Ascent Privacy Policy

This Privacy Policy describes how Ascent Funding, LLC, Skills Fund, LLC, d/b/a Ascent Skills Funding, and their affiliates, subsidiaries and programs, and third parties acting on their behalf, (collectively referred to herein as “Ascent”) may collect, share, and use information that is captured while you use Ascent’s website(s), mobile application(s), student success coaching platform, and/or other online service(s) related to student success and learning about, applying for, or managing a loan, including entering into Ascent contests and sweepstakes  (collectively, the “Online Services”). The use of “we,” “our,” and “us” herein refers to Ascent, and “you” and “your” refers to you as the consumer utilizing Ascent’s Online Services.

This Privacy Policy applies to your use of the Online Services. This Privacy Policy also applies to information that we may collect through offline channels, which include but are not limited to phone calls and physical correspondence.

International Users: This Privacy Policy is intended to cover only customers and other users of the Online Services in the United States. Any international users of the Online Services should be aware that by using the Online Services, your information will be transferred to, stored on, and/or processed on servers located in the United States. You also understand that the United States’ data protection laws may not offer the same protections or rights, including judicial redress, with regards to your personal information as the laws of the country in which you are located. By using the Online Services or providing us with your personal information, you consent to this transfer, storage, and processing of your personal information.

Your Consent to this Privacy Policy: By using our Online Services, you agree to the terms of this Privacy Policy as they may be amended from time to time. This Privacy Policy applies to all users of the Online Services. By providing information to us, you understand and consent to the collection, maintenance, processing, and transfer of such information in and to the United, in accordance with United States law. We reserve the right to modify or revise this Privacy Policy. We may notify users if we make material modifications to the Privacy Policy in accordance with applicable law; however, we reserve the right to make other modifications or revisions without prior notice to you. We recommend that users review the most up-to-date version of the Privacy Policy periodically, which will be available on the Ascent website. Your continued use of the Online Services indicates your agreement to be bound by subsequent modifications or revisions to the Privacy Policy.

What Information Does Ascent Collect and How Does Ascent Collect that Information?

Personal Information and Sources

We collect Personal Information that you provide to us on the Online Services via coaching sessions, forms, applications, surveys, user account creation, and other fillable fields. This “Personal Information” may include your name, address, date of birth, Social Security number, citizenship, military status, age, national origin, email address, telephone numbers, loan number, account number, driver’s license number, passport number, username (if different than your email), password, education or academic information, housing information, audio information, professional (or employment) information, salary, income, financial information, and other identifying information. Personal Information does not include de-identified or aggregated information, which is information in which identifiable information is removed and that cannot reasonably be used to identify an individual.

If you choose to use the Online Services, we may also collect information from third parties, such as credit reports and employment information.

We also collect information about your use of the Online Services, such as your information relating to any loan application, transaction history, account balance, Ascent Connect experience, and other account information, subscription status, and payment information.

We may also collect information through offline channels, which includes audio recordings through customer service calls and physical correspondence.

Information Collected Automatically

In addition to the Personal Information that we collect from you as described above, we may automatically collect certain information, including Personal Information, from your use of the Online Services. This information may include:

• Usage information, such as which features of the Online Services you access or use or the frequency of access;
• Device information, such as hardware model, operating system, application version number, browser type, or IP address;
• Mobile device information, such as the unique device identifier assigned to your device, mobile carrier, operating system, and other device attributes;
• Information about software bugs, errors, API calls, page loads, or similar requests; and
• Other information about your Internet activities.

The information described above may be collected through cookies (defined below), pixel tags (defined below), clear gifs, or other technologies.

For What Purposes Do We Use Your Personal Information?

Ascent uses your Personal Information for the following purposes:

• To provide you with the Online Services and fulfill your requests, and process your transactions;
• To communicate to you important information regarding the Online Services, your loan application, and/or other information related to your use of the Online Services;
• For our business purposes, such as data analysis, audits, developing new products, enhancing and improving the Online Services, identifying usage and web traffic trends, and determining the effectiveness of our communications and marketing and promotional campaigns;
• To respond to your inquiries or provide you with customer service or technical support;
• For risk control, to help protect the security and integrity of the Online Services, to comply with laws and regulations, and to comply with other legal process and law enforcement requirements;
• To help us identify and resolve issues that may arise on the Online Services;
• For application monitoring services, analytics, and application functionality;
• To contact you, if you register a profile with us, via telephone or email;
• For marketing purposes, such as notifying you of new Ascent products, promotions, and news;
• To personalize your experience or to improve the Online Services and our offerings by allowing us to customize the content and/or layout of the Online Services based on feedback and information we receive from you;
• For survey or sweepstake purposes, such as if you participate in a survey or sweepstake and included information needed for your participation (such as contact information), and to fulfill your prize;
• For specific purposes for which we obtain your consent; and
• Other legitimate business purposes not otherwise prohibited by law.

