Privacy.
To view IonTuition’s GLBA Policy, please click here.
Date Last Revised: April 20, 2021
We respect the privacy of visitors to iontuition.com and related subdomains, subsites, or mobile applications (, the “Websites”) and users of Iontuition’s services (the “Services”). This Privacy Policy outlines the information we will collect and how we will use that information. Please read this web page carefully. If you are not comfortable with the policies and practices it describes, you should not use the Website or the Services. As noted below, we may change this Privacy Policy at any time in our sole discretion. In addition, if you are issued a loan or an income share agreement by a third party issuer or lender, disclosure and use of information obtained from Users and third parties is subject to that third party issuer’s or lender’s privacy policy.
As used herein, the words “User,” “you” and “your” mean users of the Websites and the words “we,” “our,” “us” and “Site Provider” mean IonTuition CP, (“IonTuition”) owner and operator of iontution.com, , and IonTuition CP’s affiliate i3 Group, LLC, the provider of certain services provided through the Websites.
Collection of Personal Information from You
When you provide us with personal information, we will use that information to provide the Services and may, among other uses: use the information to provide services and products; store and process the information to better understand your needs and how we can improve our services and products; use the information to contact you for informational, marketing and promotional purposes; or disclose that information when we contract with a third party to deliver e-mail or provide other services on our behalf. Any manner in which we will use any personal information other than those listed in the preceding sentence will be disclosed when you provide the information. We will, and by your use of our Services you expressly authorize us to, use the information you provide in the manner disclosed.
Except as stated in this Privacy Policy or the Terms of Use, or as otherwise stated at the time personal information is gathered, we will not provide personal information to third parties, although certain non-personal User information may be provided in aggregate form to third parties.
Collection of Personal Information from Third Parties
You agree that the Data Providers, not Site Provider, are responsible for maintaining Account Information with proper and sufficient accuracy and authority in accordance with all governing laws and regulations. Site Provider makes no effort to verify any Account Information for any purpose, including accuracy, legality, or non-infringement.
Sharing your Personal Information
You agree that we may share your information with lenders or issuers and other third parties to provide you with potential loan or income share agreement choices.
We may also provide information to third parties to the extent necessary to enable them to provide services on the Website, such as delivery or tracking of advertisements.
In each instance, your information would not be used by Site Provider in any manner that is inconsistent with this Privacy Policy without your prior permission.
As discussed below under “Collection and use of non- personal information,” we may provide aggregate statistics about our users, traffic patterns and related site information to our clients or for other marketing and promotional purposes.
Effect of Legal Obligations Upon this Privacy Policy
We may disclose your personal information in special cases when we have reason to believe that disclosing this information is necessary to comply with law; to cooperate with or seek assistance from law enforcement; or to identify, contact or bring legal action against someone who may be causing injury to or interference with our rights or property, other Website users or anyone else. We may also disclose User information when necessary to enforce our Terms of Use.
How You Can Access Or Correct Your Information
Collection and Use of Non-Personal Information
We may share this information with advertisers, business partners, sponsors and other third parties. For example, we may inform a sponsor that the membership of the Websites are x percent females and y percent males. This data is used to customize the Website’s content and advertising, and to deliver a better experience for our members and users.
We also collect data from the Web logs of our computers that deliver content on the Website, including information about what you view. Along with information gathered from our other users, we create “aggregate data” reports that we may disclose to third parties. We may also study aggregate data in order to enhance our existing services or develop new services.
We can and will use IP addresses to identify a user when we feel it is necessary to enforce compliance with our terms of use or to protect our service, site, customers, or others.
Use of Cookies
The use of cookies is an industry standard – you’ll find them used at most websites. With most Internet browsers, you can erase Cookies from your computer’s hard drive, block all Cookies, or receive a warning before a Cookie is stored. Please refer to your browser instructions or help screen to learn more about these functions.
Public Forums
Children
Links to Other Websites
Do Not Track
Confidentiality and Security
Any personal information you give out online – such as in discussion boards or groups — can be collected and used by people you don’t know. While we strive to protect your information and privacy, we cannot guarantee the security of any information you disclose online and you do so at your own risk.
The importance of security for all personal information associated with our users and members is of utmost concern to us. Unfortunately, no data transmission over the Internet can be guaranteed to be secure. As a result, while we strive to protect your personal information, we can’t ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your personal information, we will take reasonable efforts to ensure its security on our systems.
Your account on the Websites are password-protected so that only you can access it and view the member information relevant to the account. We recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or e-mail. Ultimately, you are responsible for maintaining the secrecy of your passwords and any account information. Remember to sign out of your account on the Website and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if your computer is accessible to others, if you share a computer with someone else or if you are using a computer in a public place like a library or an Internet café.
