NC3 Privacy Policy

At NC3, protecting your personal privacy is our top priority, and we design our LMS to collect only the information needed to run your courses and certifications, such as account details, course activity, and usage data. We handle Student Data under FERPA and COPPA, do not sell Personal Data or use Student Data for targeted advertising, and share information only with your educational institution, carefully vetted service providers, or when required by law. We also use strong technical and organizational security measures and only limited essential and analytics cookies so that your learning experience remains secure and respectful of your privacy.

Introduction

The National Coalition of Certification Centers (“NC3”, “Company”, “we”, “our”, “us”) is committed to protecting the privacy and security of our users' personal information. This Privacy Policy (“Policy”) describes how we may collect, use, disclose, and safeguard information when you use our web-based Learning Management System (“LMS”).

This Policy applies to the Personal Data that we process when you use our web-based LMS and related services. It applies to teachers, students, administrators, and all other users who access our services or website.

Our LMS is built on Moodle technology and is hosted on Amazon Web Services (AWS). We adopt Moodle and AWS security standards and best practices, along with additional internal regulations followed by NC3, to protect your Personal Data.

As an LMS provider that handles educational data pertaining to students, we comply with the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA).

Throughout this Policy, we use the following defined terms:

  • “NC3,” “Company,” “we,” “us,” or “our” refers to the National Coalition of Certification Centers, the entity responsible for the collection and use of your Personal Data.
  • “Personal Data” refers to any information relating to an identified or identifiable individual, or as related terms such as “personal information” are defined under applicable law.
  • “Student Data” refers to personally identifiable information from education records that is directly related to a student and maintained by an educational institution or a party acting on its behalf.

By using our Platform, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

Back to Top

Scope

This Privacy Policy applies to Personal Data we may collect or process through interactions with us, including, but not limited to:

  • Our web-based Platform

  • Email communications, customer support interactions, and other communications with our team

  • Single Sign-On (SSO) authentication systems configured by administrators (where applicable)

  • Interactions with our LMS

This Policy does not apply to third-party websites, applications, or services that may be linked from our Platform. We encourage you to review the privacy policies of any third-party services you access.

Back to Top

Personal Data We Collect

When you interact with us, we may collect Personal Data directly from you, automatically from your browser or device, from interactions with the LMS, and from other sources such as our business partners and other parties.

Information You Provide Directly

  • Account information: name, email address, username, password, institutional affiliation, role (Instructor, Tenant Admin, Student)

  • Profile information: grade level, subject areas, courses enrolled, educational interests

  • Educational records: student performance data, grades, assessment results, certification progress, course completion records achieved through the LMS, and access information

  • Course content: hands-on assessments, uploaded files, course access, course completion information

  • Communication data: support inquiries (Help Requests), New Certification Request form submissions, feedback submissions

  • Certification information: certification applications, credentials earned, professional development records, continuing education credits

Special Categories of Data

We may collect limited special categories of data only when necessary and with appropriate safeguards:

  • COPPA-protected information: for users under 13 years of age, we collect only minimal necessary information, with your school obtaining verifiable parental consent as required by COPPA.

  • FERPA-protected information: student educational records are collected and maintained in compliance with FERPA requirements.

  • Disability-related information: accommodation requests and accessibility needs are collected only to provide appropriate educational support.

Back to Top

How We Collect Your Personal Data

We collect Personal Data directly from you, automatically from your browser or device, and from institutional partners.

Personal Data Collected Directly from You

We collect Personal Data you choose to provide to us through our Platform, for example when you:

  • Register for an account or a Train-the-Trainer (TTT) event

  • Complete optional fields in your user profile

  • Are enrolled in or are assigned courses or certification programs

  • Complete assignments, quizzes, assessments, or hands-on labs

  • Upload files, submit work, or create content on the Platform

  • Contact customer support or request technical assistance

  • Submit a New Certification Request form

  • Subscribe to notifications or newsletters

  • Provide feedback or complete surveys

  • Authenticate using Single Sign-On credentials (where applicable)

Information Collected Automatically

When you access our Platform, we automatically collect certain technical information, such as:

  • Device information: browser type, operating system, device type, Internet Service Provider (ISP), IP address, device identifiers

  • Usage data: pages viewed, time spent on pages, navigation paths, features accessed, login timestamps, course activity logs

  • Performance data: Platform performance metrics, error logs, system diagnostics

  • Location information: general geographic location based on IP address (not precise geolocation)

Information from Institutional Partners and Third Parties

We may receive Personal Data from:

  • Educational institutions: student enrollment data, institutional identifiers, course assignments, and organizational structure information

  • SSO identity providers: authentication credentials and profile information transmitted during SSO login processes configured by your administrator

  • Learning management system integrations: data synchronized from institutional systems pursuant to data sharing agreements (where applicable)

  • Payment processors: transaction confirmation and billing information for paid services

Back to Top

How We Use Your Information

We use your Personal Data to support educational services, operate and improve the Platform, communicate with you, maintain compliance and security, and comply with legal obligations.

