Privacy.

To view IonTuition’s GLBA Policy, please click here.

Date Last Revised: April 20, 2021

We respect the privacy of visitors to iontuition.com and related subdomains, subsites, or mobile applications (, the “Websites”) and users of Iontuition’s services (the “Services”). This Privacy Policy outlines the information we will collect and how we will use that information. Please read this web page carefully. If you are not comfortable with the policies and practices it describes, you should not use the Website or the Services. As noted below, we may change this Privacy Policy at any time in our sole discretion. In addition, if you are issued a loan or an income share agreement by a third party issuer or lender, disclosure and use of information obtained from Users and third parties is subject to that third party issuer’s or lender’s privacy policy.

As used herein, the words “User,” “you” and “your” mean users of the Websites and the words “we,” “our,” “us” and “Site Provider” mean IonTuition CP, (“IonTuition”) owner and operator of iontution.com, , and IonTuition CP’s affiliate i3 Group, LLC, the provider of certain services provided through the Websites.

Collection of Personal Information from You

We may collect some personal information about you directly from you when you provide it to us voluntarily. For example, we request personal information, such as your name, mailing address, e-mail address and credit card information when you register for Services.

When you provide us with personal information, we will use that information to provide the Services and may, among other uses: use the information to provide services and products; store and process the information to better understand your needs and how we can improve our services and products; use the information to contact you for informational, marketing and promotional purposes; or disclose that information when we contract with a third party to deliver e-mail or provide other services on our behalf. Any manner in which we will use any personal information other than those listed in the preceding sentence will be disclosed when you provide the information. We will, and by your use of our Services you expressly authorize us to, use the information you provide in the manner disclosed.

Except as stated in this Privacy Policy or the Terms of Use, or as otherwise stated at the time personal information is gathered, we will not provide personal information to third parties, although certain non-personal User information may be provided in aggregate form to third parties.

Collection of Personal Information from Third Parties

We gather and consolidate available account information from institutions with which you have a relationship, including your or your dependent’s government-guaranteed 20 USC 1070 Title IV loan type data, account information, personal data, payment data, historical account data, and other data on each of your loans under the Title IV program (“Account Information”). You acknowledge and agree that the Account Information is obtained from various third party entities (“Data Providers”) on your behalf, and as your agent and service provider. Such Data Providers include the U.S. Department of Education’s (“ED”) National Student Loan Database System, your institution, your employer, your Title IV lender or loan servicer appointed by the lender, the guaranty agency or the ED from time to time or any private student loan lender you have authorized data to be provided from. The Account Information is obtained by using data access credentials you provide at the time of registration, or pursuant to these Terms of Use and through an agreement between us and the applicable Data Provider. All of your Account Information is stored in our databases for your use in connection with the Services.

You agree that the Data Providers, not Site Provider, are responsible for maintaining Account Information with proper and sufficient accuracy and authority in accordance with all governing laws and regulations. Site Provider makes no effort to verify any Account Information for any purpose, including accuracy, legality, or non-infringement.

Sharing your Personal Information

We do not sell, trade or rent your personal information to others. We will provide information to third parties to the extent necessary to enable them to provide Services for which you subscribe. These third parties may also require more information from you. You acknowledge that these third parties have their own privacy practices and that you should review and understand their privacy policies and website terms of use when using services provided by them.

You agree that we may share your information with lenders or issuers and other third parties to provide you with potential loan or income share agreement choices.

We may also provide information to third parties to the extent necessary to enable them to provide services on the Website, such as delivery or tracking of advertisements.

In each instance, your information would not be used by Site Provider in any manner that is inconsistent with this Privacy Policy without your prior permission.

As discussed below under “Collection and use of non- personal information,” we may provide aggregate statistics about our users, traffic patterns and related site information to our clients or for other marketing and promotional purposes.

Effect of Legal Obligations Upon this Privacy Policy

Any collection or use of personal information will comply with applicable law.

We may disclose your personal information in special cases when we have reason to believe that disclosing this information is necessary to comply with law; to cooperate with or seek assistance from law enforcement; or to identify, contact or bring legal action against someone who may be causing injury to or interference with our rights or property, other Website users or anyone else. We may also disclose User information when necessary to enforce our Terms of Use.

How You Can Access Or Correct Your Information

You can edit, correct or remove any or all of the personal information you provide us by accessing the account you create when you subscribe for a Service. Remember, however, that removing personal information may limit your ability to access some or all of the features of the Services and Websites. In addition, to keep you in control of your personal information and the communications directed to you, we allow you to opt-out of receiving communications from us about new Services or Website features.

