My ABA Mentor Privacy Policy

Privacy Policy

Last updated: September 7, 2025

Welcome to My ABA Mentor (“My ABA Mentor,” “we,” “us,” or “our”). This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our websites, applications, and services (collectively, the “Services”). It also explains your privacy rights and how to exercise them.

Important: This policy is for general information and does not constitute legal advice. Laws evolve, and your use of the Services may be subject to additional terms or product-specific notices. If you have questions about this policy or your privacy rights, contact us at manager@myabamentor.com.

1) Quick Summary & California “Notice at Collection”

This section summarizes the categories of personal information we collect, the purposes for which we use it, and whether we “sell” or “share” it for cross-context behavioral advertising under the California Consumer Privacy Act (as amended by the CPRA).

Category (examples) Sources Primary purposes Disclosed to Retention (typical) Sold/Shared?*
Identifiers (name, email, username, IP address, device IDs) You; your organization; automatically from your device Account creation, authentication, customer support, security, service delivery Service providers (hosting, auth, analytics); enterprise customer (if your org provides your account) Account life + up to 3 years No sale; Possible share via analytics/ads cookies if enabled (opt-out available)
Commercial / transaction data (subscription plan, payments metadata, purchase history) You; payment processor Billing, accounting, fraud prevention, tax compliance Payment processors; accounting tools 7 years (tax/audit laws) No
Internet / network activity (logs, usage data, pages viewed, referrers) Automatically from your device Analytics, service improvement, security, debugging Analytics and security providers 12–24 months Possible share via analytics/ads cookies if enabled (opt-out available)
Geolocation (coarse) (region/country) Automatically; you Localize content, detect fraud, compliance Hosting/CDN; analytics 12–24 months No
Professional / student info (role, program, institution, license status you provide) You; your organization Eligibility, role-based access, support Service providers; your organization Account life + 3 years No
Communications (support tickets, chat, feedback) You Support, troubleshooting, quality assurance Support tools 24 months No
Sensitive PI (account log-in with password; 2FA secrets) You Authentication, security Auth/hosting vendors Account life No; not used to infer characteristics

* “Sold” means exchanged for money or other valuable consideration with a third party. “Shared” means disclosed for cross-context behavioral advertising. We do not knowingly sell personal information. We may share limited data for analytics/ads only if you accept such cookies or we have your opt-in where required. You can manage preferences in Cookie Settings.

Financial incentives: If we offer referral credits, discounts for subscribing to communications, or similar programs, we will disclose material terms at the point of offer, including how to opt out at any time. See §11.

2) Who We Are & Scope

  • Controller: MYABAMENTOR LLC
    Registered address: 1312 17th St. Suite 146 Denver, CO 80020
    Email: manager@myabamentor.com
  • Representative (EEA/UK, if applicable): [Insert EU/UK representative details or state “Not applicable”]
  • Data protection contact: AJ Washington

Scope: This policy applies to the Services where it appears or is linked. If you access our Services through an organization (e.g., a university, employer, or clinic) with whom we have an enterprise agreement, we process certain data as a processor/service provider on behalf of that organization; see §13.

We do not intentionally collect information from children under 13 (or under 16 in the EEA/UK) and our Services are intended for adults and older students; see §12.

3) Information We Collect

A. Information you provide directly

  • Account details (name, email, password, role, license status you share)
  • Profile and preference settings
  • Support communications, surveys, feedback, and content you submit
  • Organizational details (institution, cohort, course, team)
  • Marketing preferences and consent records

B. Information collected automatically

  • Device and browser data (IP address, OS, device type, language)
  • Usage data (pages viewed, features used, timestamps, referring/exit pages)
  • Diagnostic logs (crash reports, performance metrics)
  • Approximate location (derived from IP, at region/city level)

C. Information from third parties

  • Your organization (for enterprise/education accounts): roster, role, assigned content, training status
  • Payment processors: limited transaction confirmations (we do not store full card numbers)
  • Single sign-on providers: identity and email for authentication
  • Marketing/Ad partners (if cookies are accepted): campaign performance data

D. Sensitive personal information

We may process account log-in credentials and 2FA secrets for authentication. We do not collect government IDs, precise geolocation, or biometrics. We do not use sensitive information to infer characteristics about you.