Who Do We Share Your Personal Information With?

We do not sell your Personal Information or the Personal Information of minors. We do not trade, or otherwise transfer your Personal Information to third parties without your consent, except as described in this paragraph. We may, without your consent, disclose your Personal Information:

• To Richland State Bank, Bank of Lake Mills, our service providers, and other trusted third parties including Second Street and Upland Software, Inc. who assist us in operating the Online Services, running sweepstakes and contests, processing transactions (such as for your student loan or bootcamp loan application), conducting our business, or servicing you, so long as these parties agree to keep this information confidential, consistent with this Privacy Policy;
• As a corporate asset in the event of a company sale of assets, merger, bankruptcy, or similar corporate transaction;
• When we have reason to believe that such disclosure is necessary to identify, contact, or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, customers, other users of the Online Services, or anyone else who could be harmed by such activities; or
• To respond to judicial process, to provide information to law enforcement agencies, or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law, such as to comply with a subpoena or similar legal process.

We may also request your permission to share your Personal Information for a specific purpose. We will notify you and request consent before you provide the Personal Information or before the Personal Information you have already provided is shared for such purpose.

How Do We Protect Your Personal Information?

We employ reasonable security measures, designed to maintain the confidentiality, integrity, and security of your Personal Information to protect against the loss, misuse, or alteration of information that we have collected about you. For example, Ascent employs policies and procedures designed to protect Personal Information in accordance with applicable law, including but not limited to the Gramm-Leach-Bliley Act. Unfortunately, no security technology is completely secure, and you should remember that email and the Internet generally may not be a secure means of communication and/or transmitting Personal Information. Personal Information that you share via email is done so at your own risk.

Do We Track Our Visitors Online?

Some web browsers may transmit “do-not-track” or similar signals to the websites with which a user communicates. There currently is no industry standard for how websites must respond when they receive such a signal. The Online Services do not respond to do-not-track signals sent by web browsers.

Some of the content, advertisements, and functionality on the Online Services may be provided by third parties. We also use third-party service providers, including Sentry.io, to provide us with analytics, error detection, and application functionality services, so we can improve our Online Services. Although Sentry.io does not use cookie technology, collect Personal Information, or otherwise track users, data is collected during instances of application crashes, errors, software bugs or other adverse events. Sentry.io data is paired with randomly generated unique identifiers (UUIDs) to enable us to diagnose adverse events, like application crashes.

We also use third-party service provider Microsoft Clarity to capture the user interactions across our Online Services such as, how pages are rendering, and user interactions such as mouse movements, clicks, and scrolls. For more information, see Microsoft Privacy Statement.

We also use Socure to help with identity verification and fraud prevention on loan applications. We share your personal information with Socure for said identity verification purposes. To the extent Socure generates or derives data from a photograph of your face, it is not done in order to identify you as a specific individual. Instead, such information is used by Socure in order to match document headshots with a selfie photograph. To the extent Socure derives biometric information from an image of your face, Socure will permanently destroy the images and any information derived therefrom within three years from the date the images were captured, unless otherwise specified in the Socure Products and Services Statement. For more information on Socure’s policies please visit their privacy policy here.

Other third parties may collect information about your use of the Online Services through technologies such as cookies and web beacons, and this information may be collected over time and combined with information collected across different websites. Some of these third parties may provide you with ways to choose not to have your information collected or used for targeted advertising. For example, some of these third parties may be members of the Network Advertising Initiative (“NAI”) or the Digital Advertising Alliance (“DAA”), which provide websites where you can opt out of certain types of data collection and use or out of receiving targeted ads from member companies. To opt out, please visit https://www.networkadvertising.org/managing/opt_out.asp or https://www.aboutads.info. For more information about mobile device opt outs, please visit https://thenai.org/opt-out/mobile-opt-out/.