Collection and Use of Non-Personal Information

We may also collect information about you that is not personal. Examples of this type of information may include: your age, gender, interests and preferences; the domain name of the website from which you linked to the Website; your domain type (com, .net, .edu, etc.); the server your computer is logged into; your IP address (a unique number that is automatically assigned to your computer whenever you are surfing the Web; many Web servers automatically identify your computer by its IP address); and other standard information included with every communication sent on the Internet, such as browser type, operating system, browser language, service provider, and local time.

We may share this information with advertisers, business partners, sponsors and other third parties. For example, we may inform a sponsor that the membership of the Websites are x percent females and y percent males. This data is used to customize the Website’s content and advertising, and to deliver a better experience for our members and users.

We also collect data from the Web logs of our computers that deliver content on the Website, including information about what you view. Along with information gathered from our other users, we create “aggregate data” reports that we may disclose to third parties. We may also study aggregate data in order to enhance our existing services or develop new services.

We can and will use IP addresses to identify a user when we feel it is necessary to enforce compliance with our terms of use or to protect our service, site, customers, or others.

Use of Cookies

When you view the Website, we may store some information on your computer. This information will be in the form of a “Cookie” or similar file and will help us in many ways. Cookies are small text files placed on your computer’s hard drive, so that we can recognize you the next time you visit the Website. For example, cookies are used to allow us to track your movements when you visit the Website to help us determine what type of information to present to you and to tailor the Website to better match your interests and preferences.

The use of cookies is an industry standard – you’ll find them used at most websites. With most Internet browsers, you can erase Cookies from your computer’s hard drive, block all Cookies, or receive a warning before a Cookie is stored. Please refer to your browser instructions or help screen to learn more about these functions.

Public Forums

The Websites may make discussion boards, groups and/or other public forums available to its users. Please remember that any information that is disclosed to these areas becomes public information and you should exercise caution when deciding to disclose your personal information.

Children

These Websites is not directed at persons under 18 years of age and our content and other services are not written, intended, or designed for persons under 18 years of age. We do not intend to collect any personal information from such individuals. Where appropriate, we will specifically instruct children not to submit such information on the Websites. If a child has provided us with personal information, a parent or guardian of that child should contact us at the mailing address or e-mail address listed at the bottom of this Policy if he would like this information deleted from our records. We will use reasonable efforts to delete the child’s information from our existing files.

Links to Other Websites

Some browsers have a “Do Not Track” feature that lets you tell websites and online services that you do not want to have your online activities tracked. Such browser features and industry standards are not uniform, so our websites and online services do not respond to those signals.

Do Not Track

The Website may allow links to other websites as stated in our Terms of Use. When you click on such a link, you will leave the Websites. The privacy policy of the external Web site will then be in effect, not Site Provider’s. We assumes no responsibility for the information practices of sites you are able to access through the Websites. These links to other sites do not imply affiliation or endorsement of a linked site in any way.

Confidentiality and Security

We have implemented generally accepted security standards to protect information from loss, misuse and unauthorized access, disclosure, alteration or destruction. Only Site Provider employees and independent contractors have access to the information we collect, and these employees and independent contractors are made aware of and required to comply with our privacy policy.

Any personal information you give out online – such as in discussion boards or groups — can be collected and used by people you don’t know. While we strive to protect your information and privacy, we cannot guarantee the security of any information you disclose online and you do so at your own risk.

The importance of security for all personal information associated with our users and members is of utmost concern to us. Unfortunately, no data transmission over the Internet can be guaranteed to be secure. As a result, while we strive to protect your personal information, we can’t ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your personal information, we will take reasonable efforts to ensure its security on our systems.

Your account on the Websites are password-protected so that only you can access it and view the member information relevant to the account. We recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or e-mail. Ultimately, you are responsible for maintaining the secrecy of your passwords and any account information. Remember to sign out of your account on the Website and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if your computer is accessible to others, if you share a computer with someone else or if you are using a computer in a public place like a library or an Internet café.

Who is Collecting Your Information

Your information is being collected solely by Site Provider. See Sharing your personal information above concerning the circumstances under which we may disclose certain of your information to third parties.

Retention of Information

Any information we collect may be retained for as long as necessary to provide you with the Services or to comply with our legal obligations.

Business Transfers

As Site Provider continues to develop, our business may be sold, merged or otherwise transferred to another entity. The personal information you have provided at the Websites may be transferred as part of that transaction. However, we will take steps to assure that any personal information is used in a manner consistent with the Site Provider privacy policy under which it was collected.

California Residents

This section is applicable to residents of California. If you are a resident of California, you have certain rights described below. The following do not apply to individuals who do not live in California on a permanent basis.

