CampusCore Privacy Policy

Last Updated: October 8, 2025
Effective Date: October 8, 2025

Welcome to Campus Core, LLC (“CampusCore,” “we,” “our,” or “us”). CampusCore is an academic advising and student success platform designed to enhance communication between students and advisors, streamline academic workflows, and provide AI-powered support for academic and career planning.

This Privacy Policy explains how we collect, use, share, and protect information when you use our mobile application, website, or any other platform we operate (collectively, the “Services”).

1. Overview

CampusCore serves students, advisors, counselors, and educational institutions.

  • Students can schedule advising appointments, manage tasks, view announcements, and interact with an AI academic assistant.

  • Advisors can view student lists, manage availability, send announcements or tasks, and track academic progress metrics.

CampusCore takes data privacy and security seriously. We comply with key educational and privacy protection laws, including:

  • FERPA (Family Educational Rights and Privacy Act): U.S. law protecting student education records. CampusCore acts as a school official with legitimate educational interest, processing data solely under the direction of the educational institution.
    Learn more

  • COPPA (Children’s Online Privacy Protection Act): Protects children under 13. CampusCore relies on schools to obtain parental consent where required and does not directly collect data from minors.
    Learn more

  • GDPR (General Data Protection Regulation): Although CampusCore operates exclusively within the U.S., our practices align with GDPR principles of security, consent, and data minimization.
    Learn more

CampusCore does not conduct international data transfers or store data outside of the United States.

2. Information We Collect

CampusCore primarily functions as a data processor, not a data collector. We handle and process the information provided by educational institutions to deliver our Services securely.

A. Information Provided by Educational Institutions

Most data originates from your school, including:

Student Data:

  • Name, email, major, year, GPA, completed credits

  • Areas of interest (subject areas, industries, job types)

Advisor Data:

  • Name, email, office location, and department

Course & Department Data:

  • Course IDs, codes, names, credits, descriptions, schedules, and department information

Data is transmitted securely through:

  • Encrypted API connections with the school’s Student Information System (SIS), or

  • Encrypted CSV uploads by authorized administrators

All institutional data remains the property of the educational institution. CampusCore acts solely as a data processor under written agreements.

B. Information You Provide Directly

CampusCore collects minimal user-submitted data:

  • Profile Image (optional): For personalizing profiles.

  • Academic or Career Goals: Provided by the student to personalize their AI advisor.

  • Support Requests: Name, email, and message content if you contact support.

CampusCore does not collect payment data, Social Security Numbers, or behavioral tracking analytics.

3. How We Use Information

We process data only to provide and improve our Services:

  • Display school-provided data securely to authorized users.

  • Enable advising, scheduling, task, and announcement functionality.

  • Power AI-based academic and career tools.

  • Respond to support requests.

  • Fulfill legal, contractual, and compliance obligations.

We never sell, rent, or share data for marketing or advertising purposes.

4. Data Ownership and Institutional Control

  • Educational institutions own and control all data they provide.

  • CampusCore acts as a data processor and only handles data according to institutional direction.

  • Students and parents seeking access or correction must contact their school administrator.

  • At an institution’s written request, CampusCore will delete or modify institutional data within 30 days.

5. Data from Minors and COPPA Compliance

CampusCore is designed for users 13 years and older. If younger students are included:

  • The institution acts as the parental agent under COPPA.

  • CampusCore does not knowingly collect data directly from children under 13.

  • Any unauthorized collection will be immediately deleted.

Parents or guardians can reach out to the school or email campuscore1@gmail.com for inquiries.

6. Data Security

CampusCore implements enterprise-grade security controls aligned with NIST SP 800-53, ISO/IEC 27001, and SOC 2standards to ensure data confidentiality, integrity, and availability across our Azure environment.

Core Security Practices

  • Encryption in transit and at rest: All institutional and user data is encrypted using TLS 1.2+ and AES-256 bit encryption.

  • Virtual Network Gateways (vNGW): Data traffic is routed through private, isolated network segments to prevent exposure to the public internet.

  • Role-Based Access Control (RBAC): Strict access policies limit visibility of sensitive data to authorized team members only.

  • Continuous monitoring & audit logging: All authentication attempts, queries, and configuration changes are logged and reviewed through Azure Monitor and Application Insights.

  • Geo-redundant backups: Encrypted backups are stored within Azure’s redundant zones inside the United States.

Microsoft Azure & Microsoft Defender for Cloud

CampusCore’s entire cloud infrastructure is hosted on Microsoft Azure and continuously protected by Microsoft Defender for Cloud, which provides unified, intelligent threat protection and compliance assurance across every CampusCore resource — including App Service, API Management, Azure SQL Database, Blob Storage, and Virtual Network components.

