PRIVACY POLICY
Effective Date: May 28, 2026
This Privacy Policy describes how T3 Advisory, LLC (“T3,” “we,” “our,” or “us”) collects, uses, discloses, and safeguards information through our websites, hosted software platforms, applications, communications, and related services (collectively, the “Services”).
T3 primarily provides consulting, advisory, analytics, and software-enabled services to colleges, universities, foundations, associations, and other higher education and education-adjacent organizations throughout the United States.
This Privacy Policy is intended to address U.S. privacy and data protection expectations commonly applicable to higher education institutions and their vendors, including transparency obligations relating to institutional procurement, FERPA-aware service delivery, vendor risk review, and applicable U.S. state privacy laws.
1. Scope of this Privacy Policy
This Privacy Policy applies to information collected when:
• You visit our website;
• You communicate with us by email, phone, forms, or other electronic means;
• Your institution engages us for consulting or software services;
• You use or access our hosted platforms or AI-enabled tools;
• You attend webinars, events, or demonstrations hosted by T3; or
• We otherwise interact with you in a professional or commercial context.
This Privacy Policy does not apply to:
• Information processed solely on behalf of a customer institution under a separate written agreement;
• Third-party websites, applications, or services not controlled by T3; or
• Information governed by separate contractual privacy terms, data processing agreements, or institutional addenda.
2. Information We Collect
Depending on how you interact with us, we may collect the following categories of information:
A. Contact and Professional Information
We may collect:
• Name;
• Institutional affiliation;
• Job title;
• Business email address (or whatever email you provide);
• Telephone number;
• Mailing address; and
• Other professional contact details.
B. Communications and Inquiry Information
We may collect information you provide when you:
• Submit forms;
• Request information;
• Schedule demonstrations;
• Participate in meetings or webinars;
• Contact support; or
• Communicate with us electronically or by telephone.
This may include message contents, attachments, support requests, survey responses, or meeting-related notes.
C. Account and Platform Information
If you access a T3-hosted platform or software service, we may collect:
• Username and account identifiers;
• Login and authentication information;
• Tenant or institutional affiliation;
• User preferences;
• Configuration settings; and
• Usage and interaction data associated with the Services.
D. Technical and Device Information
We may automatically collect certain technical information, including:
• IP address;
• Browser type and version;
• Device identifiers;
• Operating system;
• Access timestamps;
• Referral URLs;
• Session information; and
• Website usage analytics.
E. AI Interaction and Prompt Information
Some Services, including Canopy, may include AI-assisted features that generate recommendations, summaries, analyses, or other outputs based on prompts or contextual inputs. We may collect prompts, interactions, generated outputs, and related metadata necessary to:
• Provide the Services;
• Improve system performance;
• Maintain security;
• Troubleshoot issues; and
• Monitor misuse or abuse.
AI-generated outputs are probabilistic in nature and may contain inaccuracies or incomplete information. Users and institutions remain responsible for reviewing and validating outputs before relying on them for operational, academic, compliance, or administrative purposes.
F. Sensitive and Regulated Information
T3’s Services are generally designed to discourage and minimize the collection of sensitive or regulated personal information, including:
• Social Security numbers;
• Financial account information;
• Payment card data;
• Health information;
• Counseling records; and
• FERPA-protected education records.
Users and institutions should not submit such information unless expressly authorized in writing by T3 and governed by an appropriate written agreement or data processing addendum.
3. FERPA and Higher Education Data
T3 understands that many of our customers are institutions of higher education subject to the Family Educational Rights and Privacy Act (“FERPA”).
Unless expressly agreed otherwise in writing:
• T3 does not intend to receive, maintain, or process FERPA-protected education records;
• T3 is not acting as a “school official” for purposes of FERPA; and
• Customers are responsible for determining whether information submitted to the Services constitutes education records or other regulated data.
If an institution seeks to use the Services in a manner that would involve regulated student information or education records, the parties may negotiate an additional FERPA addendum, privacy agreement, or data processing agreement before such processing occurs.