Another third-party service we use is Google Analytics, which is a web analysis service provided by Google. Google utilizes the data collected to track and examine the use of the Online Services and may share this data with other Google services. We have also enabled Google Analytics Advertising features, including Remarketing, so Google may use the data collected to contextualize and personalize the ads of its own advertising networks. The Online Services and third parties, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on past visits to the Online Services and report how ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to the Online Services. You can learn more about Google’s privacy practices by visiting their website at https://www.google.com/policies/privacy/partners/.

Subprocessors

Some of the content, advertisements, and functionality of our Online Services may be provided by third-party subprocessors. When we share your information with third-party subprocessors, such as our vendors and service providers, we remain responsible for it. We work hard to maintain your trust and when bringing on new vendors and subprocessors, we make certain those third parties can be trusted with any Personal Information they may have access to.

Subprocessor List

Name of Subprocessor: AWS Amazon
Description of Processing: Data Hosting
Location of Processing: U.S.
Corporate Location: U.S.

Name of Subprocessor: Sentry.io
Description of Processing: Application monitoring provider
Location of Processing: U.S.
Corporate Location: U.S.

Name of Subprocessor: Microsoft Clarity
Description of Processing: Website analytics
Location of Processing: U.S.
Corporate Location: U.S.

Name of Subprocessor: Socure
Description of Processing: Identity Verification
Location of Processing: U.S.
Corporate Location: U.S.

What is Plaid?

Skills Fund, LLC d/b/a Ascent Skills Funding (“Skills Fund”) may use Plaid Inc. (“Plaid”) to gather your account transaction data from financial institutions in regard to your Income Share Agreement (“ISA”). If you link a bank account in connection with an Income Share Agreement (“ISA”), Plaid will collect data directly from the financial institution you specify. You grant Plaid and us the right, power, and authority to access and transmit personal and financial information about you from the financial institution you specify. You agree to such personal and financial information being collected, transferred, stored, and processed in accordance with our Privacy Policy and Plaid’s Privacy Policy.

When you link a bank account in connection with an ISA, you authorize Skills Fund and Plaid to continue to collect data from the financial institution you specify for as long as your ISA remains outstanding. The frequency at which Skills Fund and Plaid will collect data during this period will vary. You can revoke this authorization by writing Skills Fund at [email protected].

What are Cookies?

The Online Services also use “cookies” (small data files stored on your device) and other tracking technologies to collect information about your use of the Online Services. The information that is captured about your use of the Online Services may be used in a variety of ways, such as to monitor and maintain information about your visits to the Online Services, to help us identify and address problems, to improve the Online Services, to analyze web traffic trends, and to help protect the security and integrity of the Online Services.

You may set your browser not to accept cookies or to notify you when you receive cookies, giving you the opportunity to decide whether to accept cookies. If you do not accept cookies, you may still use the Online Services, but your experience may be degraded.

What are Web Beacons?

Web Beacons are commonly used to demonstrate that a webpage or email address was accessed or opened, or that certain content was viewed or clicked. We may use Web Beacons via the Online Services in connection with our identity verification process for loan applications. This may include utilizing online activity, device, and location data collected to verify information submitted to us.

We share this data with trusted third parties who assist us in operating the Online Services, processing transactions (such as your student loan or bootcamp loan application), conducting our business, or servicing you. These parties agree to keep Web Beacon information confidential, consistent with this Privacy Policy.

What are Pixels?

We may also use pixel tags (also known as “clear gifs,” “Web beacons,” or “1-by-1 gifs”) via the Online Services. These may be used in connection with certain pages of the Online Services or with email messages to measure the effectiveness of our communications and our marketing campaigns, to compile statistics about usage and response rates, to market to you, and to assist us in resolving issues that may arise on the Online Services.

What About Third-Party Links in the Online Services?

The Online Services may contain links to other websites that we feel may be of interest to you. We are providing these links to you as a convenience, but these external websites may have different privacy policies than the Online Services. Please review the privacy policy of any third-party website or service you access through the Online Services as any information that you share with third-party websites or services are not subject to this Privacy Policy

Notice Regarding Social Media Use

Personal Information that you share on Ascent-managed pages on social media platforms, such as Facebook, Instagram, and Twitter, and social media advertising services are subject to the privacy policies and terms of use of those platforms. Please refer to those policies before posting any content to those pages or to learn how to opt out from ads or otherwise manage ad preferences. You should NEVER provide Personal Information to Ascent through social media.