Rights Provided by California Civil Code Section 1798.83

A California resident who has provided personal data to a business with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal data, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom personal data was disclosed in the preceding calendar year, as well as a list of the categories of personal data that were disclosed. California Customers may request further information about our compliance with this law by mailing us at compliance@iontuition.com. Please note that we are only required to respond to one request per California Customer each year under Code Section 1798.83.

Rights Under the California Consumer Privacy Act

This section of our Privacy Policy provides California residents with a comprehensive description of our online and offline practices regarding the collection, use, disclosure, and sale of personal information and the rights of California consumers regarding their personal information under the California Consumer Privacy Act (“CCPA”). This section applies to all California residents (but not including legal entities, such as companies). The section will not apply, however, if we does not collect any personal information about you or if all of the information we collect is exempt from the statute (for example, the CCPA does not protect information that is already protected by certain other privacy laws, and it does not protect information that is already publicly available).

  1. You have a Right to Know About Personal Information Collected, Disclosed, or Sold.

California residents have the right to request that we disclose what personal information it collects, uses, discloses, and sells. This is called the “Right to Know”. Under the Right to Know, you can request a listing of the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you.

If you would like the above information, you may contact us through our webpage or customer service. Contact information is at the bottom of this section. When you make a request under your Right to Know, you can expect the following:

  1. We will verify your identity. You will need to provide us the following information: the last four digits of your social security number and your date of birth in order for us to verify that you are who you say you are.
  2. We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
  3. We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
  4. In certain cases, a Request to Know may be denied, for example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.

In the last 12 months, we have collected the following categories of personal information from individuals from the following sources:

Type of Information Categories of Sources Business or commercial purposes Third parties with whom shared
Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. Directly from you; web server logs; cookies; Data Providers; Lenders; Issuers To provide, analyze, administer, and improve our Services; marketing communications; Subcontractors; third party agents
Categories under California Civil Code Section 1798.80, which includes, in addition to some of the above information, signature, physical characteristics or description, telephone number, state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Directly from you; web server logs; cookies; Data Providers; Lenders; Issuers To provide, analyze, administer, and improve our Services; marketing communications
Characteristics of protected classifications under California or federal law. Directly from you; web server logs; cookies; Data Providers; Lenders; Issuers To provide, analyze, administer, and improve our Services;
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Directly from you; web server logs; cookies To provide, analyze, administer, and improve our Services; marketing communications
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or Web server logs; cookies To provide, analyze, administer, and improve our Services
Geolocation data. Directly from the you To provide, analyze, administer, and improve our Services;
Audio, electronic, visual, thermal, olfactory, or similar information. Directly from you; web server logs; cookies To provide, analyze, administer, and improve our Services
Professional or employment-related information. Directly from you; web server logs; To provide, analyze, administer, and improve our Services; marketing communications
Education information that is not publicly available including personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99). Directly from you; web server logs; To provide, analyze, administer, and improve our Services;
Inferences drawn from any of the above information used to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Directly from the consumer; web server logs;  To provide, analyze, administer, and improve our Services

“Personal information,” for purposes of this section regarding the rights of California residents, does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

We do not sell the personal information.

2. You have a Right to Request Deletion of Personal Information about You

California consumers have a right to request the deletion of their personal information collected or maintained by us. If you would like information about you to be deleted, you may contact us through our webpage or customer service. Contact information is at the bottom of this section. When you make a request for deletion, you can expect the following:

  1. After you request deletion, you will need to confirm that you want your information deleted.
  2. We will verify your identity. You will need to provide us the following information: the last four digits of your social security number and your date of birth.
  3. We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
  4. We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
  5. In certain cases, a request for deletion may be denied, for example, if we cannot verify your identity. If we deny your request, we will explain why we denied it, treat your request an “opt-out” of the sale of information (as described in our Notice of Right to Opt-Out), and delete any other information that is not protected from deletion.

3. Right to Opt-Out of the Sale of Personal Information

California consumers have a right to opt-out of the sale of their personal information by Service Provider. As noted above, we do not sell personal information.

4. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

You have a right not to receive discriminatory treatment by Service Provider for exercising any of your privacy rights conferred by the CCPA. We will not discriminate against any California consumer because such person exercised any of the consumer’s rights under CCPA, including, but not limited to:

  • Denying goods or services.
  • Charging different prices or rates for goods and services, including through the use of discounts or other benefits or imposing penalties.
  • Providing a different level or quality of goods or services.
  • Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.

We may, however, charge a different price or rate, or provide a different level or quality of goods or services, if that difference is related to the value provided to you by your data.