Provide Educational Service Delivery

We use Personal Data to:

  • Provide access to curriculum content and certification programs

  • Track student progress, performance, and course completion

  • Generate grade reports, transcripts, and certification records

  • Administer assessments and grading

  • Manage course enrollments and learning pathways

  • Maintain accurate educational records as required by FERPA

Platform Operations and Improvement

We use Personal Data to:

  • Maintain and improve Platform functionality and user experience

  • Troubleshoot technical issues and provide customer support

  • Analyze usage patterns to enhance our curriculum and certification offerings

  • Conduct research and analytics to improve educational outcomes (using de-identified data)

  • Develop new features and services

Communication

We use Personal Data to:

  • Send administrative notifications about your account, courses, or certifications

  • Provide customer support and respond to inquiries

  • Communicate important updates about the Platform or our services

  • Send educational announcements with institutional administrator approval

Maintenance of Compliance and Security

We use Personal Data to:

  • Comply with legal obligations including FERPA, COPPA, and state education privacy laws

  • Enforce our Terms of Service and acceptable use policies

  • Protect against fraud, unauthorized access, and security threats

  • Investigate and prevent violations of our policies

  • Maintain audit logs for accountability and security purposes

  • Authenticate users and manage account access

  • Monitor Platform security, performance, and access

  • Process SSO authentication requests (where applicable)

Comply with Legal Obligations

We use Personal Data to:

  • Maintain educational records as required by FERPA

  • Comply with COPPA requirements for users under 13

  • Respond to lawful requests from educational institutions regarding student records

  • Comply with applicable laws, regulations, and legal processes

  • Establish, exercise, or defend legal claims

  • Protect the rights, safety, and security of our users and the public

We may anonymize, aggregate, or de-identify Personal Data for research, analytics, and service improvement purposes. Such information will not identify individuals and will not be re-identified.

Back to Top

How We Share Your Information

We do not sell, rent, or trade Personal Data. We share Personal Data only in the following limited circumstances.

Educational Institutions and Authorized Personnel

  • Teachers and administrators: authorized school personnel can access student data relevant to their educational responsibilities.

  • Institutional reporting: we provide aggregate and individual student data to institutional administrators as permitted by FERPA.

Service Providers

We engage trusted third-party service providers who assist in operating our Platform, including:

  • Amazon Web Services (AWS): our Platform infrastructure is hosted on AWS. We leverage AWS security measures and adopt AWS privacy practices for data storage and processing. AWS servers used for the Platform are located in the United States.

  • Moodle: our Platform is built on Moodle technology. We adopt Moodle privacy practices and security standards for learning management system functionality.

  • Titus Learning: our Moodle LMS is maintained by team members of Titus Learning. We adopt Titus Learning privacy practices and security standards in connection with our partnership.

  • Analytics services: we use analytics tools to understand Platform usage and improve services (using de-identified or aggregated data).

All service providers are contractually bound to protect your information and use it only for specified purposes.

Legal Requirements

We may disclose information when required or permitted by law, including to:

  • Comply with legal obligations, court orders, or official government requests

  • Respond to subpoenas or legal processes in accordance with FERPA provisions

  • Protect the safety, rights, or property of our users, the Company, or others

  • Respond to emergencies involving imminent danger to individuals

  • Prevent or investigate potential fraud, security breaches, or violations of our policies

  • Enforce our Terms of Service or other agreements

Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this Policy and with notice to affected users where required by law.

With Your Consent

We may disclose Personal Data for other purposes with your explicit consent or at your direction.

We do not sell Personal Data to third parties. We do not use Student Data for targeted advertising. We do not disclose Student Data for any purpose other than providing educational services and meeting legal obligations.