4) How We Use Personal Information

  1. Provide, operate, and secure the Services (including authentication and fraud prevention)
  2. Create and manage accounts; deliver content; track progress and usage
  3. Process payments and fulfill subscriptions
  4. Provide customer support and respond to requests
  5. Analyze usage to improve the Services and develop new features
  6. Send service, transactional, and—if permitted—marketing communications
  7. Enforce terms, comply with law, and protect rights, safety, and property
  8. Support research and product development using aggregated or de-identified data

Legal bases for EEA/UK users (GDPR)

  • Contract (Art. 6(1)(b)) for providing the Services you request
  • Legitimate interests (Art. 6(1)(f)) for security, analytics, and improvement (balanced against your rights)
  • Consent (Art. 6(1)(a)) for optional cookies/marketing where required
  • Legal obligations (Art. 6(1)(c)) for tax/audit/fraud prevention

5) When We Disclose Information

  • Service providers / processors that host our infrastructure; provide authentication, analytics, communications, and support tools; process payments; and store data under our instructions and appropriate contracts
  • Your organization (if you access the Services through an enterprise/education agreement) for account provisioning, usage, and compliance reporting
  • Legal and safety recipients (law enforcement, regulators) when required by law or to protect rights and safety
  • Business transfers (merger, acquisition, financing): your information may be transferred subject to this policy

We do not allow service providers to use your information for their independent purposes.

6) Cookies, SDKs & Similar Technologies

  • Strictly necessary cookies – required for login, security, load balancing
  • Functionality cookies – remember preferences
  • Analytics cookies – measure usage and performance
  • Advertising cookies – personalize or measure ads (used only if you consent)

You can manage preferences in Cookie Settings and through your browser controls. Blocking some cookies may impact functionality.

Do Not Track (DNT): We do not respond to DNT signals due to industry standards variability.

7) Analytics & Advertising

  • You can opt out of analytics/ads cookies via Cookie Settings at any time.
  • Where required by law, we obtain consent before setting non-essential cookies.

8) Data Retention

  • Account, profile, and course/usage data: for the life of the account + up to 36 months
  • Support tickets and communications: 24 months
  • System logs and security records: 12–24 months
  • Transaction and billing records: 7 years (tax/audit)

We may retain de-identified or aggregated data without time limit.

9) Security

We implement organizational and technical measures appropriate to the risk, including encryption in transit, access controls, and auditing. No system is 100% secure. You are responsible for maintaining the confidentiality of your credentials and promptly notifying us of any suspected compromise.

10) International Data Transfers

We may transfer, store, and process information in countries other than where you live. Where required, we rely on lawful transfer mechanisms such as Standard Contractual Clauses (and UK addendum) and implement supplementary measures as appropriate.

11) Marketing; Financial Incentive Disclosures (CA)

  • We may send you product updates or newsletters if you opt in (or where permitted by law). You can opt out via the email footer or in your account settings.
  • If we offer discounts or referral programs that involve personal information (e.g., email for a discount), we will disclose the program terms at the point of collection, including how the value of the incentive is calculated (e.g., discount amount) and how to withdraw without penalty.

12) Children’s Privacy

Our Services are not directed to children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us so we can take appropriate steps.

HIPAA/FERPA note: My ABA Mentor is not designed to collect Protected Health Information (PHI) or student education records governed by FERPA unless expressly agreed in writing with a covered entity/educational institution. If we later offer features involving PHI/FERPA, such processing will be governed by appropriate agreements (e.g., BAA, data sharing agreement).

13) Organizational Customers (Universities, Employers, Clinics)

If your access is provided by an organization with a separate agreement with us, we process certain personal information as a processor/service provider to deliver services to that organization. In those cases, the organization’s privacy notice governs, and we act on its documented instructions. We may also act as an independent controller for account integrity, security, billing, and to comply with law.

