Any international users of the Services should be aware that by using the Services, your information will be transferred to, stored on, and/or processed on servers located in the United States. You also understand that the United States’ data protection laws may not offer the same protections or rights, including judicial redress, with regards to your Personal Information as the laws of the country in which you are located. By using the Services or by otherwise providing us with your Personal Information, you consent to this transfer, storage, and processing of your Personal Information.
In order for us to provide you with our Services, we need to collect and utilize some Personal Information. “Personal Information” is information that is reasonably capable of being used to identify you, and we have provided specific examples of the Personal Information we may have collected about you below. Personal Information does not include de-identified or aggregated information, which is information in which identifiable information is removed and that cannot reasonably be used to identify an individual. We collect Personal Information that you provide to us on the Site and through the Services via forms, applications, forum responses, surveys, user account creation, and other fillable fields on the Site.
Categories of Personal Information We Collect
Categories of Sources for Personal Information We Have Collected
Information Collected Automatically
In addition to the Personal Information that we collect from you as described above, we may automatically collect certain information, including Personal Information, from your use of the Site or the Services. This information may include:
The information described above may be collected through cookies (defined below) or other technologies.
Our Business or Commercial Purposes for Collecting Personal Information and Categories of Third Parties to Whom the Information is Disclosed
We may also use the categories of Personal Information about you described above for the following business or commercial purposes:
The information that is captured about your use of the Services may be used in a variety of ways, such as to monitor and maintain information about your visits to the Services, to help us identify and address problems, to improve the Services, to analyze web traffic trends, and to help protect the security and integrity of the Services.
You may set your browser not to accept cookies or to notify you when you receive cookies, giving you the opportunity to decide whether to accept cookies. If you do not accept cookies, you may still use the Services, but your experience may be degraded.
Some web browsers may transmit “do-not-track” or similar signals to the websites with which a user communicates. There currently is no industry standard for how websites must respond when they receive such a signal. The Site does not respond to do-not-track signals sent by web browsers.
Some of the content, advertisements, and functionality of the Services may be provided by third parties. We also use third-party service providers, including Sentry.io, to provide us with analytics, error detection, and application functionality services, so we can improve our Services. Although Sentry.io does not use cookie technology, collect Personal Information, or otherwise track users, data is collected during instances of application crashes, errors, software bugs or other adverse events. Sentry.io data is paired with randomly generated unique identifiers (UUIDs) to enable us to diagnose adverse events, like application crashes. Other third parties may collect information about your use of the Online Services through technologies such as cookies and web beacons, and this information may be collected over time and combined with information collected across different websites. Some of these third parties may provide you with ways to choose not to have your information collected or used for targeted advertising. For example, some of these third parties may be members of the Network Advertising Initiative (“NAI”) or the Digital Advertising Alliance (“DAA”), which provide websites where you can opt out of certain types of data collection and use or out of receiving targeted ads from member companies. To opt out, please visit https://www.networkadvertising.org/managing/opt_out.asp or
Another third-party service that we use is Google Analytics, which is a web analysis service provided by Google. Google utilizes the data collected to track and examine the use of the Services and may share this data with other Google services. We have also enabled Google Analytics Advertising features, including remarketing, so Google may use the data collected to contextualize and personalize the ads of its own advertising networks. The Services and third parties, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on past visits to the Online Services and report how ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to the Online Services. You can learn more about Google’s privacy practices by visiting their website at https://www.google.com/policies/privacy/partners/.
Microsoft Clarity captures the user interactions on your website such as, how the page is rendering, user interactions such as mouse movements, clicks, and scrolls. You can also read a summary of data collected. You can choose to mask your users' data. For more information, see Microsoft Privacy Statement.
We also use third-party service providers, including Sentry.io, to provide us with analytics, error detection, and application functionality services, so we can improve our Services. Although Sentry.io does not use cookie technology, collect Personal Information, or otherwise track users; data is collected during instances of crashes, errors, software bugs or other adverse events. Sentry.io data is paired with randomly generated unique identifiers (UUIDs) to enable us to diagnose adverse events, like application crashes.