Back to Top

Student Data and Educational Records

FERPA Compliance

We comply with FERPA, which protects the privacy of student education records. Under FERPA:

  • Educational institutions maintain control over student education records

  • We act as a “school official” with legitimate educational interests when processing Student Data on behalf of institutions

  • We do not disclose personally identifiable information from education records without institutional authorization or as permitted by FERPA exceptions

  • Students and parents (for students under 18) have rights to access, review, and request amendments to education records through their institution

  • We maintain appropriate security measures to protect education records from unauthorized access

COPPA Compliance

For users under 13 years of age, we comply with COPPA:

  • We collect only minimal necessary information from children under 13

  • Educational institutions provide consent on behalf of students in the school context pursuant to COPPA’s school exception

  • We do not condition participation on collection of more information than is reasonably necessary

  • We do not use or disclose children’s personal information for targeted advertising

  • Parents may review their child’s information and request deletion by contacting their educational institution

  • We implement enhanced security measures for accounts of users under 13

Data Retention

We retain Personal Data as needed to provide our LMS services and fulfill the purposes described in this Privacy Policy, and as required by law.

Retention Periods

  • Active user accounts: information is retained while accounts remain active and for a reasonable period after account closure, subject to institutional requirements and legal obligations.

  • Student education records: retained according to institutional policies and legal requirements, typically aligned with FERPA guidelines.

  • Certification records: maintained indefinitely to verify credentials and support continuing education tracking.

  • Technical logs: security and access logs are retained for a limited period (for example, typically between 90 days and 1 year) for security and troubleshooting purposes.

  • Deletion requests: upon request from authorized institutional administrators, we will delete Student Data within 30 days, except where retention is required by law or necessary to provide ongoing credential verification.

    Back to Top

Your Privacy Rights

Subject to applicable law and certain exceptions, you may have the following rights with respect to your Personal Data. We will not discriminate against you for exercising any of your rights.

Access and Portability

  • Access: request access to your Personal Data maintained by us.

  • Portability: request a copy of your Personal Data in a structured, commonly used format.

  • Educational records: students and eligible parents may access education records through their institution in accordance with FERPA.

Correction and Updates

  • Request correction of inaccurate or incomplete Personal Data

  • Update your profile information directly through Platform settings

  • Request amendments to education records through your institution in accordance with FERPA procedures

Deletion

You may request deletion of your Personal Data, subject to:

  • Legal obligations to retain education records (for example, FERPA retention requirements)

  • Institutional policies regarding transcript and certification record retention

  • Legitimate interests in maintaining academic integrity and credential verification

Deletion requests regarding student records should be submitted through your educational institution.

Restriction and Objection

Subject to applicable law, you may:

  • Request restriction of processing of your Personal Data in certain circumstances

  • Withdraw consent where processing is based on your consent

Parent and Student Rights

Under FERPA, parents of minor students and eligible students (18+ or in postsecondary education) generally have the right to:

  • Inspect and review education records

  • Request amendments to inaccurate records

  • Provide or withhold consent before disclosure of education records, with specific exceptions allowed under FERPA

  • File complaints with the U.S. Department of Education regarding alleged FERPA violations

Requests to exercise these rights should be directed to your educational institution.

Children’s Privacy

Our Platform is used in educational settings and may include users under 18 years of age. We comply with COPPA for children under 13 and FERPA for all students. For children under 13, use is supervised by the school and with parental consent managed by the school.

We do not knowingly collect Personal Data from children under 13 for commercial purposes. If you believe we have inadvertently collected information from a child without appropriate consent, please contact us immediately through submission of a Help Request.

Exercising Your Rights

  • Institutional users: if you are a student or user under an institutional account, please contact your educational institution’s administrative office to exercise your rights regarding Student Data. Your institution controls educational records and can facilitate requests.

  • Individual users: you may exercise your rights by contacting us through submission of a Help Request form.

We will verify your identity before processing requests and will make reasonable efforts to respond within 24 hours of receiving the request within our system.

Appeals and Complaints

In some jurisdictions, you have the right to approach us or the competent data protection authority or equivalent regulatory body with requests or complaints in the jurisdiction(s) in which you reside.

If we deny your request to exercise a privacy right, you may request the right to appeal the decision to NC3 by contacting us through the Help Request form.

Back to Top

State-Specific Privacy Rights

California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to:

  • Know what Personal Data is collected, used, shared, or sold

  • Delete Personal Data (subject to exceptions)

  • Opt out of the “sale” of Personal Data (note: we do not sell Personal Data)

  • Be free from discrimination for exercising privacy rights

  • Correct inaccurate Personal Data

Other State Privacy Laws

Residents of Virginia, Colorado, Connecticut, and other states with comprehensive privacy laws may have additional rights. Contact us to exercise your rights.

Back to Top

Data Security

We implement comprehensive technical and organizational security measures to protect your Personal Data.

