Campus BG 4.2 Disney Oliver Owl - Illustrated Character Concept (Upscaled C).png

Privacy Policy

Last Updated: 09/08/2025

Welcome to My College Finance, LLC ("My College Finance," "we," "us," or "our"). We respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, and share your data when you use our services, including our website, applications, and related services (collectively, the "Services"). It also describes your rights regarding your personal data and how you can manage your privacy preferences.

By using our Services, you agree to the terms of this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

1. What Data We Collect

We collect data to provide and improve our Services. The types of data we collect include:

1A. Personal Information

Information you provide directly, such as:

Name, email address, postal address, phone number, and other identifiers
Username and authentication credentials
Profile information and preferences
Communication preferences and settings

1B. Financial Data

Sensitive financial information including:

Savings Goals: Target amounts, timelines, monthly savings capacity
Budget Information: Income amounts, expense categories, spending allocations
Financial Calculations: Budget breakdowns, progress tracking, milestone data
Generated Reports: PDF summaries, financial projections, achievement records

1C. Account Data

Information related to your account creation and management:

Login credentials and authentication tokens
Account settings and preferences
Subscription status and billing history
Course enrollment and progress data

1D. Usage and Behavioral Data

Information about how you interact with our Services:

Application usage patterns and feature utilization
Pages viewed, time spent, and navigation paths
Button clicks, form submissions, and user interactions
Session duration and frequency of use
Goal creation patterns and achievement tracking

1E. Technical Data

Technical information about your device and connection:

IP address and geographic location (general)
Browser type, version, and settings
Operating system and device type
Browser Fingerprinting: Device characteristics for guest user tracking
Screen resolution and display preferences
Network connection information

1F. Third-Party Integration Data

Data received from connected services:

Wix User IDs: For cross-platform authentication
Google Account Information: Name, email, profile data via OAuth
Google Drive Metadata: File names, folder structure (when authorized)
Social Media Data: Profile information from connected accounts

2. How We Collect Your Data

We collect data through the following methods:

2A. Direct Collection

Information you provide voluntarily:

Account registration and profile setup
Financial data input through our calculators and tools
Course purchases and subscription sign-ups
Customer support interactions and feedback
Newsletter subscriptions and communication preferences

2B. Automatic Collection

Data collected through technical means:

Cookies and Local Storage: Session management and preferences
Server Logs: Access logs, error logs, and performance metrics
Analytics Tracking: Usage patterns and feature utilization
Session Management: PostgreSQL-based session storage
Browser Fingerprinting: For guest user identification and limit enforcement

2C. Third-Party Sources

Data received from external services:

Wix Platform: User authentication and profile synchronization
Google Services: OAuth authentication, Drive file metadata
Payment Processors: Transaction data and billing information
Email Services: Delivery status and engagement metrics

3. How We Use Your Data

We use your data for the following purposes:

3A. Service Provision and Management

Account creation, authentication, and management
Processing financial calculations and generating reports
Providing access to courses and educational content
Customer support and technical assistance
Transaction processing and billing management

3B. Educational and Financial Tools

Savings Goal Calculations: Processing targets, timelines, and progress tracking
Budget Analysis: 50/30/20 rule calculations and spending recommendations
Progress Tracking: Milestone monitoring and achievement recording
Report Generation: Creating PDF summaries and financial projections
Data Visualization: Generating charts, graphs, and progress indicators

3C. Communication and Engagement

Sending educational content and course updates
Automated email reports and progress notifications via SendGrid
Marketing communications and promotional offers
Important service announcements and policy changes
Customer support and technical assistance communications

3D. Service Improvement and Analytics

Analyzing usage patterns to enhance user experience
Identifying popular features and areas for improvement
Performance monitoring and error detection
A/B testing of features and interface improvements
Aggregated analytics for business intelligence (anonymized)

3E. Security and Fraud Prevention

Account Protection: Monitoring for unauthorized access attempts
Rate Limiting: Preventing abuse of guest user features
Session Security: Managing secure authentication and data access
Fraud Detection: Identifying suspicious activities and potential threats

3F. Legal Compliance

Fulfilling regulatory requirements and legal obligations
Responding to lawful requests from authorities
Maintaining records for audit and compliance purposes
Enforcing our Terms of Service and user agreements

4. How We Share Your Data

4A. Service Providers

We share data with trusted third-party providers who assist in operating our Services:

Technical Infrastructure:

Neon Database: PostgreSQL hosting and data storage
Replit: Application hosting and deployment
CDN Providers: Content delivery and performance optimization

Communication Services:

SendGrid: Automated email delivery and management
EmailJS: Client-side email functionality
SMS Providers: Text message notifications (if applicable)

Analytics and Monitoring:

Performance Monitoring: Error tracking and performance analytics
Usage Analytics: Aggregated usage statistics (anonymized)

