Privacy Policy
Effective date: May 1, 2026
MyCoop (“we,” “our,” or “us”) operates the MyCoop homeschool co-op management platform at mycoop.app and its subdomains. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
By creating an account or using MyCoop, you agree to this policy. If you do not agree, please do not use MyCoop.
1. Information We Collect
Account information
When a co-op administrator signs up, we collect their name, email address, and organization name. We use Clerk for authentication; Clerk processes passwords, MFA, and OAuth tokens. We never store raw passwords.
Co-op member data
Co-op administrators enter family, student, and guardian information on behalf of their members. This may include names, email addresses, phone numbers, mailing addresses, grade levels, and emergency contacts. MyCoop processes this data strictly as a data processor acting on the co-op’s behalf.
Usage data
We collect standard web server logs (IP address, browser type, pages visited, timestamps) and application-level events (feature usage, error reports) to operate and improve the service.
Payment information
Tuition and fee payments are processed by Stripe. MyCoop never sees or stores raw card numbers. Stripe’s privacy policy governs payment data.
2. How We Use Your Information
- Provide, operate, and maintain the MyCoop platform
- Send transactional emails (enrollment confirmations, invitations, trial expiry notices)
- Respond to support requests
- Send product updates and announcements (you may unsubscribe at any time)
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell your personal information. We do not use co-op member data for advertising or share it with third parties except as described below.
3. Data Sharing and Sub-processors
We share data only with the vendors necessary to operate MyCoop:
| Vendor | Purpose |
|---|---|
| Clerk | Authentication, user accounts, SSO |
| Neon | PostgreSQL database hosting (US East) |
| Vercel | Application hosting and deployment |
| Stripe | Payment processing |
| Resend | Transactional email delivery |
| Cloudflare | CDN, DNS, file storage (R2) |
4. Data Retention
Active organization data is retained for as long as the account is open. When a subscription expires or an organization is deleted:
- Dashboard access is paused immediately upon expiry.
- Data is held for 90 days to allow reactivation.
- After 90 days, data is permanently deleted unless a data retention request is submitted before that deadline.
5. Children's Privacy (COPPA)
MyCoop manages data about minor students on behalf of their co-op’s administrative staff. We do not market to or knowingly collect data directly from children under 13. Students do not have MyCoop accounts — all student data is entered by authorized co-op admins or guardians.
Co-op administrators are responsible for ensuring they have appropriate parental consent to enter student data into the platform and for complying with applicable laws such as COPPA and FERPA.
6. Security
We use industry-standard practices: TLS encryption in transit, encrypted storage at rest, row-level tenant isolation in the database, and role-based access controls. Multi-factor authentication is available to all users via Clerk.
No system is perfectly secure. If you discover a security vulnerability, please report it to [email protected].
7. Your Rights
Depending on your location, you may have the right to access, correct, export, or delete your personal data. To exercise these rights, email [email protected]. We will respond within 30 days.
8. Cookies
MyCoop uses session cookies required for authentication (managed by Clerk) and preference cookies (e.g., dark-mode setting). We do not use third-party advertising cookies. You may disable cookies in your browser, but this will prevent you from logging in.
9. Changes to This Policy
We may update this policy as the platform evolves. Material changes will be announced via the in-app notification banner and by email to the organization’s admin at least 14 days before the change takes effect. Continued use after the effective date constitutes acceptance.
10. Contact
Questions about this policy? Email us at [email protected].