Technical Security Measures

  • HTTPS encryption: all Platform access requires secure HTTPS connections with TLS encryption

  • AWS security: we leverage AWS security infrastructure, including encrypted storage, network security, and access controls

  • Moodle security: we follow Moodle security best practices and maintain current security patches

  • Data encryption: Personal Data is encrypted in transit and at rest using industry-standard encryption protocols

  • Secure authentication: passwords are encrypted using strong hashing algorithms; SSO integration uses secure authentication protocols (for example, SAML, OAuth, OpenID Connect) where applicable

  • Access controls: role-based access controls limit data access to authorized personnel only

  • Regular security audits: we conduct regular security assessments and vulnerability testing

  • Intrusion detection: automated monitoring systems help detect and alert us to potential security threats

Organizational Security Measures

  • Staff training: employees receive regular privacy and security training

  • Confidentiality agreements: staff and contractors sign confidentiality agreements protecting Personal Data

  • Incident response: we maintain an incident response plan for security incidents

  • Data minimization: we collect only data necessary for educational purposes

  • Vendor management: third-party service providers are evaluated for security practices and bound by data protection agreements

Data Breach Notification

In the event of a data breach affecting Personal Data, we will:

  • Notify affected individuals and institutions as required by applicable law

  • Report breaches to relevant authorities within required timeframes

  • Take immediate steps to mitigate harm and prevent further unauthorized access

  • Provide information about the breach and steps individuals can take to protect themselves

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security but are committed to protecting your data with industry-leading practices.

International Users

Our Platform is hosted in the United States on AWS servers. If you access our services from outside the United States, your information will be transferred to, stored, and processed in the United States.

The United States may have data protection laws different from those in your country of residence. By using our Platform, you consent to the transfer of your information to the United States and to processing in accordance with this Privacy Policy.

We implement appropriate safeguards to protect information transferred internationally, including contractual protections and compliance with applicable data transfer frameworks where relevant.

Third-Party Services and Links

Our Platform may contain links to third-party websites, applications, or services not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any Personal Data.

Moodle Open-Source Platform

Our Platform is built using Moodle technology. Moodle’s core privacy practices are incorporated into our operations. For more information about Moodle privacy standards, visit https://moodle.com/privacy-notice/

AWS Infrastructure

We host our Platform on Amazon Web Services (AWS). AWS provides the infrastructure and many security controls for data storage and processing. For information about AWS privacy and security practices, visit https://aws.amazon.com/privacy/.

Titus Learning

Titus Learning is our partner in providing, managing, and maintaining the NC3 LMS. Privacy standards adopted through this partnership are outlined in the Titus Learning privacy policy at https://www.tituslearning.com/privacy-policy/.

Back to Top

Cookie and Tracking Technologies

Our Platform uses cookies and similar tracking technologies to provide functionality, enhance user experience, and analyze usage.

Types of Cookies We Use

  • Essential cookies: required for Platform operation, including session management, authentication, and security (these cannot be disabled)

  • Functional cookies: remember your preferences, settings, and customization choices

  • Analytics cookies: help us understand Platform usage to improve performance and user experience

  • Security cookies: help detect suspicious activity and protect against unauthorized access

Third-Party Cookies

We use limited third-party services that may set cookies, including:

  • AWS CloudFront for content delivery and performance optimization

  • Analytics services for Platform usage analytics (configured to anonymize IP addresses where possible)

We do not use advertising cookies or allow third-party advertising networks to place cookies on our Platform.

Cookie Management

You can control cookies through your browser settings. Note that disabling cookies may affect Platform functionality, including the ability to maintain your login session.

Back to Top

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other operational needs.

When we make material changes, we will post the updated Policy on our LMS with a new “Last Updated” date.

Because this Policy may change over time, we encourage you to review it periodically to stay informed about how we protect your Personal Data.

Back to Top

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

National Coalition of Certification Centers

Joseph Smith | Customer Success IT Coordinator
Email: Joseph.Smith@nc3.net
Phone: 816-859-2301

Erika Staackmann | Customer Success Manager
Email: Erika.Staackmann@nc3.net
Phone: 847-533-6985

FERPA and Student Records Inquiries

For questions specifically related to student education records and FERPA rights, please contact your educational institution’s administration office.

Accessibility

We are committed to making this Privacy Policy accessible to all users. If you need this Policy in an alternative format, please contact us via the Help Request form.

Acknowledgment

By using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you have any questions or concerns about your privacy, submit a Help Request form and our team will be happy to assist you.

Back
Back to top