Effective date: June 23, 2026
Last updated: June 23, 2026
1. Overview
This Privacy Policy explains how CooplyHQ, LLC ("CooplyHQ," "we," "us," or "our") collects, uses, shares, and protects information when you use cooplyhq.com, any CooplyHQ-hosted co-op subdomain, and our related services (collectively, the "Service").
CooplyHQ is a software platform that homeschool co-ops use to build and operate their websites, manage membership, schedule classes, and communicate with families. Our direct customers are the co-ops themselves. Co-op administrators, instructors, parents, and other authorized adults are the people who interact with the Service. Children's information may appear in the Service only because a co-op administrator enters it on behalf of their co-op.
If you are a parent or guardian and want to know what information your co-op has placed in CooplyHQ about your child, contact your co-op administrator first — they control that data. We will support you and the co-op in honoring any verified request.
2. Who we are and how to reach us
The data controller (under GDPR/UK GDPR) and the business (under CCPA/CPRA) responsible for your personal information is:
CooplyHQ, LLCPO Box 4601, Milton, FL 32572
Email: privacy@cooplyhq.com
We do not currently have an EU or UK representative. If you are located in the EEA, UK, or Switzerland and wish to exercise data-protection rights, contact us at privacy@cooplyhq.com and we will respond as required by applicable law.
3. Information we collect
3.1 Information you give us directly
When you create an account, configure a co-op, communicate with us, or pay for a subscription, you may provide:
- Identification: name, email address, phone number, role at the co-op (admin, instructor, parent, etc.).
- Account credentials: username, password (stored only as a cryptographic hash), single-sign-on identifiers if you use a federated login provider.
- Co-op profile information: co-op name, location (city/state), description, logo, public-facing content you publish.
- Billing information: payment-card details and billing address (collected and stored by our payment processor, Stripe — we do not store full card numbers).
- Support communications: messages, attachments, screenshots, and metadata you send to our support team.
3.2 Information a co-op administrator may enter about other people
A co-op administrator may use the Service to manage their co-op's roster, which can include information about other adults (instructors, parents, volunteers) and minors enrolled in the co-op (children of co-op families). This information typically includes names, ages or grade levels, contact information for parents/guardians, course enrollments, attendance, and similar operational records.
Information about minors is entered by adult co-op administrators acting under the authority of their co-op and the consent of the relevant parents or guardians. See Section 7 (Children's privacy) for how we treat this category of information.
3.3 Information collected automatically
When you use the Service, we automatically receive:
- Device and browser information: IP address, browser type and version, operating system, screen size, language, time zone, device identifiers.
- Usage information: pages viewed, links clicked, features used, referring URLs, dates and times of access, and similar interaction data.
- Cookies and similar technologies: see Section 8.
- Log data: server logs that may include the above plus error reports.
3.4 Information from third parties
We may receive information about you from:
- Federated identity providers you use to sign in (e.g., Google, Microsoft, or WorkOS-supported providers).
- Our payment processor (Stripe), which may confirm successful payment, payment failures, fraud signals, and a tokenized reference to your card.
- Email-deliverability and anti-spam services (e.g., Brevo), which may share bounce, complaint, and engagement data.
- Public sources, when you publicly identify yourself as a CooplyHQ user.
4. How we use information
We use information to:
- Operate, maintain, and improve the Service.
- Create and manage accounts and co-op workspaces.
- Process subscriptions, payments, refunds, and invoicing.
- Send service communications (account confirmations, billing notices, security alerts, policy updates).
- Send product communications you have opted into.
- Provide customer support and respond to inquiries.
- Monitor for, prevent, investigate, and respond to fraud, abuse, security incidents, and violations of our Terms.
- Analyze usage to understand which features are valuable and to plan improvements.
- Comply with legal obligations and enforce our agreements.
We do not sell personal information, and we do not use personal information to serve cross-context behavioral advertising. We do not use children's information for any purpose other than providing the Service to the co-op that entered it.