14) Your Privacy Rights

  • Access: know whether we process your personal information and obtain a copy
  • Correction: request we correct inaccurate or incomplete information
  • Deletion: ask us to delete personal information (with certain exceptions)
  • Portability: receive certain information in a portable format
  • Restriction/Objection (EEA/UK): object to or restrict certain processing based on legitimate interests
  • Withdraw consent: where processing is based on consent
  • Opt out of: (i) sale of personal information; (ii) sharing for cross-context behavioral advertising/ targeted advertising; (iii) profiling/automated decisions with legal or similarly significant effects (if we engage in such activities)

How to exercise your rights: Email manager@myabamentor.com with your request and sufficient information to verify your identity. You may also use in-product tools where available.

Authorized agents (CA): If you use an agent, we may require proof of authorization and verification of your identity.

Appeals: If we deny your request, you may appeal by replying to our decision email with “Appeal” in the subject within 45 days. If you remain unsatisfied, you may contact your state Attorney General or local data protection authority.

15) U.S. State-Specific Notices

California (CCPA/CPRA)

  • We provide this Notice at Collection in §1.
  • We do not knowingly sell personal information. We may share limited data for cross-context behavioral advertising via cookies only with your consent; you can opt out at any time via Cookie Settings or a Do Not Sell/Share link.
  • We do not use or disclose Sensitive Personal Information for purposes other than those permitted by Cal. Civ. Code §1798.121, and we do not use it to infer characteristics.
  • Shine the Light: California residents may request information about certain disclosures to third parties for direct marketing in the prior year.

Colorado, Connecticut, Virginia, Utah

Residents may have rights to access, correct, delete, obtain a portable copy, and opt out of targeted advertising, sale, and certain profiling. Use the methods in §14. We will respond within statutory timelines.

Nevada

We do not sell “covered information” as defined by Nevada law. Residents may send sale-opt-out requests to manager@myabamentor.com.

16) Automated Decision-Making

We do not use automated decision-making that produces legal or similarly significant effects without human involvement. If this changes, we will provide required notices and options to opt out where applicable.

17) Third-Party Links & Services

The Services may link to third-party sites or integrate third-party tools (e.g., payment processors, video platforms). Their privacy practices are governed by their own policies, and we are not responsible for them.

18) Changes to This Policy

We may update this policy to reflect changes in laws, technologies, or our practices. We will post the updated version with a new “Last updated” date and, where required, provide additional notice.

19) Contact Us

MYABAMENTOR LLC
Attn: Privacy
1312 17th St. Suite 146 Denver,CO 80020
Email: manager@myabamentor.com

If you are in the EEA/UK and wish to contact a data protection authority, please see the EU Data Protection Board or UK ICO websites.

20) Definitions (selected)

  • “Personal information / personal data”: Information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable person.
  • “Processing”: Any operation performed on personal information (collection, storage, use, disclosure, etc.).
  • “Sale” / “Share” (California): As defined by CCPA/CPRA; see §1.
  • “Service provider/processor”: A vendor that processes personal information on our behalf under contract.
  • “Targeted advertising”: Ads directed to a consumer based on personal information obtained from their activities across non-affiliated websites or applications.

Product-Specific Addenda (Examples)

Use or expand these if you enable the listed features.

A) Proctoring / Exam Integrity Tools

If enabled, we may process additional telemetry (e.g., focus changes, attempt counts, IP-region) solely to uphold academic integrity and platform security. We do not enable webcam/microphone capture without explicit consent and a separate notice.

B) Community / Mentorship Forums

Posts, comments, and messages you submit may be visible to other authorized users. You are responsible for the content you share. We may moderate content per our community guidelines.

C) Integrations (e.g., SSO, LMS, Stripe)

If you connect third-party accounts, we receive limited information necessary to enable the integration. The third party’s privacy policy applies to its processing.

D) Research & Improvements

We may use de-identified and aggregated data to analyze learning outcomes and improve features. We do not attempt to re-identify de-identified data.

Page Created with OptimizePress