Skip to main content
Back to CoreOps

Legal

Privacy Policy

CoreOps is committed to protecting the privacy and security of personal information processed through our platform. We do not sell personal information to third parties.

Last Updated: March 2, 2026

Our core commitment: We do not sell, rent, or trade personal information. Data you and your institution submit to CoreOps is used solely to provide and improve the Service.

CoreOps ("CoreOps," "we," "us," or "our") operates a B2B SaaS platform serving universities, colleges, and higher education institutions. This Privacy Policy describes how we collect, use, disclose, and protect information when institutional customers ("Institutions") and their authorized users access the CoreOps platform ("Service").

1Scope

This Privacy Policy applies to all data processed through the CoreOps platform, including data submitted by Institutions and their Authorized Users (faculty, staff, students, and contractors). This Policy does not apply to third-party services linked from within the platform.

If you are a student or staff member whose Institution uses CoreOps, please also review your Institution's own privacy notices. Your Institution acts as the data controller for student and personnel records; CoreOps acts as a data processor on the Institution's behalf.

2Information We Collect

Information Provided by Institutions

Institutions and their Authorized Users submit data directly to the Service, which may include: names, institutional email addresses, employee or student identification numbers, role and department information, housing assignment records, scheduling data, event registrations, vendor contract information, risk assessment submissions, and other operational data specific to each module in use.

Student Education Records

Where Institutions use CoreOps for student-facing functions (e.g., Housing Management, Summer Operations, LMS), the Service may process student education records as defined under FERPA. CoreOps processes such records solely as a "school official" acting on behalf of the Institution and does not use such records for any independent purpose.

Automatically Collected Technical Data

We automatically collect certain technical information when users access the Service, including IP addresses, browser type and version, device identifiers, operating system, pages visited, session timestamps, and clickstream data. This information is used solely for security monitoring, performance optimization, and service administration.

Account and Billing Information

For institutional account administration, we collect contact information for designated administrators and billing contacts, including name, title, institutional email, and payment or invoicing information.

3How We Use Information

We use collected information for the following purposes:

  • To provide, operate, maintain, and improve the Service and its modules;
  • To authenticate and authorize Authorized Users;
  • To fulfill contractual obligations to Institutions;
  • To respond to support requests and communicate with institutional administrators;
  • To monitor system performance, detect security incidents, and prevent fraud or abuse;
  • To comply with applicable legal obligations; and
  • To generate aggregated, de-identified analytics about Service usage (which do not identify any individual or Institution).
We do not use student education records or Licensee Data for advertising, profiling, or any purpose outside the scope of providing the Service.

4FERPA Compliance

CoreOps recognizes that many of our institutional customers are subject to the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g and 34 C.F.R. Part 99. When processing student education records on behalf of an Institution:

  • CoreOps acts solely as a service provider and "school official" under FERPA as designated by the Institution;
  • We process student records only as directed by and for the benefit of the Institution;
  • We do not disclose student education records to any third party without written consent from the Institution, except as required by applicable law;
  • We maintain appropriate technical and organizational safeguards designed to protect the confidentiality of student education records; and
  • Institutions remain responsible for ensuring that their use of CoreOps complies with FERPA, including providing appropriate notices to students.

5Information Sharing & Disclosure

We do not sell, rent, or trade personal information. We may share information in the following limited circumstances:

Service Providers

We engage vetted third-party vendors (e.g., cloud hosting providers, customer support tools, payment processors) who process data on our behalf under contractual obligations to maintain confidentiality and security consistent with this Policy.

Legal Requirements

We may disclose information if required by law, regulation, court order, or governmental authority, or to protect the rights, property, or safety of CoreOps, our customers, or the public. Where permitted, we will notify the affected Institution prior to disclosure.

Business Transfers

In connection with a merger, acquisition, or sale of assets, Licensee Data may be transferred, subject to the acquirer maintaining equivalent privacy protections.

With Consent

We may share information for other purposes with the explicit written consent of the applicable Institution.

6Data Retention

We retain Licensee Data for the duration of the applicable subscription term. Following termination or expiration, Licensee Data remains available for institutional export for thirty (30) days, after which it is securely deleted from active systems.

Anonymized or aggregated usage data not linked to any individual or Institution may be retained for longer periods for product improvement purposes. Backup copies of data may persist in encrypted backup systems for up to ninety (90) days following deletion from active systems.

7Security

CoreOps maintains a comprehensive information security program that includes:

  • Encryption of data in transit using TLS 1.3;
  • Encryption of data at rest using AES-256 or equivalent;
  • Role-based access controls and multi-factor authentication for administrative access;
  • Regular vulnerability assessments and penetration testing;
  • Security incident response procedures, including prompt notification to affected Institutions; and
  • Employee training on data privacy and security practices.

No security system is impenetrable. If you become aware of a potential security issue, please contact us immediately at info@coreopsplatform.com.

8Cookies & Tracking Technologies

The Service uses session cookies and similar technologies strictly necessary to authenticate users, maintain session state, and enable core Service functionality. We do not use third-party advertising cookies or cross-site tracking technologies.

Institutional administrators may configure certain cookie preferences through the Service settings. Essential cookies required for security and authentication cannot be disabled without affecting Service functionality.

9Children's Privacy

The Service is a B2B platform designed for institutional use by authorized personnel. It is not directed at children under 13 and we do not knowingly collect personal information directly from children under 13.

Institutions that enroll minors (e.g., summer program participants) are responsible for obtaining any required parental consents under the Children's Online Privacy Protection Act (COPPA) and applicable state law. CoreOps will cooperate with Institutions to implement appropriate controls for programs involving minors.

10Your Rights & Choices

Because CoreOps processes data on behalf of Institutions, requests from individuals (students, staff) regarding access, correction, deletion, or portability of personal data should be directed to the relevant Institution. CoreOps will cooperate with and assist Institutions in responding to such requests in accordance with applicable law.

Institutions have the right to:

  • Request access to and a copy of their data held by CoreOps;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of data following termination of the subscription;
  • Request data portability in a standard machine-readable format; and
  • Object to certain processing activities, subject to contractual obligations.

To exercise these rights, Institutions may contact us at info@coreopsplatform.com.

11Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. We will notify institutional administrators of material changes via email or in-Service notification at least thirty (30) days prior to the changes taking effect.

Continued use of the Service after the effective date of a revised Policy constitutes acceptance of the updated terms. We encourage you to review this Policy periodically.

12Contact Us

For questions about this Privacy Policy, our data practices, or to submit a privacy request, please contact the CoreOps Privacy Team:

CoreOps Privacy Team

Email: info@coreopsplatform.com

Website: www.coreopsplatform.com