Last Updated: September 3, 2024
We at EVERFI, Inc. (“EVERFI,” “we,” “us,” “our”) care about you (“you”, “user”, “learner”, and/or "business professional" as appropriate) and how your personal information is used and shared. We take your privacy seriously and are committed to creating a safe and secure environment for learners of all ages. This Policy is designed to help you understand what information we collect, why we collect it, and what we do with it. Thank you for taking the time to carefully read it.
- ABOUT EVERFI
EVERFI is a leading critical skills education company. We empower learners of all ages with the skills necessary to be successful in life and work. This Policy applies to all EVERFI products, services, and websites (collectively the “Service”). This Policy describes how EVERFI collects, uses and discloses the information it collects via the Service. With respect to our Higher Education and Adult products only, our Service may be accessible via a third-party website, including that of an Authorized Entity (defined below). This Policy does not apply to how a third party or an Authorized Entity collects, uses, or discloses any information related to Service users.
By using the Service, you acknowledge that EVERFI will handle your personal information as described in this Policy. Your use of our Service, and any dispute over privacy, is subject to this Policy and our Terms of Service located at https://www.everfi.com/, which may from time to time be amended.
EVERFI Websites
This Privacy Policy applies to all websites owned and operated by EVERFI, Inc.
- PERSONAL INFORMATION WE COLLECT
EVERFI’s digital learning platform offers educational courses on different critical skills in the K-12, Higher Education, and Adult markets. We may collect information about you directly from you and automatically through your usage.
Information We Collect:
Where you register with us, or communicate to us, depending on the Service, we may collect the following information:
- Contact information and common identifiers: Such as name, address, and email address;
- Login details: Including username and password;
- Employment details (depending on the offering): Including information about a user’s employment or educational role, company details, school or organization name, and details of whether an individual is an educator. This may reveal general salary bandings based on industry knowledge;
- Education history;
- Home state or province;
- Demographic information: For example where an offering asks an individual to specify a banding of credit score rating for financial health courses, or asks an individual to specify income level or zip code;
- Preferences: Based on user-specific implementations and information about user activities within the Service, including information about the content modules a user views, starts or finishes (including data and time stamps), assessments or scores, and related information, and other information about a user’s activities and use of the Service in order to ensure our digital learning is appropriately teaching the desired critical skill.
With respect to our K-12 market, we may collect the following data:
- Date of birth (to support COPPA compliance), which is only stored as an over/under 13 flag within EVERFI’s system
- First name and first initial of last name (for under 13)
- First name and last name (for over 13)
- Email address (only for over 13)
Where additional data is collected for a specific course, we will provide further details in our contractual terms.
EVERFI educational assessments and surveys may ask questions based on race, ethnicity, and/or sexual preference. This information is considered a “sensitive” or “special category” data under applicable privacy laws; therefore we will only collect it where you choose to provide this information and consent to us receiving it – the questions are always optional.
When we receive the surveys, we take steps to fully de-identify it and will only share responses on a fully de-identified and aggregated basis. In our K-12 and Higher Education markets, EVERFI extracts any personal information from survey data before analyzing such data in an aggregated research setting.
In our K-12 market, protecting the privacy of our younger learners is extremely important to us. To review our COPPA Privacy Policy, which applies to the personal information we knowingly collect from children under 13, please go here. Where we make courses available to children under the age of 13 in Europe or the United Kingdom, we will only do so where we have obtained parental or guardian consent (which may be managed by your school/educational organization). For children under 13, we only collect the learner’s first name, the initial of the learner’s last name and information about course progress - we will not issue the learner under 13 with any surveys.
EVERFI does not sell any personal information and does not share any personal information for purposes of targeted advertising or for marketing research purposes. EVERFI also does not use student data to create student profiles or perform any other type of data mining that might result in damaging or discriminatory representations of student ability.
EVERFI does not collect geolocation data, biometric data, or health data.
Information We Collect Automatically
We collect information automatically about users via a variety of methods, such as cookies, web beacons, JavaScript, and log files. This information may include user IP addresses, browser types, domain names, device type, time stamp, referring URL and other log file information; user activities within the Service; aggregate and statistical information regarding overall server/visitor traffic and navigation patterns for the Service. Web servers collect this type of basic information automatically as part of Web log processes. For more information, see the “How We Use Cookies and Analytics” section below.
Information Business Professionals May Provide:
If you want to request a demo of any Service and/or have a conversation with one of our product experts to learn how EVERFI can power your education initiatives, you can provide us with:
- Contact Information: first name, last name, email address, phone number;
- Job Details: job title and a note of which industry you are in;
- Communications preferences.
Information Obtained from Third Parties/Public Sources:
We use third party service providers to enhance and enrich our marketing database of business professionals who have requested further information on our products. They may use information that is made public by you for example via LinkedIn.