Children’s Online Privacy Protection

We do not knowingly collect Personal Information from individuals under 13 years of age without parental consent. If we become aware that a child under 13 is attempting to submit Personal Information, we will inform the child that he or she is ineligible to do so. We will then remove this information from our records. If you believe that we have inadvertently collected Personal Information from a child, please notify us immediately. Our Online Services are not intended for children under 13 years of age.

California Residents

If you are a California resident, California law may provide you with additional rights regarding your Personal Information, including under the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act (“CPRA”).

CPRA Notice at Collection

Ascent is providing you with this Notice at Collection (“Notice”) and Privacy Policy as required under CCPA and CPRA to provide you with timely notice, at or before the point of collection, about the categories of Personal Information to be collected from you, the purposes for which the Personal Information will be used, and retention periods.

Data Integrity and Retention

We take reasonable steps to ensure that the Personal Information we process is accurate, complete, and current, but we depend on our users to update or correct their Personal Information whenever necessary. We also take reasonable security measures to protect against unauthorized access to, or unauthorized alteration, disclosure, or destruction of, data.

We will only retain your information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. To determine the appropriate retention period for your information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your information, the purposes for which we process your information and whether we can achieve those purposes through other means, and the applicable legal requirements, including taking into account the freedoms of speech and expression.

Categories of Personal Information to be Collected

Ascent collects the following categories of Personal Information about you:

• Identifiers: We collect identifiers such as name, postal address, internet protocol address, email address, account name, Social Security number, email address, account name (if different than your email) driver’s license number, passport number, or other similar identifiers. We retain this information for up to seven years after loans are paid in full.
• Audio Information: We may collect audio information gathered from use of the Online Services, specifically, user communications on our student success coaching platform. We retain audio information and call recordings for up to five years after loans are paid in full.
• Customer Records Information: We collect customer records information such as name, Social Security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, bank account number, date of birth, Social Security number, email address, education, employment, bank account number, or other financial information. We retain this information for up to seven years after loans are paid in full.
• Employment Information: We collect your employment information such as employment offer letter/contract, pay stubs, tax forms, or other information used for income verification purposes.
• Financial Information: We collect your financial information such as your payment information, including bank account information for ACH purposes. We retain this information for up to two years following cancellation of authorization.
• Internet or other electronic network activity information: We collect Internet or other electronic network activity information such as:
  • Usage information, such as which features of our online services you access or use or the frequency of access;
  • Device information, such as hardware model, operating system, application version number, browser type, or IP address;
  • Mobile device information, such as your unique device identifier, mobile carrier, operating system, and other device attributes; and
  • Cookies, pixel tags, clear gifs, and other technologies.
• Information obtained through Offline channels: With your consent, we record customer service, Ascent Connect coaching and related telephone calls and store audio recordings thereof, and information when we conduct physical correspondence when requested by you.

Business or Commercial Purpose(s) for which the Categories of Personal Information will be Used

Ascent will use the categories of Personal Information about you described above for the following business or commercial purposes:

• Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
• Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
• Debugging to identify and repair errors that impair existing intended functionality.
• Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
• Undertaking internal research for technological development and demonstration.
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
• For marketing purposes, such as notifying you of company news and promotions;
• For survey or sweepstakes purposes, such as if you participate in a survey or sweepstakes and includes information needed for you to participate (such as contact information), and to fulfill your prize;
• To personalize your experience or to improve our products and services and by allowing us to customize the content and/or layout of our services based on feedback and information we receive from you;
• For our legitimate business purposes that are not otherwise prohibited by law; and
• For specific purposes for which we obtain your consent.