Microsoft Defender for Cloud provides:

  • Adaptive threat detection & prevention: Real-time detection of suspicious activity, brute-force attempts, or anomalous data access across all connected services.

  • Security posture management: Automated recommendations and remediation actions based on NIST SP 800-53, CIS Benchmarks, and ISO 27001.

  • Integrated vulnerability assessment: Regular scans of virtual networks, databases, and app environments to identify and patch vulnerabilities.

  • Advanced malware and endpoint protection: Defender integrates with Azure Security Center to automatically quarantine malicious activity.

  • Regulatory compliance dashboard: Continuous validation of adherence to FERPA, HIPAA, FedRAMP High, and GDPR-equivalent standards, ensuring all systems remain audit-ready.

Both Azure and Microsoft Defender for Cloud operate under Microsoft’s Data Protection Addendum (DPA) and maintain certifications for:
ISO/IEC 27001, SOC 1, SOC 2, SOC 3, and FedRAMP High Moderate, with full alignment to FERPA, HIPAA, CMMC, and GDPR security principles.

7. Data Retention and Deletion

  • Institutional data is retained only as long as necessary to fulfill our contractual obligations.

  • Upon termination or request from the institution, all data is permanently deleted from CampusCore systems and backups within 30 days.

  • User-uploaded profile photos can be deleted anytime by the user directly or by contacting campuscore1@gmail.com.

  • Encrypted system backups are automatically purged on a rolling 30-day schedule.

8. Information Sharing

CampusCore does not share information except:

  • With the educational institution that owns the data.

  • With trusted service providers such as Microsoft Azure and Microsoft Defender for Cloud, under strict confidentiality and data protection terms.

  • When required by law or necessary to protect users and the integrity of the system.

We never sell, lease, or disclose user data for marketing purposes.

9. Your Rights and Choices

Depending on your location, you may have rights to:

  • Access your personal data.

  • Request correction or deletion of inaccurate information.

  • Withdraw consent for processing, where applicable.

Requests concerning school-provided data must be submitted to your institution.
Requests about user-submitted data (e.g., profile photos) can be sent directly to campuscore1@gmail.com.

10. Changes to This Policy

CampusCore may update this Privacy Policy to reflect changes in our practices or applicable laws.
The latest version will always display the updated “Last Updated” date. Continued use of the Services constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or CampusCore’s data practices, please contact us at:

Campus Core, LLC
Atlanta, Georgia, USA
campuscore1@gmail.com

CampusCore Privacy Policy

Last Updated: October 8, 2025
Effective Date: October 8, 2025

Welcome to Campus Core, LLC (“CampusCore,” “we,” “our,” or “us”). CampusCore is an academic advising and student success platform designed to enhance communication between students and advisors, streamline academic workflows, and provide AI-powered support for academic and career planning.

This Privacy Policy explains how we collect, use, share, and protect information when you use our mobile application, website, or any other platform we operate (collectively, the “Services”).

1. Overview

CampusCore serves students, advisors, counselors, and educational institutions.

  • Students can schedule advising appointments, manage tasks, view announcements, and interact with an AI academic assistant.

  • Advisors can view student lists, manage availability, send announcements or tasks, and track academic progress metrics.

CampusCore takes data privacy and security seriously. We comply with key educational and privacy protection laws, including:

  • FERPA (Family Educational Rights and Privacy Act): U.S. law protecting student education records. CampusCore acts as a school official with legitimate educational interest, processing data solely under the direction of the educational institution.
    Learn more

  • COPPA (Children’s Online Privacy Protection Act): Protects children under 13. CampusCore relies on schools to obtain parental consent where required and does not directly collect data from minors.
    Learn more

  • GDPR (General Data Protection Regulation): Although CampusCore operates exclusively within the U.S., our practices align with GDPR principles of security, consent, and data minimization.
    Learn more

CampusCore does not conduct international data transfers or store data outside of the United States.

2. Information We Collect

CampusCore primarily functions as a data processor, not a data collector. We handle and process the information provided by educational institutions to deliver our Services securely.

A. Information Provided by Educational Institutions

Most data originates from your school, including:

Student Data:

  • Name, email, major, year, GPA, completed credits

  • Areas of interest (subject areas, industries, job types)

Advisor Data:

  • Name, email, office location, and department

Course & Department Data:

  • Course IDs, codes, names, credits, descriptions, schedules, and department information

Data is transmitted securely through:

  • Encrypted API connections with the school’s Student Information System (SIS), or

  • Encrypted CSV uploads by authorized administrators

All institutional data remains the property of the educational institution. CampusCore acts solely as a data processor under written agreements.

B. Information You Provide Directly

CampusCore collects minimal user-submitted data:

  • Profile Image (optional): For personalizing profiles.

  • Academic or Career Goals: Provided by the student to personalize their AI advisor.

  • Support Requests: Name, email, and message content if you contact support.