We do not obtain or use any identifiable information about children for marketing purposes.
- HOW WE USE PERSONAL INFORMATION
EVERFI generally uses the information we collect as follows:
- To provide the Service directly to learners (where applicable).
- To create log-in details for learners (where we are contracting with a sponsoring organization such as a financial institution or higher education institution i.e. a university), to communicate with you about your use of the Service (including via email); to respond to your inquiries; to send you surveys; to fulfill your requests; and for other customer service or internal purposes.
- To troubleshoot any technical issues you might experience while using our Service.
- To send you communications about digital courses, services and other information we think may interest you. Where you are a business professional who has requested further information on our products, we may also enrich our marketing database using publicly available information to tailor our communications and ensure these are relevant to your industry and of interest to you.
- To better understand how users access and use our Service, in order to improve our Service, to respond to user desires and preferences, and for other research and analytical purposes.
- To develop aggregated reports and related analysis regarding user activities.
- To tailor the educational content and information that we may send or display to you, to offer personalized help and instructions, and to otherwise personalize your learning experience while using our Service.
- To comply with applicable legal obligations, including responding to a subpoena or court order.
- Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Policy.
- SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES
EVERFI does not sell your personal information, or share your personal information for the purposes of targeted advertising.
We share the information we collect with the following third parties for the following business purposes:
Authorized Entities. If you access the Service through, or are granted access to the Service by, a school, school district, college, university, person, institution, employer, or other organization (an “Authorized Entity”), we will share the information we collect about you with the Authorized Entity or its representatives. Such information may include: course progress/completion; assessment scores; email address; user ID/identifying tag or username (if applicable); additional aggregated data the Authorized Entity requests.
Social Media Sharing. If a user chooses to share information such as assessment scores through social media outlets, such as Facebook and Twitter, third parties may receive information about a user’s performance on the Service, such as information about digital learning badges and prizes received in connection with the Service.
Third-Party Sponsors. In the K-12 market and, in certain instances, the Higher Education market, EVERFI works with third-party sponsors to bring the Service to some users free-of-charge. In such situations, EVERFI will only share anonymized and/or aggregated user information with those third-party sponsors. This may include aggregated and/or anonymous demographic and geographic profiles to demonstrate the learning progress of these categories of Service users. Student information is only shared with third-party sponsors upon parental consent.
Legal Disclosures. We may disclose a Service user’s information (including personal information) where we believe that we are required to do so in order to comply with an applicable statute, regulation, rule or law, a subpoena, a warrant or administrative request, a court or regulatory order, or other valid legal processes. We may also disclose personal information where we believe it is necessary to identify, contact or bring legal action against someone who may be violating the Terms of Service for our Service, to detect fraud, for assistance with a delinquent account, as evidence in litigation in which we are involved, or to protect the safety and/or security of our users, the Service or the general public.
Service Providers. We may employ independent contractors, vendors and suppliers to provide specific services related to the Service, such as hosting and maintaining the Service, providing credit card processing and fraud screening, and developing applications for the Service, email services and marketing enrichment services.
Business Transfers. We reserve the right to transfer information (including personal information) to a third party in the event of a sale, merger or other transfer of all or substantially all of the assets of EVERFI or any of its Affiliates (including as part of a bankruptcy proceeding). We may disclose personal information about Service users to our affiliated companies. Our affiliates’ use of your personal information will be in accordance with the terms of this Privacy Policy.
International Transfers. EVERFI is a U.S. company and the information we collect may be transferred to, stored and processed in the U.S., as well as other international locations where we have affiliates and service providers. EVERFI has self-certified to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”). For detailed information about our certification and adherence to the Data Privacy Framework, please see the Blackbaud Data Privacy Framework Certification Notice at https://www.blackbaud.com/blackbaud-data-privacy-framework-certification-notice-2.
Aggregate and De-Identified Information. We may also provide aggregate, anonymous and/or de-identified information about users and the Service for marketing and research purposes. For example, we might inform third parties regarding the number of unique users who visit the Service, the demographic breakdown of our registered users of the Service, and the educational progress of categories of users.
- HOW WE USE COOKIES AND ANALYTICS
We use cookies and other tracking mechanisms to track information about your use of our Service.
Cookies. We use cookies to track visitor activity on our platform. A cookie is a text file that a website transfers to your computer’s hard drive for record-keeping purposes. We, and our service providers, use cookies to track user activities on our Service, such as the pages visited and time spent on our Service. Most browsers allow users to refuse cookies. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. However, many of our Services will not function properly with cookies disabled.
Global Privacy Control. Our website detects and honors the Global Privacy Control signal in accordance with applicable privacy laws. The Global Privacy Control is a signal that can be enabled in certain browsers or browser extensions.
