Privacy Policy

Last Updated: February 12, 2026

1) Who we are & scope

TryfactaEDU (“we,” “us,” “our”) provides education technology and related services to higher‑education institutions (universities and colleges). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our websites, interact with us, or use our services—whether as a university representative, educator, or student whose institution engages us. This Policy builds on the same general structure used by our corporate affiliate’s privacy notice and adapts it for higher‑education use cases.

2) Roles we play (controller, service provider/contractor, and “school official”)

Our role depends on context:

  • Website & marketing interactions: We act as a business under the California Consumer Privacy Act as amended by the CPRA (collectively, “CCPA/CPRA”).
  • When a university engages us: We typically act as a service provider or contractor to that institution under CCPA/CPRA and process personal information only for the business purposes in our agreement (with contractual restrictions such as no secondary use, limited combining, and no cross‑context behavioral advertising).
  • Education records: When a higher‑education institution designates us to handle education records, we act as its “school official” under FERPA, operating under the institution’s direct control, using data only for authorized educational purposes, and not redisclosing without consent or another FERPA exception.

3) Categories of personal information we collect

Depending on your relationship with us and our services, we may collect:

  • Identifiers & contact info (e.g., name, email, phone, institutional role).
  • Device & network activity (e.g., IP address, cookies/SDKs, usage analytics).
  • Professional/education information (e.g., department, course associations; limited education‑record elements provided by your university for contracted services).
  • Sensitive personal information (SPI) only if required (e.g., precise geolocation disabled by default; any SPI will be disclosed and limited per CPRA).

We detail how long we keep each category in Section 10 (Retention).

4) Sources of personal information

  • Directly from you (forms, support requests, events, emails).
  • Automatically via our sites/apps (cookies, logs, analytics).
  • From your university or its service providers when they use our products (subject to FERPA and our contract).

5) How we use personal information (purposes)

  • Provide and support services to universities (hosting, configuration, integrations, analytics to improve service quality).
  • Account administration (billing, provisioning, auditing, security).
  • Communications (service notices, product updates; marketing where permitted with opt‑out).
  • Security & fraud prevention (monitoring, incident response).
  • Legal compliance (responding to lawful requests; enforcing agreements).

Notice at collection: For California residents, we provide a summarized notice of categories, purposes, whether we sell/share, and our retention periods at or before the point of collection (see Section 8).

6) Education records & student privacy (FERPA)

When a university shares education records with us (as defined by FERPA), we handle them only on the institution’s documented instructions, for the institution’s educational purposes, and under its direct control. We will not use education records for advertising or unrelated profiling, and we will not redisclose education records except as permitted by FERPA (e.g., to subcontractors acting as school officials under equivalent restrictions) or with the institution’s consent. Upon contract end or request, we will return or delete education records, consistent with law and contract.

7) Disclosures of personal information

We may disclose personal information as follows:

  • Service providers/contractors: For hosting, support, analytics, email delivery, and security—bound by written contracts that prohibit selling/sharing, limit use to specified business purposes, and restrict combining data outside permitted exceptions.
  • University‑directed recipients: At your university’s instruction (e.g., integrations with its LMS, SIS, or identity providers) in our service‑provider/school‑official role.
  • Legal & safety: Where required by law or to protect rights, safety, and security.
  • Business transfers: In a merger, acquisition, or asset sale, subject to this Policy and applicable laws.

No cross‑context behavioral advertising on education records: We do not use education records for targeted advertising or cross‑context behavioral advertising.

8) California privacy rights (CCPA/CPRA)

Your rights (non-FERPA data)

If you are a California resident, for personal information that we process as a business (e.g., website/marketing data), you have the right to:

  • Know/Access the categories and specific pieces of personal information we collected about you.
  • Delete personal information, subject to exceptions.
  • Correct inaccurate personal information.
  • Opt‑out of sale or sharing of personal information (including cross‑context behavioral advertising). If applicable, use our “Do Not Sell or Share My Personal Information” link and/or send a Global Privacy Control (GPC) signal.
  • Limit the use and disclosure of Sensitive Personal Information to what is necessary to provide requested services, if we collect SPI.
  • Non‑discrimination for exercising your rights.

How to submit requests: Use the methods in Section 14 (Contact). We will verify your request and respond per the timelines and processes required by law.

Notice at collection (summary)

When we collect personal information as a business (e.g., via our website), we disclose at collection:

  • Categories: identifiers, device/usage data, professional information, and SPI if applicable.
  • Purposes: as listed in Section 5 (service delivery, security, communications, etc.).
  • Sale/Sharing: We do not sell personal information. We also do not “share” personal information for cross‑context behavioral advertising on our higher‑education products; if that changes for web properties, we will provide a clear opt‑out link consistent with CPRA regulations and honor GPC signals.
  • Retention: See Section 10 for category‑level periods or criteria.

Note on FERPA: Education records we process on behalf of a university are governed by FERPA and institutional policy. CCPA/CPRA rights may not apply to FERPA‑governed records handled solely in our service‑provider/school‑official role.

9) Cookies, analytics, and “Do Not Track” / Global Privacy Control

We use cookies/SDKs for essential operations and product analytics. We provide controls for non‑essential cookies where required. California’s CalOPPA requires us to disclose how we respond to browser Do Not Track (DNT) signals; many browsers send DNT, but there is no uniform standard. We currently honor the Global Privacy Control (GPC) signal for CCPA/CPRA opt‑outs where applicable.

10) Data retention

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law, and we disclose retention periods or criteria by category as required by CPRA. Education records are retained per our contract with the university and then returned or deleted upon request or contract termination.

Illustrative retention approach (subject to contract):

  • Website analytics logs: 12–24 months (aggregate thereafter).
  • Account/contract records: life of contract + legal retention.
  • Education records: as directed by the university; delete/return at end of engagement.

11) Security

We implement administrative, technical, and organizational safeguards (such as access controls, encryption in transit/at rest where appropriate, vulnerability management, and vendor due diligence). When acting as a service provider/contractor, we and our subprocessors are subject to direct obligations under CPRA regulations and to contractual controls with the university.

12) International transfers

If we transfer personal information across borders, we do so under appropriate safeguards and in accordance with applicable laws and our contracts with universities. The general practices described here are consistent with standard enterprise privacy notices. [tryfacta.com]

13) Your choices and communication preferences

You may opt out of non‑essential marketing emails via the unsubscribe link or by contacting us. For CCPA/CPRA consumer rights (non‑FERPA data), or to submit an accessibility request for this Policy, contact us using the information below.

14) State‑specific disclosures

If other U.S. state privacy laws apply to your use of our websites (outside of FERPA contexts), we will honor applicable rights and notices in a manner consistent with our CCPA/CPRA implementation.

15) Changes to this Policy

We may update this Policy to reflect changes to our practices or applicable laws. We will revise the “Effective date” and, where required, provide additional notice.

16) How to contact us

Questions, requests, or complaints about this Policy or our privacy practices:

  • Email: info@tryfactaedu.com
  • Phone: 1.408.427.8858
  • Postal: TryfactaEDU Office, [4637 Chabot Dr, Suite 100, Pleasanton, CA 94588]

For CCPA/CPRA requests (non‑FERPA data), please include your name, contact information, and the nature of your request so we can verify and respond per California law.