Privacy Policy

Last Updated: May 26, 2026

Vertolini, LLC ("we," "us," or "our") operates ClassConvo.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you register, we collect your email address (must be a .edu address), display name, and password (stored in hashed form).
  • Profile Information: Your institution, graduation year, and major (optional).
  • User Content: Course reviews you submit, including ratings and written feedback.

1.2 Information Collected Automatically

  • IP Address: We collect your IP address for security purposes, including preventing spam and abuse.
  • Browser Information: We collect browser type and a browser fingerprint hash for fraud prevention.
  • Usage Data: Pages visited, timestamps of actions, and interaction patterns.

1.3 Cookies

We use session cookies to maintain your login state. These are essential cookies required for the Service to function and are automatically deleted when you close your browser or after a period of inactivity.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Verify your .edu email address
  • Display your reviews to other users
  • Prevent spam, fraud, and abuse
  • Send you service-related communications (password resets, verification emails)
  • Respond to your inquiries and support requests

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom (UK), our legal basis for collecting and using your personal information includes:

  • Contract: Processing necessary to provide you with the Service you requested when you created an account.
  • Legitimate Interests: Processing for fraud prevention, security, and improving our Service.
  • Consent: Where you have given explicit consent for specific processing activities.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Public Content: Your reviews and display name are publicly visible to other users.
  • Service Providers: We may share information with third-party vendors who assist us in operating the Service (e.g., email delivery services).
  • Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

5. Data Retention

5.1 Active Accounts

We retain your personal information for as long as your account is active or as needed to provide you the Service. We retain certain information as necessary to comply with legal obligations, resolve disputes, and enforce agreements. Security logs (IP addresses, login attempts) are retained for up to 90 days.

5.2 What Happens When You Delete Your Account

When you request account deletion, we permanently remove the following from our active systems: your account profile (email, display name, password, OAuth credentials, institution and profile fields), your login and registration history, your browser fingerprint and IP records, your activity and search history, and any review votes or flags you submitted.

Reviews are anonymized rather than deleted. Course reviews you previously posted remain publicly visible so that other students can continue to benefit from them. They are reassigned to a generic "[deleted user]" label and are no longer linked to your name, email, or any other account identifier. The review text itself is not modified; if you would like specific review content removed prior to deletion, please contact us at privacy@classconvo.com before requesting deletion.

Residual records that may persist after deletion:

  • Administrative audit log. We retain a record of the deletion action itself, including the administrator who processed it, the date and time, your former internal user ID, and the email address associated with the deleted account. This record exists to demonstrate that we honored your request and to defend against any subsequent claim that the deletion was unauthorized.
  • Application error logs. If your account ever triggered a system error, the corresponding error log entry may continue to reference your former user ID and IP address. These entries are not actively used and are purged on our standard error-log retention schedule.
  • Web server access logs. Our hosting provider retains web server access logs (which may contain IP addresses) for a period determined by their policies. We do not search or analyze these logs except in response to a specific security incident.
  • Database backups. Routine backups may contain pre-deletion snapshots of your data. Backups age out on a rolling basis and are not restored to live systems except in the event of a disaster. If a backup is ever restored, deletion requests are re-applied to the restored data.
  • Email-delivery logs. Our email provider may retain delivery metadata (such as the recipient email address and timestamp) for transactional emails sent before deletion, including the deletion confirmation email itself.

Retention of these residual records is permitted under GDPR Article 17(3)(b) (compliance with a legal obligation) and 17(3)(e) (establishment, exercise, or defense of legal claims), and under CCPA § 1798.105(d) (exceptions for security, fraud prevention, and legal compliance). We do not use residual records for any purpose other than those described above.

6. Your Rights

6.1 All Users

You have the right to:

  • Access your account information through your account settings
  • Update or correct your profile information
  • Delete your account at any time

How to Request Account Deletion

You can delete your account in either of the following ways:

  • Self-service (recommended): Log in to your account, go to My Account → Delete Account, and follow the prompts. Your account will be deleted immediately after you confirm.
  • By email: Send a request from the email address associated with your account to privacy@classconvo.com. We will verify the request and process it within 30 days.

In both cases, a confirmation email will be sent to the email address on the account when the deletion is complete. The effects of deletion are described in Section 5.2 above.

6.2 EEA and UK Residents (GDPR)

Under the General Data Protection Regulation (GDPR), you have additional rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restriction: Request restriction of processing of your personal data.
  • Right to Data Portability: Request a copy of your data in a machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

6.3 California Residents (CCPA)

Under the California Consumer Privacy Act (CCPA), California residents have the right to:

  • Know: Request disclosure of the categories and specific pieces of personal information we have collected.
  • Delete: Request deletion of personal information we have collected.
  • Non-Discrimination: Not be discriminated against for exercising your privacy rights.

We do not sell personal information as defined under the CCPA.

7. International Data Transfers

Your information may be transferred to and processed in the United States. If you are located outside the United States, please be aware that information we collect will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

8. Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Password hashing using industry-standard algorithms
  • HTTPS encryption for all data transmission
  • Rate limiting and fraud detection systems
  • Regular security monitoring

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

9. Children's Privacy

The Service is intended for college and university students who are at least 18 years old. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a person under 18, we will delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Vertolini, LLC
Email: privacy@classconvo.com

12. Data Protection Officer

For EEA and UK residents, you may also contact our Data Protection Officer at: legal@classconvo.com

13. Supervisory Authority

If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.