Local Shared Objects. We may use local shared objects (“LSOs”), such as Flash LSOs to store your preferences and to personalize your visit. LSOs are different from browser cookies because of the amount and type of data stored. Typically, you cannot control, delete, or disable LSOs through your web browser. For more information or to learn how to manage your Flash LSO settings, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages and cannot be disabled through your browser. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Service to, among other things, track the activities of users, help us manage content, and compile statistics about usage. We, and our service providers may also use clear GIFs in HTML emails to our customers to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Third-Party Analytics. From time to time we may use various tools to evaluate usage of our Service. We use these tools to help us improve our services, performance, and user experiences. These entities may use cookies and other tracking technologies to perform their services. By way of example, Google Analytics is one of the tools we may use. To learn more about Google’s privacy practices, please review the Google privacy policy at https://www.google.com/policies/privacy/ (opens in new tab). You can also download the Google Analytics Opt-out Browser Add-on to prevent their data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout (opens in new tab).
- HOW WE LINK AND INTERACT WITH OTHER WEBSITES
Our Service may contain links to other websites not owned or operated by EVERFI, and may provide Service users with access to other websites and services. This may include providing users with the ability to share and automatically post updates (including updates about badges and prizes received in connection with the Service) through social media outlets, such as Facebook and Twitter. Please be aware that we are not responsible for the privacy practices of such third-party websites or services and any access to and use of such linked websites is not governed by this Policy. We encourage you to read the privacy policies or statements of each and every website you visit.
- HOW WE PROTECT PERSONAL INFORMATION
EVERFI implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal information from unauthorized access, use and disclosure, and to maintain accuracy and ensure the appropriate use of your information. EVERFI conducts vulnerability and penetration security testing. Where appropriate, these safeguards include encryption – EVERFI uses TLS encryption for data transfers. However, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We believe that we have put in place appropriate physical, electronic, and managerial procedures to help safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online. EVERFI uses role-based access for staff, limited to users who require such access to perform their job responsibilities.
Public Area and User Generated Content. The Service may feature various community areas, open text areas, and other public forums (the “Public Areas“) where users can share information or post questions for others to answer. These Public Areas are open to the public and should not be considered private. We cannot prevent such information from being used in a manner that may violate this Privacy Policy, the law, or your personal privacy. We are not responsible for the results of such postings or for the accuracy of any information contained in those postings.
You should think carefully before posting any information in any Public Area. What you post can be seen, disclosed to or collected by others and may be used by others in ways we cannot control or predict. As with any public forum on any website, the information you post may also show up in third-party search engines like Google.
De-Identified Data. EVERFI will maintain and use de-identified data only in a de-identified form and not attempt to re-identify de-identified data.
- INFORMATION FOR INDIVIDUALS IN THE UNITED KINGDOM AND EUROPEAN UNION
In some instances EVERFI, Inc., which is headquartered in the United States at 2300 N Street NW, Suite 410C, Washington DC 20037 acts as a controller, in particular:
- when we are carrying out marketing activities to business professionals and conducting profiling activities to ensure our marketing is relevant; and
- where we issue course surveys and/or assessments and otherwise undertake data analytics to ensure we can improve our Services.
Where we obtain a learner’s information in order to facilitate registration to take a course (e.g. user’s email address), we will contract with a corporation or higher education institution and that corporation or higher education institution shall be considered the controller and EVERFI acts as a processor on their instructions. You should be provided with the relevant corporation or higher education institution's privacy policy, or you may request that directly.
Where we act as a controller, data protection laws require us to have a legal basis to do so. The following legal basis pertains to our collection and processing of data in the capacity of a controller:
- Our use of your personal information is based on contractual necessity to provide courses to you as set out in our terms of use. This applies to our processing activities described in section 3A (unless this is a course provided to children under 13 when we obtain parental consent).
- Our use of your personal information is in our legitimate interest as a commercial organization to perform our contractual requirements with our clients to make improvements to our products and services and enhance the customer and educational experience. This applies to our processing activities described in sections 3B, 3C, 3D (save where we need consent by local law), 3E, 3F and 3G.
- Our use of your personal information is necessary to comply with a relevant legal or regulatory obligation that we have in particular where we are required to disclose personal information to a court, tax authority or regulatory body in the event of an investigation. This applies to our processing activities described in sections 3H and 3I.
- Our use of your personal information is in accordance with your consent. This applies to our processing activities described in section 3A and 3D (where required by local law). You have the right to withdraw consent at any time.
- In certain circumstances, we may also process demographic information revealing data about diversity pursuant to paragraph 8 of part 2 of Schedule 1 of the Data Protection Act 2018 in the UK to ensure equality of opportunity or treatment and for statistical purposes in the wider public interest - this will always be proportionate to the aim pursued.