5. Legal bases (GDPR / UK GDPR)
If you are in the EEA, UK, or Switzerland, we rely on the following legal bases:
- Contract — to provide the Service to you and the co-op you belong to.
- Legitimate interests — to secure the Service, prevent abuse, communicate with users about their account, and improve the product, balanced against your rights and interests.
- Legal obligation — to comply with applicable laws and lawful requests.
- Consent — for any processing that requires it (e.g., certain marketing communications). You may withdraw consent at any time without affecting the lawfulness of processing already carried out.
6. How we share information
We share information with the following categories of recipients, only as needed and under appropriate contractual and security protections:
-
Service providers (subprocessors) — companies that help us run
the Service. Current subprocessors include:
- Stripe — payment processing.
- Laravel Cloud (and its underlying cloud-infrastructure providers) — application hosting and database hosting.
- Cloudflare — content delivery, DNS, and DDoS protection.
- Brevo — transactional and operational email delivery.
- WorkOS — authentication / single-sign-on infrastructure.
- The co-op you belong to. If you are an instructor, parent, or other user of a co-op's CooplyHQ workspace, the co-op administrator can see your activity within that workspace.
- Legal and safety. We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of CooplyHQ, our users, or the public (including investigating fraud or violations of our Terms).
- Business transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred to the successor entity. We will require any successor to honor the commitments in this Policy or provide notice of material changes.
- With your direction or consent. We may share information when you direct us to or when you have given consent.
We do not share information with advertisers for cross-context behavioral advertising.
7. Children's privacy (COPPA and FERPA)
CooplyHQ is intended for use by adults operating homeschool co-ops. Children do not have direct accounts or login credentials in the Service. We do not knowingly collect personal information directly from children under 13, and the Service does not offer any feature, page, or sign-up flow that solicits children to interact with us directly.
Where children's information appears in the Service, it is because an adult co-op administrator entered it on behalf of the co-op, in reliance on the co-op's own relationship with the parents or legal guardians of the children involved. Adult parents and guardians may access information about their own children through their own (adult) account; children themselves do not log in. Under our Terms, co-op administrators represent and warrant that they have obtained any parental consent required by the federal Children's Online Privacy Protection Act ("COPPA") and any analogous state law before placing children's information in the Service.
In this arrangement, the co-op is the entity collecting personal information from children and obtaining parental consent. CooplyHQ acts as the co-op's service provider with respect to that information. We use children's personal information solely to provide the Service to the co-op that entered it. We do not sell or share children's personal information, do not use it for advertising, do not use it to build profiles for purposes unrelated to the Service, and do not retain it longer than necessary for those purposes.
If you are a parent or guardian and you believe a co-op has placed your child's information into CooplyHQ without your consent, or you want that information reviewed or deleted:
- Contact the co-op administrator directly. They can review and delete the records.
- If you cannot reach the co-op or believe your request is not being honored, contact us at privacy@cooplyhq.com. We will reasonably cooperate with you and the co-op to honor a verified request.
Where CooplyHQ holds education records on behalf of a co-op functioning as an educational institution, we treat those records as confidential and use them only to provide the Service to the co-op. We do not use education records for our own marketing or product-development purposes outside of the relationship with the co-op.
8. Cookies and similar technologies
We use cookies and similar technologies to:
- Keep you signed in and remember session state (strictly necessary).
- Remember preferences such as language and display settings (functional).
- Understand how the Service is used so we can improve it (analytics).
We do not use cookies for cross-context behavioral advertising.
You can control cookies through your browser settings. If you block strictly necessary cookies, parts of the Service may not function. Where required by law, we present a cookie banner allowing you to consent to or reject non-essential cookies.
9. Your rights and choices
Depending on where you live, you may have the following rights regarding your personal information. We honor verified requests as required by applicable law and do not discriminate against users who exercise their rights.
9.1 Residents of California (CCPA/CPRA)
You have the right to:
- Know — request the categories and specific pieces of personal information we have collected about you, the sources, purposes, and categories of third parties with whom we share it.