4. How We Use Information
We may use collected information to:
• Provide and support our Services;
• Respond to inquiries and requests;
• Deliver consulting or advisory services;
• Authenticate users;
• Operate and maintain our platforms and services;
• Improve performance, functionality, and user experience;
• Detect security incidents or misuse;
• Conduct analytics and operational reporting;
• Communicate regarding products, updates, webinars, or events;
• Comply with legal obligations; and
• Enforce our agreements and policies.
We may also use aggregated or de-identified information for internal business, operational, research, benchmarking, or product improvement purposes.
5. Legal Bases for Processing
Where applicable under U.S. state privacy laws or other relevant regulations, we process information:
• With your consent;
• To perform contractual obligations;
• To comply with legal requirements;
• To protect legitimate business and security interests; or
• As otherwise permitted by applicable law.
6. Cookies and Analytics
We may use cookies, pixels, analytics tools, and similar technologies to:
• Understand website traffic and usage patterns;
• Improve website functionality;
• Maintain session integrity;
• Analyze engagement metrics; and
• Support security and operational monitoring.
Analytics providers may collect information directly from your browser or device. These technologies generally do not identify you personally unless you voluntarily provide identifying information through our Services.
Most browsers permit you to control cookies through browser settings. Disabling certain cookies may affect website functionality.
7. Disclosure of Information
We may disclose information:
• To service providers, vendors, and subprocessors supporting our operations;
• To cloud hosting and infrastructure providers;
• To analytics and communication providers;
• To professional advisors and auditors;
• In connection with mergers, acquisitions, financing, or corporate transactions; or
• When required by law, subpoena, court order, or governmental request.
Current or anticipated subprocessors supporting portions of our Services may include:
• Amazon Web Services (AWS) for cloud hosting and infrastructure; and
• Anthropic for AI model processing and related functionality.
We do not sell personal information in exchange for monetary compensation.
We also do not use personal information for cross-context behavioral advertising in a manner intended to constitute a “sale” or “sharing” under applicable U.S. state privacy laws.
8. Data Security
T3 maintains commercially reasonable administrative, technical, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction.
Security measures may include:
• Access controls;
• Authentication mechanisms;
• Encryption in transit where appropriate;
• Vendor management practices;
• Logging and monitoring;
• Role-based access restrictions; and
• Security review procedures.
No system or method of electronic transmission is completely secure, and we cannot guarantee absolute security.
9. Data Retention
We retain information for as long as reasonably necessary to:
• Provide Services;
• Fulfill contractual obligations;
• Maintain security and operational integrity;
• Resolve disputes;
• Enforce agreements; and
• Comply with legal obligations.
Following termination or expiration of applicable Services, information may be deleted in accordance with our retention practices unless longer retention is required by law or contract.
10. Your Privacy Rights
Depending on your state of residence and applicable law, you may have rights relating to your personal information, including:
• Access rights;
• Correction rights;
• Deletion rights;
• Rights to obtain a copy of information;
• Rights to appeal certain privacy decisions; and
• Rights to opt out of certain targeted advertising or profiling activities.
Because T3 primarily operates in the business-to-business and institutional context, some state privacy laws may not apply to all information processed by T3.
To submit a privacy-related request, contact us using the information below. We may take reasonable steps to verify your identity before responding to requests.
11. Public Institutions and Open Records
Certain higher education institutions and public entities may be subject to public records, freedom of information, procurement transparency, records retention, or similar laws.
Nothing in this Privacy Policy is intended to prevent institutions from complying with applicable legal disclosure obligations. T3 may seek confidential treatment where legally appropriate for proprietary or confidential information.
12. Children’s Privacy
Our Services are intended primarily for adults, higher education personnel, and institutional users. We do not knowingly collect personal information directly from children under 13 years of age through our public-facing website.
If we become aware that we have inadvertently collected personal information from a child under 13 without appropriate authorization, we will take reasonable steps to delete such information.
13. Third-Party Services and Links
Our Services may contain links to third-party websites, applications, or services not controlled by T3. We are not responsible for the privacy practices or content of such third parties.
Users should review the applicable privacy policies of those third-party services.
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect operational, legal, regulatory, or technological changes.
Updated versions will be posted at: https://www.t3advisory.com/privacy-policy
Changes become effective upon posting unless otherwise stated.
15. Contact Information
If you have questions regarding this Privacy Policy or our privacy practices, please contact us at: info@t3advisory.com