Categories of Personal Information Disclosed to Third Parties for Business or Commercial Purpose(s):

• Identifiers: We collect identifiers such as name, postal address, internet protocol address, email address, account name, Social Security number, email address, account name (if different than your email) driver’s license number, passport number, or other similar identifiers.
• Customer Records Information: We collect customer records information such as name, Social Security number, address, telephone number, passport number, driver’s license or state identification card number, education, employment, bank account number, date of birth, Social Security number, email address, education, employment, bank account number, or other financial information.
• Employment Information: We collect your employment information such as employment offer letter/contract, pay stubs, tax forms, or other information used for income verification purposes.
• Financial Information: We collect your financial information such as your payment information, including bank account information for ACH purposes
• Internet or other electronic network activity information: We collect Internet or other electronic network activity information such as:
  • Usage information, such as which features of our online services you access or use or the frequency of access;
  • Device information, such as hardware model, operating system, application version number, browser type, or IP address;
  • Mobile device information, such as your unique device identifier, mobile carrier, operating system, and other device attributes; and
  • Cookies, pixel tags, clear gifs, and other technologies.

Categories of Third Parties to Whom Personal Information was Disclosed for Business or Commercial Purpose(s):

To partnered banks like Richland State Bank and Bank of Lake Mills, service providers like TransUnion and Socure, and other trusted third parties like Second Street and Upland Software, Inc., who assist us in operating the Online Services, running sweepstakes and contests, processing transactions (such as for your student loan or bootcamp loan application), conducting our business, or servicing you, so long as these parties agree to keep this information confidential, consistent with this Privacy Policy.

Access to Specific Information and Data Portability Rights

Under the CCPA/CPRA, you have the right to request Ascent disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

• The categories of personal information we collected about you;
• The categories of sources for the Personal Information we collected about you;
• Our business or commercial purpose for collecting or selling that Personal Information;
• The categories of any third parties with whom we share your Personal Information;
• The specific pieces of Personal Information we collected about you
• If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
  • Sales, identifying the Personal Information categories that each category of recipient purchased; and
  • Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Right to Deletion

Under the CCPA/CPRA, you have the right to request the deletion of Personal Information. However, this right does not apply where we need to retain the Personal Information for any of the following purposes:

• Provide you with the Online Services;
• Detect or resolve security or functionality related issues;
• Comply with law;
• Conduct research in the public interest;
• Safeguard the right to free speech; or
• Carry out any actions for internal purposes that you or other consumers might reasonably expect.

Right to Opt-Out of the Sale and Sharing of Personal Information

California consumers have the right to opt-out of the sale and sharing of Personal Information by a business that sells or shares Personal Information. Ascent does not sell any Personal Information of California consumers. Ascent does share some personal information with bank partners and trusted third parties in order to process transactions, applications, provide identity verification, monitor fraud, and operate and support the Online Services.

Right to Correction

California consumers may request the correction of any of their sensitive Personal Information for specific secondary purposes.

Right to Restrict Use of Sensitive Personal Information

California consumers may request to limit the use and disclosure of their sensitive Personal Information for specific secondary purposes.

Non-Discrimination

We will not discriminate against you for exercising any of your rights under the CCPA or CPRA. Discrimination under the CCPA/CPRA includes but is not limited to:

• Denying you goods or services.
• Charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
• Providing you a different level or quality of goods or services.
• Suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

How To Exercise Your Rights Under the CCPA/CPRA

If you are a California resident and would like to exercise your access or / and deletion rights under the CCPA or CPRA, please submit a verifiable consumer request to us by either calling the Toll Free Number at +1 855-218-6733 or email us at [email protected]. If you are making a request under CCPA or CPRA, only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

The verifiable request must:

• Provide sufficient information, which may include name, address, and date of birth, that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and
• Describe your request with sufficient detail that allows us to properly understand, evaluate and respond.

We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Personal Information associated with that specific account.

We will only use Personal Information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.  We will attempt to match the Personal Information submitted with your request against our records to verify your identity.

You may designate an authorized agent to make a CCPA/CPRA request on your behalf by writing to us at the contact information provided above. In addition to the requirement stated above that the agent must be registered with the California Secretary of State, we also require documentation confirming that the individual is authorized to submit the request on your behalf. This may include a signed letter from you or notarization of your request.

What Happens When this Privacy Policy Changes?

We may update this Privacy Policy from time to time. Any updated Privacy Policy will be accessible from the footer of the website or other convenient location. The current version of the Privacy Policy, as indicated by the Last Updated date below, will become effective as soon as it is posted. Your use of the Online Services once a revised Privacy Policy has been posted constitutes your acceptance of the revised Privacy Policy.

Do You Have Questions?

If you have any questions about this Privacy Policy, please contact the Toll Free Number at +1 855-218-6733 or email us at [email protected].

 

Last Updated: February 28th, 2023