Effective Date: May 26, 2026
This Privacy Policy describes how Circlio ("Company," "we," "us," or "our") collects, uses, discloses, and protects your information when you use our school network platform ("Service"). We are committed to protecting your privacy and handling your personal information responsibly.
contacts.readonly and contacts.other.readonly scopes. We retrieve email addresses and display names from your contacts and other contacts. No phone numbers, photos, or other personal details. This access is one-time per import; we do not store your Google access token or maintain ongoing access to your Google accountWhen you import contacts, some email addresses may belong to people who are not Circlio users. We use these email addresses solely to check whether the contact is an existing Circlio user and, at your request, to send a one-time platform invitation on your behalf. We do not create accounts or profiles for non-users, and we do not send marketing communications to imported contact email addresses. Non-users may opt out of future invitation emails by using any unsubscribe link we provide or by contacting our privacy team.
We do not knowingly collect: Social Security numbers, financial account numbers, government-issued identification numbers, health or medical information, biometric data, or precise geolocation data.
We use your information for the following purposes:
We do not use your personal information for automated decision-making or profiling that produces legal effects or similarly significant effects on you.
We do not use LinkedIn avatar photo information for employment, hiring, housing, lending, insurance, dating, background checks, automated eligibility decisions, or legal/significant automated profiling.
If you are located in the European Economic Area (EEA) or United Kingdom (UK), we process your personal data under the following lawful bases:
We do not sell your personal information. We may share your information in the following limited circumstances:
We share information when you explicitly consent or direct us to do so.
Content you post publicly (posts, comments, profile information you choose to make public) may be visible to other users of the Service. You control your profile visibility through your privacy settings.
We share information with third-party service providers who process data on our behalf and are contractually obligated to protect your information:
We may disclose information if we believe in good faith that disclosure is necessary to:
In the event of a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of the business assets. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.
We may share aggregated, de-identified information that cannot reasonably be used to identify you for research, analysis, or other purposes.
We implement technical and organizational measures designed to protect your information, including:
While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents.
Our Service integrates with third-party services that have their own privacy policies. We encourage you to review their policies:
We are not responsible for the privacy practices of third-party services. Our Service may also contain links to external websites that we do not control.
We retain your information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law:
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion, then retained for 90 days before permanent deletion |
| User content (posts, comments) | Until deleted by you or account deletion; removed from public view immediately, permanently deleted after 90-day retention period |
| Direct messages | Upon account deletion, message content is immediately replaced with a deletion notice; sender attribution is permanently removed after the 90-day retention period |
| Server logs | 90 days |
| Analytics data | 24 months (aggregated and de-identified) |
| Imported contacts | Until deleted by you or account deletion; permanently deleted after the 90-day account retention period. You may delete all imported contacts at any time through your account settings without deleting your account |
| LinkedIn avatar import preview data | Temporarily during the import flow. A profile photo you choose to save from LinkedIn is treated as account/profile data until you edit or delete it, or delete your account |
| Security logs | 12 months |
| Backup copies | Up to 30 days after source data deletion |
When you delete your account, we immediately remove your profile, content, and data from public view. However, we retain your data in our systems for a period of 90 days before permanent deletion. During this retention period:
After the 90-day retention period, your data is permanently and irreversibly deleted from our systems, including all associated records across our database. Backup copies may persist for up to an additional 30 days.
We may retain information longer if required by law (e.g., for tax, legal, or regulatory purposes) or to resolve disputes and enforce our agreements.
Regardless of your location, we provide all users with the following rights:
If you are in the EEA or UK, you may also have the right to: restrict or object to processing, withdraw consent, lodge a complaint with a supervisory authority, and request erasure under applicable law. Contact us at zhangj1@circlio.net to exercise these rights.
We will respond to verified requests within 30 days (or within the time frame required by applicable law). We will not discriminate against you for exercising any of these rights.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
In the preceding 12 months, we have collected the following categories of personal information: identifiers (name, email, username, IP address); internet activity (usage data, browsing history within our Service); geolocation data (approximate location from IP address); contact information you choose to import (email addresses only); profile photos you choose to import from connected services such as LinkedIn; and inferences drawn from the above categories.
To exercise your rights, email zhangj1@circlio.net with the subject line "CCPA Request." We will verify your identity before processing your request.
Residents of certain states (including Virginia, Colorado, Connecticut, Utah, Oregon, Texas, and others with comprehensive privacy laws) may have additional rights, including the right to access, correct, delete, and port their personal data, as well as the right to opt out of targeted advertising and profiling.
To exercise rights under your state's privacy law, contact us at zhangj1@circlio.net. If your request is denied, you may have the right to appeal. We will provide instructions for appeal in our response.
Your information may be transferred to and processed in the United States and other countries where our service providers operate. These countries may have different data protection laws than your country of residence.
When we transfer personal data internationally, we implement appropriate safeguards, including standard contractual clauses approved by relevant authorities, to ensure your information receives an adequate level of protection.
Our Service is intended for adults who are at least 18 years old. Circlio is not directed to children under 13, and we do not knowingly collect personal information from children under 13.
We also do not permit anyone under 18 to create an account or use Circlio. If you are a parent or guardian and believe someone under 18 has provided us personal information, please contact us immediately at zhangj1@circlio.net.
If we discover we have collected personal information from a child under 13 or from a user who is not eligible to use the Service, we will take appropriate steps to delete the information and terminate the associated account.
We do not knowingly sell or share the personal information of users under 16 years of age.
Circlio does not sell your personal information to third parties. We do not share your personal information with third parties for cross-context behavioral advertising purposes.
We honor Global Privacy Control (GPC) signals and Do Not Track (DNT) browser signals as valid opt-out requests where required by applicable law. When detected, these signals disable optional browser analytics in the current browser.
If you believe your information has been sold or shared in violation of this policy, contact us at zhangj1@circlio.net.
In the event of a data breach that affects your personal information, we will:
We may update this Privacy Policy from time to time. When we make changes, we will:
Your continued use of the Service after the effective date of any changes constitutes acceptance of the revised policy. If you do not agree with the changes, you should stop using the Service.
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
Privacy inquiries: zhangj1@circlio.net
General support: zhangj1@circlio.net
CCPA / state privacy requests: zhangj1@circlio.net (subject line: "Privacy Rights Request")
Entity status: Circlio is in pre-launch entity setup. Public legal pages use Circlio as the service operator name until final entity details are published.
Mailing address: Business mailing address pending publication before commercial launch.
We will respond to your inquiry within thirty (30) days or within the time frame required by applicable law. We may need to verify your identity before processing certain requests.