We use third-party service providers, including HotJar, to provide us with site utilization data, including clicks, page visits, device data, browser information and other user activity on our website. Information that Hotjar collects will be used to gain a better understanding of our users’ needs, interactions with our website, to identify issues that our users are running into, and build and maintain user features.
Individuals in the European Economic Area (“EEA”)
Our role as data controller and data processor.
Legal basis for our processing of your Personal Information.
Data Subject Requests.
Individuals located in the EEA have the right to access Personal Information we hold about you and to ask that your Personal Information be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. More information about how to exercise these rights is included in the “How to Exercise Your Rights” section below.
Questions or Complaints.
If you are situated in the EEA and have any complaints regarding our privacy practices as a data controller, you have the right to make a complaint at any time to your local Supervisory Authority. However, we would appreciate the chance to address your concerns before you approach your Supervisory Authority so please contact us in the first instance. If you are located in the EEA and have a complaint, please contact us at firstname.lastname@example.org.
Your Privacy Rights.
In accordance with applicable law, you may have the right to:
How to Exercise Your Rights
If you would like to exercise any of these rights, please send an email to email@example.com or please visit this page, fill in the form, and submit your request. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information, or to exercise any of your other rights. This is a security measure to ensure that Personal Information is not disclosed to a person who has no right to receive it.
Only you, or a person that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
The verifiable request must:
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will attempt to match the Personal Information submitted with your request against our records to verify your identity.
You may designate an authorized agent to make a CCPA request on your behalf by writing to us at the contact information provided above. We also require documentation confirming that the individual is authorized to submit the request on your behalf. This may include a signed letter from you or notarization of your request.
Third-Party Sites and Services
Our Services may contain links to other websites and services operated by colleges, universities, and other educational services providers, social networks, and other third parties. In addition, our features, widgets, or portions of the Services may be integrated on other sites and applications. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control third-party websites, applications, or services, and are not responsible for their actions. Other websites and services follow different rules regarding their collection, use, and sharing of your Personal Information. We encourage you to read their privacy policies to learn more.
Notice Regarding Social Media Use
Data Integrity and Retention
We take reasonable steps to ensure that the Personal Information we process is accurate, complete, and current, but we depend on our users to update or correct their Personal Information whenever necessary. We also take reasonable security measures to protect against unauthorized access to, or unauthorized alteration, disclosure, or destruction of, data.
We will only retain your information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for your information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements, including taking into account the freedoms of speech and expression.
A user’s email address can be updated at any time through their account settings, or by emailing firstname.lastname@example.org with your username, email address on file, and new email address. We ask individual users to identify themselves and the information requested to be corrected or removed before processing such requests, and we may decline to process requests that require extraordinary technical effort, jeopardize the privacy of others, or would be extremely impractical.
User accounts are personal to the registered user. In the event of the death of a user, the user’s account will be deactivated if a verifiable request is received; however, existing content will not be removed from the forums unless required by law. College Confidential cannot provide any Personal Information regarding the user or the account (including username and password) to any family member, next of kin, or legal representative without an order from a court of competent jurisdiction compelling College Confidential to do so.
Data Relating to Children Under 13
If you wish to have your child’s information removed, please contact College Confidential by email at email@example.com. We will need to verify the identity of anyone requesting information about a child to ensure that the person is in fact the child’s parent or legal guardian. However, please understand that, even after removal, your child's content may remain viewable in cached and archived pages or by others if a user has copied or stored such content.
Some of the content, advertisements, and functionality on our website may be provided by third-party subprocessors. When we share your information with third party subprocessors, such as our vendors and service providers, we remain responsible for it. We work hard to maintain your trust and when bringing on new vendors and subprocessors, we make certain those third parties can be trusted with any Personal Information they may have access to.
|Subprocessor||Description||Processing Location||Corporate Location|
|Amazon AWS||Data Hosting||U.S.||U.S.|
|Sentry.io||Application Monitoring Provider||U.S.||U.S.|
|HotJar Ltd.||Website Analytics||Ireland||Malta|
|Microsoft Clarity||Website Analytics||U.S.||U.S.|
CPRA Notice at Collection
Last Updated: June 28th, 2023