Privacy Policy

Last updated: March 26, 2026

1. Overview

Varsity Learning, operated by Varsity Learning, Inc. (a Delaware corporation), respects your privacy and is committed to protecting personal information. This policy describes our practices regarding data collected through varsitylearning.com and related services.

2. Information We Collect

Account Information: Name, email address, school/institution name, and role (student or instructor). Students may also provide a course enrollment key.

Academic Data: Assignment submissions, scores, grades, course progress, and interaction with course materials.

Technical Data: IP address, browser type, device information, and usage patterns collected via server logs.

Payment Data: Payment transactions are processed by Stripe. We do not store credit card numbers. We retain transaction records (amount, date, status) for accounting purposes.

3. How We Use Information

  • Provide and maintain the learning platform
  • Authenticate users and manage accounts
  • Enable instructors to view student progress and grades
  • Process payments and manage subscriptions
  • Send service-related communications (password resets, account notifications)
  • Improve platform performance and user experience
  • Comply with legal obligations (FERPA, subpoenas, court orders)

4. Information Sharing

We do not sell personal information. We share data only in these circumstances:

  • Instructors: Can view their students' names, scores, and submissions within their courses
  • Institutional Administrators: May access aggregate course data when operating under institutional agreements
  • Service Providers: Stripe (payments), Mailgun (email delivery), AWS (hosting) — all bound by data processing agreements
  • Legal Requirements: When required by law, subpoena, or court order

We do not share data with advertising networks or data brokers.

5. Data Security

We protect data using industry-standard measures including:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest (AWS Aurora)
  • Web Application Firewall (Sucuri) for DDoS and attack mitigation
  • Bcrypt password hashing (passwords are never stored in plaintext)
  • Regular security audits and vulnerability assessments

6. Data Retention

Account and academic data is retained for the duration of the account plus 3 years after the last login, to support transcript requests and institutional compliance. Payment records are retained for 7 years per accounting requirements. Users may request earlier deletion by contacting support.

7. Children's Privacy

Varsity Learning serves high school students (typically ages 14–18). We do not knowingly collect information from children under 13 without parental or school consent. If you believe a child under 13 has registered without consent, contact us and we will delete the account.

8. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate information
  • Request deletion of your account and data
  • Export your data in a portable format
  • Opt out of non-essential communications

To exercise these rights, contact support@varsitylearning.com.

9. California Residents

Under the California Consumer Privacy Act (CCPA), California residents have additional rights including the right to know what data we collect and the right to opt out of the sale of personal information. We do not sell personal information.

10. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or platform notification. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For privacy inquiries: support@varsitylearning.com

Varsity Learning, Inc.
San Luis Obispo, CA