Who is Collecting Your Information
Retention of Information
Business Transfers
California Residents
Rights Provided by California Civil Code Section 1798.83
A California resident who has provided personal data to a business with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal data, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom personal data was disclosed in the preceding calendar year, as well as a list of the categories of personal data that were disclosed. California Customers may request further information about our compliance with this law by mailing us at compliance@iontuition.com. Please note that we are only required to respond to one request per California Customer each year under Code Section 1798.83.
Rights Under the California Consumer Privacy Act
This section of our Privacy Policy provides California residents with a comprehensive description of our online and offline practices regarding the collection, use, disclosure, and sale of personal information and the rights of California consumers regarding their personal information under the California Consumer Privacy Act (“CCPA”). This section applies to all California residents (but not including legal entities, such as companies). The section will not apply, however, if we does not collect any personal information about you or if all of the information we collect is exempt from the statute (for example, the CCPA does not protect information that is already protected by certain other privacy laws, and it does not protect information that is already publicly available).
- You have a Right to Know About Personal Information Collected, Disclosed, or Sold.
California residents have the right to request that we disclose what personal information it collects, uses, discloses, and sells. This is called the “Right to Know”. Under the Right to Know, you can request a listing of the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you.
If you would like the above information, you may contact us through our webpage or customer service. Contact information is at the bottom of this section. When you make a request under your Right to Know, you can expect the following:
- We will verify your identity. You will need to provide us the following information: the last four digits of your social security number and your date of birth in order for us to verify that you are who you say you are.
- We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
- We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
- In certain cases, a Request to Know may be denied, for example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.
In the last 12 months, we have collected the following categories of personal information from individuals from the following sources:
Type of Information | Categories of Sources | Business or commercial purposes | Third parties with whom shared |
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. | Directly from you; web server logs; cookies; Data Providers; Lenders; Issuers | To provide, analyze, administer, and improve our Services; marketing communications; | Subcontractors; third party agents |
Categories under California Civil Code Section 1798.80, which includes, in addition to some of the above information, signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | Directly from you; web server logs; cookies; Data Providers; Lenders; Issuers | To provide, analyze, administer, and improve our Services; marketing communications | |
Characteristics of protected classifications under California or federal law. | Directly from you; web server logs; cookies; Data Providers; Lenders; Issuers | To provide, analyze, administer, and improve our Services; | |
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Directly from you; web server logs; cookies | To provide, analyze, administer, and improve our Services; marketing communications | |
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or | Web server logs; cookies | To provide, analyze, administer, and improve our Services | |
Geolocation data. | Directly from the you | To provide, analyze, administer, and improve our Services; | |
Audio, electronic, visual, thermal, olfactory, or similar information. | Directly from you; web server logs; cookies | To provide, analyze, administer, and improve our Services | |
Professional or employment-related information. | Directly from you; web server logs; | To provide, analyze, administer, and improve our Services; marketing communications | |
Education information that is not publicly available including personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99). | Directly from you; web server logs; | To provide, analyze, administer, and improve our Services; | |
Inferences drawn from any of the above information used to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Directly from the consumer; web server logs; | To provide, analyze, administer, and improve our Services |
“Personal information,” for purposes of this section regarding the rights of California residents, does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
We do not sell the personal information.
2. You have a Right to Request Deletion of Personal Information about You
California consumers have a right to request the deletion of their personal information collected or maintained by us. If you would like information about you to be deleted, you may contact us through our webpage or customer service. Contact information is at the bottom of this section. When you make a request for deletion, you can expect the following:
- After you request deletion, you will need to confirm that you want your information deleted.
- We will verify your identity. You will need to provide us the following information: the last four digits of your social security number and your date of birth.
- We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
- We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
- In certain cases, a request for deletion may be denied, for example, if we cannot verify your identity. If we deny your request, we will explain why we denied it, treat your request an “opt-out” of the sale of information (as described in our Notice of Right to Opt-Out), and delete any other information that is not protected from deletion.
3. Right to Opt-Out of the Sale of Personal Information
California consumers have a right to opt-out of the sale of their personal information by Service Provider. As noted above, we do not sell personal information.
4. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have a right not to receive discriminatory treatment by Service Provider for exercising any of your privacy rights conferred by the CCPA. We will not discriminate against any California consumer because such person exercised any of the consumer’s rights under CCPA, including, but not limited to:
- Denying goods or services.
- Charging different prices or rates for goods and services, including through the use of discounts or other benefits or imposing penalties.
- Providing a different level or quality of goods or services.
- Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
We may, however, charge a different price or rate, or provide a different level or quality of goods or services, if that difference is related to the value provided to you by your data.
5. Authorized Agents
If you would like, you may designate an authorized agent to make a request under the CCPA on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us.
6. Contact Information
To request additional information, or make any of the requests described above, you may call us at (855) 456-2656 or contact us through our website at compliance@iontuition.com.
Visitors from Switzerland, United Kingdom and the European Economic Area
This section describes our privacy practices with respect to personal information that is subject to the European Union’s General Data Protection Regulation and the UK Data Protection Act of 2018 (collectively, the “GDPR”) In the event that we collect Personal Data (as defined in the GDPR) that is subject to the GDPR, this section will also apply, but only to such Personal Data. Terms in this section are to be understood in a manner consistent with GDPR including the definition of such term in the GDPR. Such term may have a different definition or meaning in other portions of this Privacy Policy.
Identification of Data Controller:
If we are providing Services directly to you, we, are the controller. To contact us, please see our contact information below. Otherwise, the institution through which we service your account is the controller.
Identification of Primary Member State Supervisory/Data Protection Authority
You have the right to lodge a complaint regarding the processing of your Personal Data with us by contacting our Data Protection Officer listed above. You also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can find a list of Data Protection Authorities here.
Legal Basis for Processing:
GDPR allows processing of personal data based on one of six legal bases. The legal bases for processing personal data are:
- Consent – your freely given, specific, informed and unambiguous indication of your wishes by which you agree to the processing of personal data.
- Contract – we needs to process your personal data for performance of a contract or processes the information at your request prior to entering into a contract.
- Legal Obligation – processing is necessary to comply with a legal obligation.
- Vital Interests – your (or someone else’s) health, safety or other vital interests require processing personal data.
- Public Interest – we needs to process personal data to carry out a task that’s in the public interest.
- Legitimate Interest – processing personal data is in our legitimate interests.
Activity | Legal Basis |
To monitor and improve the experience of the Site | Consent; Legitimate Interest |
To conduct promotional and marketing efforts | Consent; Legitimate Interest |
To provide products or services | Contract |
To comply with legal obligations and to cooperate with public and government authorities, courts or regulators | Legal Obligation |
To comply with judicial proceedings, court orders or legal processes | Legal Obligation |
Onward Transfer:
We will not disclose Personal Data to a third party except as stated below:
We may disclose Personal Data to subcontractors and third-party agents. Before disclosing Personal Data to a subcontractor or third-party agent, we will obtain assurances by contractual agreement from the recipient that it will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the subcontractor or third-party agent is obligated to provide at least the same level of privacy protection as is required by the GDPR; (iii) take reasonable and appropriate steps to ensure that subcontractors and third-party agents effectively process the personal information transferred in a manner consistent with the organization’s obligations under the GDPR; (iv) require subcontractors and third-party agents to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with subcontractors and third-party agents to the Supervisory Authorities upon request.
We may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or in the event of a merger or acquisition.
Retention of Personal Data:
Personal Data subject to GDPR and obtained by us is adequate, relevant and not excessive in relation to the purposes described in this Privacy Policy. The Personal Data is processed for purposes specified herein and will only be processed consist with these purposes described herein. We will request only the minimum amount of information required to perform the applicable services and will retain such information only for as long as necessary to provide the services or for compatible purposes, such as to provide additional services, to comply with legal requirements, or to preserve or defend our legal rights.
Right of Access to your Personal Data
Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the GDPR, a Data Subject may also request that Personal Data be corrected, amended, or deleted. When we receive Personal Data, we do so on behalf of the individual submitting such Personal Data. To request access to, or correction, amendment or deletion of Personal Data, Data Subjects should contact us at the address in the “Questions?” section below. We will cooperate with all reasonable requests to assist Data Subjects to exercise their rights under the GDPR.
Choice
Data Subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized. Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to us. We will cooperate with Data Subjects’ instructions regarding the above Data Subject choices.
Transfers to the United States from the European Union:
When we transfer personal information from the EU to entities within our organization located outside of the EU, we may rely on standard contractual clauses adopted by the European Commission to help establish adequate safeguards. If we transfer personal information from the EU to another party located outside the EU, we may rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or another framework deemed adequate by the European Commission.
Questions
Changes to this Privacy Policy
This page sets forth our Privacy Policy as of 4/20/2021. All versions of this privacy policy are dated with the effective date (the date on which the policy was posted to the Websites). By continuing to use the Websites, you consent to any changes. We will only use the information we learn about you in the manner described in the Privacy Policy in effect when the information was collected from you. However, we reserve the right to change the terms of this Privacy Policy at any time by posting revisions to our site.