss, misuse, and alteration of personal information about users. As an example of technical measures we have implemented, we use encryption in the transmission of your personal information between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to your personal information. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure, and the safety and security of your information also depends on you. If you have a password for access to certain parts of our Services, you are responsible for keeping your password confidential. We ask you not to share your password with anyone.

Transfer of Data

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside the United States, please note that we transfer the data, including personal data, to the United States and process it there. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls and safeguards in place including the security of your data and other personal information. If you have questions about the transfer of your data or the controls and safeguards we have in place, you can email us at [email protected].

Your Rights and the General Data Protection Regulation (GDPR)

Your Rights

If you are a resident of the European Economic Area (“EEA”), you have certain data protection rights under the General Data Protection Regulation (“GDPR”). Subject to any exemptions provided by law, we aim to take reasonable steps to allow you to correct, amend, or delete your personal data. You can usually do this using your Account Settings and/or other features within the Services. You can also contact us at [email protected] to be informed what personal data we hold about you, and/or if you would like us to correct, amend, or delete your personal data.

In certain circumstances, your rights under the GDPR include the following:

  • The right to access, update or delete the information we have about you. Whenever made possible, you can access, update or request deletion of your personal data directly within your Account Settings. If you are unable to perform these actions yourself, please contact us at [email protected] to assist you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your personal data. Your right to object includes the right to object at any time to the processing of your personal data for direct marketing purpose.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of the information we have about you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests. Please also note that our fulfillment of certain requests, such as requests to delete your information or restrict the processing of your information, may result in us being unable to provide you certain products or services.

You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you think we are processing your personal data not in accordance with the GDPR. For more information, please contact your local data protection authority in the EEA.

Legal Basis

If you are in the EEA, our legal basis for collecting and using the personal information described in this Privacy Policy depends on the personal data we collect and the specific context in which we collect it, as we discuss above in this Privacy Policy. We process your information with your consent or because we have legitimate interests, such as:

  • It enables us to provide you with the Services
  • The processing is in our legitimate interests and it's not overridden by your rights
  • To comply with the law

California Residents

This section of our Privacy Policy applies to all visitors, users, and others who reside in the State of California (“consumers” or “you”). We include this “California Residents” section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this section.

 

Personal Information We Have Collected

 

Through your interaction with our Services, we collect information that is defined as “personal information” under the CCPA, which is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include publicly available information from government records, deidentified or aggregated consumer information or information excluded from the CCPA’s scope. In particular, we have collected the following categories of personal information about consumers (i.e., California residents) within the last 12 months:

 

Categories:
 
Examples of Personal Information in the Category:
 
Collected (“Yes” or “No”):
 
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. Yes, we have collected personal information included in this category.
B. Personal information categories described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
 
Please note that some personal information included in this category may overlap with other categories.
Yes, we have collected personal information included in this category.
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). Yes, we have collected personal information included in this category.
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Yes, we have collected personal information included in this category.
E. Biometric information. Genetic (e.g., DNA), physiological, behavioral, or biological characteristics, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data. No, we have not collected personal information included in this category.
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. Yes, we have collected personal information included in this category.
G. Geolocation data. Physical location or movements. No, we have not collected personal information included in this category.
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. No, we have not collected personal information included in this category.
I. Professional or employment-related information. Current or past job history or performance evaluations. Yes, we have collected personal information included in this category.
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Yes, we have collected personal information included in this category.
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Yes, we have collected personal information included in this category.

 

We obtain these categories of personal information as described above in this Privacy Policy and in our Cookie Policy. To summarize, we obtain these categories of personal information from the following categories of sources:

 

  • Directly from you. For example, from forms you complete using our Services or from emails you send us or telephone calls with us.
  • Indirectly from you. For example, from monitoring your interactions with our Services through cookies and other similar tracking technologies or from collecting content and other information you create or provide while using our Services.
  • From your Partner Organization. For example, through SSO.

 

Our Use and Disclosure of Personal Information

 

Our use and disclosure of personal information is discussed above in the “How We Use Information” and “How We Share and Disclose Information” sections. To summarize, we may use or disclose the personal information we collect for one or more of the following purposes:

 

  • To fulfill or meet the reason you provided the information. For example, if you create an account, we will use the information you provide to allow you to log in, or if you provided personal information to use our Services, we will use that personal information to allow you to use the Services.
  • To provide, support, personalize, and develop our Services.
  • To manage our contractual relationships with you and Partner Organizations.
  • To process your requests, provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our Services and responses.
  • To send you emails and other communications regarding, for example, our Services and policies, or requests for your feedback.
  • To personalize your experience with our Services and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Services, third-party sites, and via email or other communications (with your consent, where required by law).
  • To enable community related features and user-to-user communications through our Services.
  • To enforce our terms, conditions and policies.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To help maintain the safety, security, and integrity of our Services and other technology assets, and business.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of iGrad’s assets in which personal information held by us about users of our Services is among the assets transferred.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

 

We will not collect additional categories of personal information or use or disclose the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

 

Our Sharing of Personal Information

 

We may share your personal information with a third party for a business purpose. When we share personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We share your personal information with the categories of third parties described above in the “How We Share and Disclose Information” section.

 

Sharing of Personal Information for a Business Purpose:

 

In the preceding twelve (12) months, we have shared the following categories of personal information (referenced above) for a business purpose:

 

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Protected classification characteristics under California or federal law.

Category D: Commercial information.

Category F: Internet or other similar network activity.

Category I: Professional or employment-related information.

Category J: Non-public education information.

Category K: Inferences drawn from other personal information.

 

We have shared personal information for a business purpose with each of the above-listed categories of third parties, namely: Partner Organizations; Third Party Services; career services companies; and web analytics companies.