If you would like to find out more about the legal basis for processing personal information, please contact us [email protected] or fill out this form, or call our toll-free number at +1 844-532-0022. Our Data Protection Officer can be contacted at [email protected].
Your Legal Rights. Subject to certain exemptions, and dependent upon the processing activity we are undertaking, you have certain rights in relation to the personal data we process for you in the capacity of a controller as follows:
Right to access, correct, and delete your personal information: You have the right to request access to the personal information that we hold about you and: (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred. You also have the right to request that we correct any inaccuracies or delete your information. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.
Right to restrict the processing of your personal information: You have the right to restrict the use of your personal information when (i) you contest the accuracy of the data; (ii) the use is unlawful but you do not want us to erase the data; (iii) we no longer need the personal information for the relevant purposes, but we require it for the establishment, exercise, or defense of legal claims; or (iv) you have objected to our personal information use justified on our legitimate interests verification as to whether we have a compelling interest to continue to use your data. We can continue to use your personal information following a request for restriction, where: (a) we have your consent; or (b) to establish, exercise or defend legal claims; or (c) to protect the rights of another natural or legal person.
Right to data portability: To the extent that we process your information: (i) based on your consent or under a contract; and (ii) through automated means, you have the right to receive such personal information in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller.
Right to object to the processing of your personal information: You can object to any processing of your personal information which has our legitimate interests as its legal basis if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
How to Exercise Your Rights: If you would like to exercise any of the rights described above, please send us a request at [email protected] or fill out this form. In your message, please indicate the right you would like to exercise and the information to which it relates. We may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. We may not always be able to fully address your request, for example, if it would affect the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to lodge a complaint with your local supervisory authority: You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
Retention. We will keep your information accurate, complete and up to date. We will retain your data for the period necessary to fulfill the different purposes outlined in section 3, typically for students this will be a period of four years and for corporate organizations will be as long as we are contracted to maintain data. Where we are required to do so to meet legal and regulatory requirements, we will retain your data for longer periods of time, but only where permitted to do so, including so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a possibility of legal action relating to your data or dealings. With respect to our K-12 markets, students’ personally identifiable information is retained only for educational purposes.
- US CONSUMER PRIVACY RIGHTS
Certain US state laws, including the California Consumer Privacy Act and the Colorado Privacy Act, afford consumers in those states with additional privacy protection.
The additional privacy protections provided by those laws include: the right to know what information businesses collect disclose; the right to access a copy of your data; the right to request deletion or correction of your data; and the right to opt out of the sale of your data or the sharing of your data for purposes of targeted behavioral advertising. Businesses can’t discriminate against you for exercising any of these rights.
We do not sell your personal information or share your personal information for purposes of targeted advertising.
Exercising Your Privacy Rights. To request access to or deletion of your personal information, or to exercise any other data rights under the laws set forth above, please see our Data Subject Rights Requests page at https://www.blackbaud.com/company/Data-Subject-Rights-Request or call our toll-free number at +1 844-532-0022. We will verify your identity where required prior to fulfilling your request, which may require government identification. Authorized agents may be used to submit rights requests, in which cases we will take steps to verify the consumer’s identity and that the agent has authority to act on the consumer’s behalf.
Response Timing and Format. We will respond to a consumer privacy request within the time period required under any applicable privacy laws. If we require more time, in accordance with applicable privacy laws, we will inform you of the reason and extension period in writing.
- CHANGES TO OUR PRIVACY POLICY
EVERFI may amend this Privacy Policy from time to time. We will provide notice of any material changes made to our Privacy Policy by prominently posting the revised Policy with an updated date of revision on our homepage. We encourage you to check this page periodically for any changes. If we make any material changes that affect information we have previously collected about you, we will provide you with notice (or in the case of a child, to your parent or legal guardian - or to your school/educational institution who will make it available to you or your parent or legal guardian), via email or within the Service.
- HOW TO CONTACT US
If you have any questions about this Privacy Policy or our security measures at EVERFI, or where applicable to appeal a decision we’ve made regarding your privacy rights, please contact us at [email protected]. Our mailing address is 2300 N Street NW, Suite 410C, Washington, DC 20037 and we can be reached by phone at 202-625-0011.
Request to Remove or Update Data
If you mistakenly post personal information in a Public Area or if parents want to request the deletion of their student’s data, you can send us an email to request that we remove it by contacting us at [email protected]. If you would like to amend your profile information, you may log in to your account and do so or email us at [email protected]. You should understand that in some cases, we may retain copies of such information in our systems or databases where required or permitted by law.
Request to Opt-Out of Emails
Where we have permission, we may send periodic marketing emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email or by contacting us at [email protected]. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other content we think may interest you, we will still send you service emails about your EVERFI account or any services you have requested or received from us.