4B. Third-Party Integrations

Data sharing with services you connect to our platform:

Google Services:

Google Drive: File storage and document management (with your authorization)
Google Sheets: Data synchronization and backup (where applicable)
Google OAuth: Authentication and profile information

Wix Platform:

User Authentication: Cross-platform identity verification
Database Synchronization: Real-time data updates and consistency
Member Integration: Profile and subscription status sync

4C. Legal and Business Requirements

Legal Authorities: When required by law, court order, or regulatory request
Business Transfers: In the event of merger, acquisition, or asset sale
Safety and Rights Protection: To protect our rights, users, or the public
Contract Enforcement: To enforce our Terms of Service

4D. What We Don't Share

We do not sell your personal data to third parties
We do not share individual financial data for marketing purposes
We do not provide personal information to advertisers
We do not share detailed financial calculations with business partners

5. Data Security

5A. Technical Safeguards

Encryption: Data encryption in transit and at rest
Secure Authentication: bcrypt password hashing and secure sessions
Access Controls: Role-based access to sensitive data
Rate Limiting: Protection against abuse and automated attacks
Secure APIs: Protected endpoints with authentication requirements

5B. Organizational Measures

Employee training on data protection and privacy practices
Regular security assessments and vulnerability testing
Incident response procedures for data breaches
Vendor security requirements and monitoring

5C. User Responsibilities

Maintain strong, unique passwords for your account
Log out of shared or public devices
Report suspected unauthorized access immediately
Keep your contact information up to date for security notifications

5D. Limitations

No security system is completely foolproof. While we implement industry-standard security measures, we cannot guarantee absolute security. You use our services at your own risk regarding data security.

6. Data Retention and Deletion

6A. Retention Periods

Account Data:

Active accounts: Retained while account remains active
Inactive accounts: Deleted after 3 years of inactivity (with 90-day notice)

Financial Data:

Savings goals and budget data: Retained for 7 years after last update
Generated reports: Available for download for 2 years
Payment records: Retained for 7 years for tax and legal compliance

Usage Data:

Server logs: 1 year for security and performance monitoring
Analytics data: Aggregated data retained indefinitely (anonymized)
Session data: 30 days or until logout

Guest User Data:

Browser fingerprints: 30 days for limit enforcement
Temporary calculations: Deleted at session end
IP address logs: 7 days for abuse prevention

6B. Deletion Procedures

User-Requested Deletion: Processed within 30 days of verified request
Automated Deletion: System-based deletion based on retention schedules
Backup Recovery: Data removed from backups within 90 days
Legal Exceptions: Some data may be retained longer if required by law

7. Your Rights and Choices

7A. Access and Control

Account Access: View and update personal information through your account
Data Export: Request copies of your personal data in common formats
Correction Rights: Update or correct inaccurate personal information
Deletion Rights: Request deletion of your account and associated data

7B. Communication Preferences

Email Opt-out: Unsubscribe from promotional emails at any time
Notification Settings: Control which automatic notifications you receive
Marketing Communications: Separate consent for promotional content
Service Communications: Essential service emails cannot be disabled

7C. Privacy Settings

Data Sharing Controls: Manage third-party integrations and permissions
Analytics Opt-out: Request exclusion from usage analytics where possible
Cookie Management: Control cookie preferences through browser settings

8. Online Event Privacy

8.1 Recordings & Usage of Personal Data
My College Finance’s online events (e.g., webinars, live sessions, virtual workshops) may be recorded—including your video, audio, screenshots, and chat exchanges—for educational, promotional, or marketing purposes. By participating, you grant us a non-exclusive, worldwide, royalty-free license to use your name, likeness, voice, and any content you contribute (e.g., questions, comments). If you prefer not to be included, notify us in writing before the event at Contact@mycollegefinance.com.

8.2 Data Collected During Events
In addition to the information described in Section 1, when you attend online events, we may collect:

Live interaction data (e.g., chat messages, Q&A input, polls).
Event access logs (timestamps, IP addresses, device/browser data).
Optional user-generated content, such as recorded questions or comments.

8.3 Purpose & Use
This data may be used for:

Event delivery and moderation
Accessibility and customer support
Educational research and content improvement
Promotional materials and marketing (as described in 8.1)
All usage will remain consistent with our overall Privacy Policy principles unless specified otherwise here.

8.4 Participant Rights & Opt-out

You may request exclusion from recordings or promotional use by contacting us at Contact@mycollegefinance.com before the event.
Event data will be retained and deleted according to the timelines in Section 6, unless otherwise specified or legally required.

8.5 Security & Data Retention
Recordings and associated data are stored securely, encrypted in transit and at rest, consistent with Section 5 practices. Access to recordings is limited to authorized personnel. Retention of event content follows standard rules unless you request early deletion—contact us to initiate.