 

No Sales of Personal Information:

 

In the preceding twelve (12) months, we have not sold personal information.

 

Your Rights Under the CCPA

 

The CCPA provides consumers (California residents) with specific rights regarding their personal information, as we describe further below.

 

Information Access and Portability Rights:

 

As a California resident, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. If we receive and confirm a verifiable consumer request from you (see “Exercising Access, Portability, and Deletion Rights” below), we will disclose the following to you consistent with the CCPA:

 

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting (or selling, if applicable) that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a “data portability request”).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: (1) sales, identifying the personal information categories that each category of recipient purchased (or, if we did not sell your personal information, we will disclose that fact); and (2) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

 

Deletion Requests Rights:

 

As a California resident, you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. If we receive and confirm a verifiable consumer request from you (see “Exercising Access, Portability, and Deletion Rights” below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if maintaining the information is necessary for us or our service provider(s) to:

 

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products or services to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise his or her free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the deletion of the information is likely to render impossible or seriously impair the achievement of such research, if you have provided informed consent.
  • Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

Exercising Access, Portability, and Deletion Rights:

 

If you have an account with us, you may be able to exercise the personal information access, portability, and deletion rights described above within your Account Settings. Otherwise, to exercise these rights, please submit a verifiable consumer request to us by email at: [email protected].

 

Only you, or someone authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child (although as we explain below in the “Age Limitations” section of our Privacy Policy below, we do not knowingly collect personal information of children).

 

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must (a) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and (b) describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

 

Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account (within the Account Settings, as described above) sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.  

 

Our Responses to Access, Portability and Deletion Requests:

 

We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time, we will inform you of the reason and extension period in writing.

If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable consumer request. If we cannot comply with a request, the response will explain the reasons we cannot comply. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to easily transmit the information from one entity to another entity.

 

We do not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

Non-Discrimination

 

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not do any of the following:

 

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

 

However, we reserve the right to offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time, although as of the Effective Date of this Privacy Policy we do not provide any financial incentives.

 

Notice at Collection of Personal Information

 

The purpose of this “Notice at Collection of Personal Information” section is to provide you, as a California resident, with timely notice (at or before the point of collection) about the categories of personal information we collect from you and the purposes for which the personal information will be used.

 

The categories of personal information about you that we may collect are the following:

 

  • Account related information, such as your username, password, account photo, account settings, etc.
  • Contact and biographical information, such as your name, email addresses, home addresses, phone number, Social Security number, driver’s license number, date of birth, etc.
  • Education information, such as the name of your current, past, or intended school or Partner Organization(s) (defined above in our Privacy Policy), information about your student loans and financial aid, your current or intended degree, enrollment status and school type, etc.
  • Career information, such as the name of your current, past or intended employer or Partner Organization(s), your resume, your participation in and the details of your retirement plan, health plan, and other benefits, employment status, career goals, etc.
  • Financial information, such as personal budget data (e.g. income, expenses, saving), general information about your credit cards (but not credit card numbers), your assets and liabilities, your credit score, savings goals and progress, retirement goals and progress, types of bank accounts, insurance coverage, etc.
  • Family and references information, such as spousal income, marital status, dependents status, family size, the references and next of kin that you provide, such as name and contact information, the relationship of the reference or next of kin to you, etc.
  • Other information you provide us, such as through online forms or other features or through email, telephone or postal mail.
  • Information regarding how you access and use the Services (defined above in our Privacy Policy), such as your IP address, browser type, browser version, search queries you submit, the pages that you visit, the objects you clicked on, the content that you viewed, the time and date of your visit, the time spent on those pages, etc.
  • Information you create or provide while interacting with our Services, such as content that you add to your favorites, content that you found helpful or unhelpful, your course scores and progress, action plan and Money Personality assessments, recommendations delivered via the Financial Wellness Checkup, progress and personalized outputs of interactive exercises and calculators, questions, answers, and comments you submit in the Community and comment areas of our Services, etc.
  • Information we collect with cookies and other similar tracking technologies. For information about how we use cookies, please read our Cookie Policy.

 

For more detail on the categories of personal information about you that we may collect, please review the “Information We Collect and Use” section above in our Privacy Policy. To learn about the purposes for which we use these categories of personal information about you, please review the “Our Use and Disclosure of Personal Information” section above. Our entire Privacy Policy is on this page, so you can review our Privacy Policy by starting at the top of this page.

 

Other California Privacy Rights

 

If you are a resident of California, you have the right to request information from us pursuant to California Civil Code Section 1798.83 (California’s “Shine the Light” law) regarding the manner in which we share certain categories of personal information with third parties for their direct marketing purposes. You can email us at [email protected] if you would like to request this information.

Our Services may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Age Limitations

Our Services are not directed to or intended for anyone under the age of 13 or anyone under age 16 in Europe ("children" or “child”). We do not knowingly collect personal information from children under age 13 or children under age 16 in Europe. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected the personal information of a child or that a child has registered an account with us without verification of parental consent, we take steps to delete that information and deactivate any user account. Teenagers of ages 16 to 17 in Europe and ages 13 to 17 in the U.S. and elsewhere should encourage their parents to review this Privacy Policy and contact us with any questions or concerns.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. If we make changes to the Privacy Policy that materially alter your privacy rights, we will provide additional notice via email and/or a prominent notice on our Services, and update the "effective date" at the top of this Privacy Policy. Before we use your personal information for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. If you disagree with any changes to this Privacy Policy, you have the right to withdraw consent and should do so using your Account Settings and/or other features within the Services. You can also contact us at [email protected].

Contact Us

If you have any questions about this Privacy Policy, please contact us by email at [email protected] or by mail:

iGrad Inc.
Attn: Privacy
2163 Newcastle Avenue, Suite 100
Cardiff-By-The-Sea, CA 92007