- Delete — request that we delete personal information we have collected, subject to certain exceptions (e.g., to complete a transaction, detect security incidents, comply with law).
- Correct — request that we correct inaccurate personal information.
- Opt out of sale or sharing — we do not sell personal information and do not share it for cross-context behavioral advertising; there is nothing to opt out of, but you have the right.
- Limit the use of sensitive personal information — to the extent we process sensitive personal information, you may direct us to limit its use to what is necessary to provide the Service.
- Non-discrimination — we will not discriminate against you for exercising any of these rights.
You may submit requests at privacy@cooplyhq.com or through any web form we make available. You may also designate an authorized agent to submit a request on your behalf; we will require written authorization and may require verification of your identity.
"Shine the Light" (California Civil Code §1798.83)
California residents may ask whether we have shared their personal information with third parties for those third parties' own direct-marketing purposes during the prior calendar year. CooplyHQ does not share personal information with third parties for their own direct-marketing purposes. The service providers we use to operate the Service (such as our payment processor, email provider, hosting provider, and identity provider) process personal information only under our instructions and only to deliver the Service; they are not permitted to use that information for their own direct marketing. If you have questions about this disclosure, email privacy@cooplyhq.com.
9.2 Residents of other U.S. states with comprehensive privacy laws
If you live in Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), or another state with a comprehensive privacy law that applies to your relationship with us, you have rights similar to those above, including the rights to access, correct (where required), delete, obtain a portable copy of your personal data, and opt out of targeted advertising, sale, or certain profiling (we do not engage in any of those activities). You may also appeal a denial of a request by replying to our decision at privacy@cooplyhq.com.
9.3 EEA, UK, and Switzerland (GDPR / UK GDPR)
You have the right to access, rectify, erase, restrict, and port your personal data, to object to processing based on our legitimate interests, and to withdraw consent where consent is the legal basis. You also have the right to lodge a complaint with your local data-protection supervisory authority.
9.4 How to exercise your rights
Email privacy@cooplyhq.com with enough information for us to verify your identity and locate your records. We will respond within the time required by applicable law (generally 45 days under U.S. state laws and one month under GDPR), and may extend that period when permitted by law.
10. Data retention
We retain personal information for as long as needed to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Specifically:
- Account records are retained while your account is active and for a reasonable period afterward to honor reactivation, billing reconciliation, and legal-hold needs.
- Billing records are retained as long as required by tax and accounting law (typically up to seven years).
- Support communications are retained for as long as needed to provide and improve support.
- Information about minors entered by a co-op is retained per the co-op's instructions; co-op administrators can delete such records at any time, and we will delete on request from the co-op or from a verified parent/guardian.
- Log data is retained for a limited period for security, debugging, and abuse-prevention purposes (typically 30–90 days for verbose logs).
When we no longer need personal information, we delete or de-identify it.
11. Data security
We use administrative, technical, and physical safeguards designed to protect personal information against loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (TLS), encryption at rest for credential and payment-token data, role-based access controls, audit logging, and routine review of our security posture.
No method of transmission over the internet or storage system is perfectly secure. If we become aware of a security incident that affects your personal information, we will notify you as required by applicable law.
12. International data transfers
CooplyHQ is operated from the United States and our subprocessors may process data in the United States and other countries. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States and other jurisdictions whose data-protection laws may differ from those of your country.
Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, supplemented as necessary.
13. Third-party services and links
The Service may contain links to third-party websites, services, or content that we do not control. Their privacy practices are governed by their own policies. Review them before using those services.
14. Changes to this Privacy Policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date at the top. If the changes are material, we will provide notice (for example, by email or by an in-product notice) before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.
15. Contact us
Questions, requests, or complaints about this Policy or our handling of your personal information:
CooplyHQ, LLCPO Box 4601, Milton, FL 32572
Email: privacy@cooplyhq.com
Governing law: this Policy is governed by the laws of the State of Florida, without regard to its conflict-of-laws principles, except where superseded by mandatory provisions of the data-protection law applicable to you.