8.6 Third-Party Event Tools
If online events are hosted via third-party platforms (e.g., Zoom, Vimeo, etc.), those services may collect additional data based on their own privacy policies. We encourage participants to review the third party’s policy when joining.

9. Client-Side Data Processing

9A. Browser-Based Processing

Our applications process some data directly in your browser:

PDF Generation: HTML2Canvas and jsPDF create documents locally
Chart Rendering: Data visualizations processed client-side
Form Validation: Real-time validation before server submission
Temporary Storage: Brief client-side storage for user experience

9B. Client-Side Risks and Responsibilities

Ensure your browser and device are secure and up-to-date
Be aware that some data processing occurs on your device
Understand that client-side processing may cache temporary data
Use secure networks when accessing our financial tools

10. International Data Transfers

10A. Data Storage Locations

Primary Database: PostgreSQL data stored with Neon (US-based)
Email Services: SendGrid and EmailJS (various global locations)
Google Services: Stored according to Google's data residency policies
CDN Storage: Content may be cached in various global locations

10B. Transfer Mechanisms

Standard Contractual Clauses (SCCs) for EU data transfers
Adequacy decisions where applicable
Data Processing Addendums (DPAs) with processors
User consent for specific international transfers

11. Jurisdiction-Specific Privacy Rights

11A. California Residents (CCPA/CPRA)

Your Rights:

Right to know what personal information is collected
Right to delete personal information
Right to correct inaccurate personal information
Right to opt-out of sale (we don't sell personal data)
Right to non-discrimination for exercising privacy rights

Sensitive Personal Information:

Financial data, precise geolocation, and certain identifiers
Right to limit use to necessary business purposes only
Special consent requirements for processing

11B. Virginia Residents (VCDPA)

Right to access, correct, delete, and port personal data
Right to opt-out of profiling for certain decisions
Right to appeal decisions regarding rights requests

11C. Colorado Residents (CPA)

Rights similar to VCDPA with additional consent requirements
Enhanced rights for profiling and automated decision-making
Right to opt-out of targeted advertising

11D. Connecticut Residents (CTDPA)

Similar rights to Virginia and Colorado
Additional protections for sensitive data processing
Enhanced consent requirements for certain data uses

11E. European Union Residents (GDPR)

Lawful Basis: Consent, contract performance, legitimate interests
Enhanced Rights: Data portability, right to be forgotten, restriction of processing
Data Protection Officer: Contact information available upon request
Supervisory Authority: Right to lodge complaints with data protection authorities

11F. Other Jurisdictions

Residents of other jurisdictions may have additional rights under local privacy laws. Contact us for information about rights in your specific location.

12. Cookies and Tracking Technologies

12A. Types of Cookies Used

Essential Cookies:

Session management and authentication
Security features and fraud prevention
Core application functionality

Analytics Cookies:

Usage patterns and performance monitoring
Error tracking and debugging information
Feature utilization and user experience metrics

Preference Cookies:

Theme settings (dark/light mode)
Language and regional preferences
Customization settings and user choices

12B. Third-Party Tracking

Google Analytics (if implemented): Website usage analytics
Social media plugins: Sharing functionality
Email tracking: Open rates and engagement metrics

12C. Cookie Management

Browser settings allow cookie control and deletion
Opt-out options available for non-essential cookies
Regular cookie audits and policy updates

13. Children's Privacy

13A. Age Restrictions

Our services are intended for users 13 years and older
Users under 18 require parental consent
Special protections apply to users under 16

13B. Parental Controls

Parents can request information about their child's account
Account deletion rights extend to parents/guardians
Enhanced consent requirements for users under 18

13C. COPPA Compliance

No knowing collection of data from children under 13
Immediate deletion if we discover underage users
Parental notification and consent procedures

14. Automated Decision Making and Profiling

14A. Automated Processing

We use automated processing for:

Financial Calculations: Budget allocations and savings projections
Goal Recommendations: Suggested targets based on input data
Progress Analysis: Milestone tracking and achievement calculations
Risk Assessment: Account security and fraud prevention

14B. Your Rights

Right to human review of automated decisions
Right to contest automated decision outcomes
Right to opt-out of certain automated processing
Explanation of logic used in automated decisions

15. Data Breach Notification

15A. Our Procedures

Immediate containment and assessment of security incidents
Notification to supervisory authorities within 72 hours (where required)
User notification without undue delay for high-risk breaches
Detailed incident documentation and response measures

15B. What We'll Tell You

Nature of the personal data breach
Likely consequences of the breach
Measures taken to address the breach
Recommendations for protecting yourself

16. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. Material changes will be communicated through:

Prominent notice on our website
Email notification to registered users
In-app notifications where appropriate
Updated "Last Updated" date at the top of this policy

Your continued use of our Services after the effective date of updates constitutes acceptance of the revised Privacy Policy.

17. Contact Us
For Privacy-Related Questions or Requests:, please contact us at Contact@MyCollegeFinance.com.