Last Updated: December 2024

Privacy Policy

The Cohort Institute ("we," "us," or "our") is committed to protecting the privacy of students, instructors, and institutions who use our team-formation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard information.

1. Information We Collect

1.1 Information Provided by Institutions

• Student roster information (names, email addresses)
• Course information (course name, section, instructor)
• Institution name and contact information

1.2 Information Provided by Students

• Responses to our 32-item team-role survey
• Attention-check responses (for data quality)
• Schedule availability (if provided)
• Optional comments during check-ins

1.3 Information Collected Automatically

• Time spent on survey questions
• Response timestamps
• Basic device/browser information for platform functionality
• Email delivery status (opened, bounced)

1.4 Information We Do NOT Collect

• Grades or academic performance
• Social Security numbers or government IDs
• Financial information
• Location/GPS data
• Behavioral data outside the platform
• Cross-site tracking cookies

2. How We Use Information

We use collected information solely for:

• Forming balanced student teams based on complementary work styles
• Providing instructors with team composition insights
• Sending survey invitations and check-in reminders
• Alerting instructors to potential team issues
• Improving our algorithms and platform (using anonymized data)
• Responding to support requests

We do NOT use student data for advertising, marketing to students, or any purpose unrelated to educational team formation.

3. FERPA Compliance

We operate under FERPA's "School Official Exception" (34 CFR § 99.31(a)(1)). This means:

• We act as an agent of the educational institution
• We use student information only for legitimate educational purposes
• We are under direct control of the institution regarding data use
• We do not disclose student information except as permitted under FERPA

We treat all student data as FERPA-protected educational records.

4. CCPA Compliance

For California residents:

• Right to know what personal information we collect
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell data)
• Right to non-discrimination for exercising these rights

To exercise these rights, contact privacy@cohortinstitute.com.

5. Data Sharing and Disclosure

5.1 With Educational Institutions

• Instructors see only their own class data
• Institutions may access data consistent with FERPA

5.2 With Service Providers

• Cloud hosting providers (data storage)
• Email delivery services (survey invitations)
• All providers bound by data processing agreements

5.3 We Never

• Sell student data
• Share data with advertisers
• Provide data to data brokers
• Use data for targeted advertising

6. Data Security

We implement security measures including:

• Encryption in transit (TLS 1.2+)
• Encryption at rest (AES-256)
• Access controls and authentication
• Regular security reviews
• Employee training on data protection
• Incident response procedures

7. Data Retention

Our standard retention schedule:

• Check-in comments: 30 days, then deleted/anonymized
• Sentiment ratings: 30 days, then aggregated
• Survey responses: 18 months, then deleted/anonymized
• Email logs: 60 days
• Course records: Course end + 60 days

Custom retention schedules available upon request.

8. Data Location

All student data is stored on servers located within the continental United States. Data is not transferred to or stored in other countries.

9. Student Rights

Students may:

• Request access to their personal data
• Request correction of inaccurate data
• Request deletion of their data
• Opt out of the survey (instructor will manually assign team)

Contact privacy@cohortinstitute.com to exercise these rights.

10. Institutional Rights

Partner institutions may:

• Request audit of data practices
• Request data export in standard formats
• Terminate agreement and require data deletion
• Specify custom data handling requirements

11. Children's Privacy

Our platform is designed for higher education (college/university) students who are typically 18 years or older. We do not knowingly collect information from children under 13. If we discover we have collected information from a child under 13, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify institutional partners of material changes at least 30 days in advance. The "Last Updated" date indicates when revisions were made.

13. Breach Notification

In the event of a data breach:

• We will notify affected institutions within 72 hours of discovery
• We will provide details on the nature and scope of the breach
• We will describe remediation steps taken
• We will cooperate fully with institutional incident response

14. Contact Information

For privacy-related questions or requests:

Questions? Contact us at privacy@cohortcircuit.com