CampusCore does not collect payment data, Social Security Numbers, or behavioral tracking analytics.

3. How We Use Information

We process data only to provide and improve our Services:

  • Display school-provided data securely to authorized users.

  • Enable advising, scheduling, task, and announcement functionality.

  • Power AI-based academic and career tools.

  • Respond to support requests.

  • Fulfill legal, contractual, and compliance obligations.

We never sell, rent, or share data for marketing or advertising purposes.

4. Data Ownership and Institutional Control

  • Educational institutions own and control all data they provide.

  • CampusCore acts as a data processor and only handles data according to institutional direction.

  • Students and parents seeking access or correction must contact their school administrator.

  • At an institution’s written request, CampusCore will delete or modify institutional data within 30 days.

5. Data from Minors and COPPA Compliance

CampusCore is designed for users 13 years and older. If younger students are included:

  • The institution acts as the parental agent under COPPA.

  • CampusCore does not knowingly collect data directly from children under 13.

  • Any unauthorized collection will be immediately deleted.

Parents or guardians can reach out to the school or email campuscore1@gmail.com for inquiries.

6. Data Security

CampusCore implements enterprise-grade security controls aligned with NIST SP 800-53, ISO/IEC 27001, and SOC 2standards to ensure data confidentiality, integrity, and availability across our Azure environment.

Core Security Practices

  • Encryption in transit and at rest: All institutional and user data is encrypted using TLS 1.2+ and AES-256 bit encryption.

  • Virtual Network Gateways (vNGW): Data traffic is routed through private, isolated network segments to prevent exposure to the public internet.

  • Role-Based Access Control (RBAC): Strict access policies limit visibility of sensitive data to authorized team members only.

  • Continuous monitoring & audit logging: All authentication attempts, queries, and configuration changes are logged and reviewed through Azure Monitor and Application Insights.

  • Geo-redundant backups: Encrypted backups are stored within Azure’s redundant zones inside the United States.

Microsoft Azure & Microsoft Defender for Cloud

CampusCore’s entire cloud infrastructure is hosted on Microsoft Azure and continuously protected by Microsoft Defender for Cloud, which provides unified, intelligent threat protection and compliance assurance across every CampusCore resource — including App Service, API Management, Azure SQL Database, Blob Storage, and Virtual Network components.

Microsoft Defender for Cloud provides:

  • Adaptive threat detection & prevention: Real-time detection of suspicious activity, brute-force attempts, or anomalous data access across all connected services.

  • Security posture management: Automated recommendations and remediation actions based on NIST SP 800-53, CIS Benchmarks, and ISO 27001.

  • Integrated vulnerability assessment: Regular scans of virtual networks, databases, and app environments to identify and patch vulnerabilities.

  • Advanced malware and endpoint protection: Defender integrates with Azure Security Center to automatically quarantine malicious activity.

  • Regulatory compliance dashboard: Continuous validation of adherence to FERPA, HIPAA, FedRAMP High, and GDPR-equivalent standards, ensuring all systems remain audit-ready.

Both Azure and Microsoft Defender for Cloud operate under Microsoft’s Data Protection Addendum (DPA) and maintain certifications for:
ISO/IEC 27001, SOC 1, SOC 2, SOC 3, and FedRAMP High Moderate, with full alignment to FERPA, HIPAA, CMMC, and GDPR security principles.

7. Data Retention and Deletion

  • Institutional data is retained only as long as necessary to fulfill our contractual obligations.

  • Upon termination or request from the institution, all data is permanently deleted from CampusCore systems and backups within 30 days.

  • User-uploaded profile photos can be deleted anytime by the user directly or by contacting campuscore1@gmail.com.

  • Encrypted system backups are automatically purged on a rolling 30-day schedule.

8. Information Sharing

CampusCore does not share information except:

  • With the educational institution that owns the data.

  • With trusted service providers such as Microsoft Azure and Microsoft Defender for Cloud, under strict confidentiality and data protection terms.

  • When required by law or necessary to protect users and the integrity of the system.

We never sell, lease, or disclose user data for marketing purposes.

9. Your Rights and Choices

Depending on your location, you may have rights to:

  • Access your personal data.

  • Request correction or deletion of inaccurate information.

  • Withdraw consent for processing, where applicable.

Requests concerning school-provided data must be submitted to your institution.
Requests about user-submitted data (e.g., profile photos) can be sent directly to campuscore1@gmail.com.

10. Changes to This Policy

CampusCore may update this Privacy Policy to reflect changes in our practices or applicable laws.
The latest version will always display the updated “Last Updated” date. Continued use of the Services constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or CampusCore’s data practices, please contact us at:

Campus Core, LLC
Atlanta, Georgia, USA
campuscore1@gmail.com


CampusCore

About

About

Company

© 2025 CampusCore. All rights reserved.