5. Authorized Agents

If you would like, you may designate an authorized agent to make a request under the CCPA on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us.

6. Contact Information

To request additional information, or make any of the requests described above, you may call us at (855) 456-2656 or contact us through our website at compliance@iontuition.com.

Visitors from Switzerland, United Kingdom and the European Economic Area

This section describes our privacy practices with respect to personal information that is subject to the European Union’s General Data Protection Regulation and the UK Data Protection Act of 2018 (collectively, the “GDPR”) In the event that we collect Personal Data (as defined in the GDPR) that is subject to the GDPR, this section will also apply, but only to such Personal Data. Terms in this section are to be understood in a manner consistent with GDPR including the definition of such term in the GDPR. Such term may have a different definition or meaning in other portions of this Privacy Policy.

Identification of Data Controller:

If we are providing Services directly to you, we, are the controller. To contact us, please see our contact information below. Otherwise, the institution through which we service your account is the controller.

Identification of Primary Member State Supervisory/Data Protection Authority

You have the right to lodge a complaint regarding the processing of your Personal Data with us by contacting our Data Protection Officer listed above. You also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can find a list of Data Protection Authorities here.

Legal Basis for Processing:

GDPR allows processing of personal data based on one of six legal bases.  The legal bases for processing personal data are:

  1. Consent – your freely given, specific, informed and unambiguous indication of your wishes by which you agree to the processing of personal data.
  2. Contract – we needs to process your personal data for performance of a contract or processes the information at your request prior to entering into a contract.
  3. Legal Obligation – processing is necessary to comply with a legal obligation.
  4. Vital Interests – your (or someone else’s) health, safety or other vital interests require processing personal data.
  5. Public Interest – we needs to process personal data to carry out a task that’s in the public interest.
  6. Legitimate Interest – processing personal data is in our legitimate interests.
Activity Legal Basis
To monitor and improve the experience of the Site Consent; Legitimate Interest
To conduct promotional and marketing efforts Consent; Legitimate Interest
To provide products or services Contract
To comply with legal obligations and to cooperate with public and government authorities, courts or regulators Legal Obligation
To comply with judicial proceedings, court orders or legal processes Legal Obligation

Onward Transfer:

We will not disclose Personal Data to a third party except as stated below:

We may disclose Personal Data to subcontractors and third-party agents. Before disclosing Personal Data to a subcontractor or third-party agent, we will obtain assurances by contractual agreement from the recipient that it will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the subcontractor or third-party agent is obligated to provide at least the same level of privacy protection as is required by the GDPR; (iii) take reasonable and appropriate steps to ensure that subcontractors and third-party agents effectively process the personal information transferred in a manner consistent with the organization’s obligations under the GDPR; (iv) require subcontractors and third-party agents to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with subcontractors and third-party agents to the Supervisory Authorities upon request.

We may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or in the event of a merger or acquisition.

Retention of Personal Data:

Personal Data subject to GDPR and obtained by us is adequate, relevant and not excessive in relation to the purposes described in this Privacy Policy. The Personal Data is processed for purposes specified herein and will only be processed consist with these purposes described herein. We will request only the minimum amount of information required to perform the applicable services and will retain such information only for as long as necessary to provide the services or for compatible purposes, such as to provide additional services, to comply with legal requirements, or to preserve or defend our legal rights.

Right of Access to your Personal Data

Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the GDPR, a Data Subject may also request that Personal Data be corrected, amended, or deleted. When we receive Personal Data, we do so on behalf of the individual submitting such Personal Data.  To request access to, or correction, amendment or deletion of Personal Data, Data Subjects should contact us at the address in the “Questions?” section below.  We will cooperate with all reasonable requests to assist Data Subjects to exercise their rights under the GDPR.

Choice

Data Subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized.  Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to us. We will cooperate with Data Subjects’ instructions regarding the above Data Subject choices.

Transfers to the United States from the European Union: 

When we transfer personal information from the EU to entities within our organization located outside of the EU, we may rely on standard contractual clauses adopted by the European Commission to help establish adequate safeguards. If we transfer personal information from the EU to another party located outside the EU, we may rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or another framework deemed adequate by the European Commission.

Questions

If you have questions or concerns regarding this Privacy Policy, please contact us at info@iontuition.com.

Changes to this Privacy Policy

This page sets forth our Privacy Policy as of 4/20/2021. All versions of this privacy policy are dated with the effective date (the date on which the policy was posted to the Websites). By continuing to use the Websites, you consent to any changes. We will only use the information we learn about you in the manner described in the Privacy Policy in effect when the information was collected from you. However, we reserve the right to change the terms of this Privacy Policy at any time by posting revisions to our site.