Privacy Policy

Last updated:  May 14, 2020

Embark Corp (“Company,” “we,” “us”) is dedicated to ensuring data privacy and security for our users. We are fully committed to adhering to all global security and privacy frameworks governing the usage of our service by applicants and other types of users, including:

You agree to this Privacy Policy, in its entirety, when you access or use our Website ( or share personal information with us.  This Privacy Policy may not constitute your entire set of privacy rights, as these may vary from state to state. To be certain of your privacy rights, you may wish to contact the agency in your state that is charged with overseeing consumer privacy rights.  Note that third-party web sites will operate under their own privacy policy, and users must choose whether to accept those terms. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Embark is potentially liable. Embark’s liability under this agreement will be governed by the contract in place between Embark and the third party, and the event giving rise to the damage.

Our goal is to provide a useful service to you and your family on how to pay for college. We promise not to share or sell your data onto a host of random third parties behind the scenes – we don’t like getting email spam either! We have a joint marketing relationship with Sallie Mae bank, a trusted nationwide student loan lender, which offers private student loan options and other financial products. We may provide Sallie Mae Bank with any of the personal information that we collect reasonably necessary under the joint marketing agreement to allow them to offer you certain Sallie Mae Bank products.  We also don’t have any plans to market internal products or services to you but the language below lets us tell you if we do develop something we think you’d find helpful – for example, a free scholarship search engine service. 

  1. Information We Collect

  1. What you share with us

We collect information about you when you voluntarily provide us with information through school, fellowship, financial aid, or other Website forms. The information you may be requested to submit by our school and fellowship clients may include (but is not limited to): (1) Name, (2) Address, (3) Email Address, (4) Telephone Number, (5) Social Security Number [for US applicants], and (6) Date of Birth.  We also might receive information from your communications with us through our Website, email or telephone. Should you explicitly indicate interest in a third-party product or service featured on our site, we will track your interest in this service.

B. What is automatically collected

We, and third parties with whom we partner, may use cookies, web beacons, local shared objects, and similar technology (“Cookies”) to improve your user experience and the overall quality of our service. Cookies are small data files that may have unique identifiers, and reside, among other places, on your computer or mobile device, in emails we send to you, and on our web pages. Cookies may transmit information about you and your use of the Embark site, such as your browser type, preferences, data relating to advertisements that have been displayed to you or that you have clicked on, and the date and time of your use. Most importantly, cookies help us protect your account’s security. Cookies may be stored only during an individual session (“Session ID cookies”) or have long-term expiration dates (“persistent cookies”). Session ID cookies follow your activities on our site so that we can ensure that no one is making changes to your profile or applying for loans, and expire when you close your browser. Persistent cookies that remain on your hard drive for an extended period of time so that we can recognize you when you return to our Site. It may be possible to disable some Cookies through your device or browser settings, but doing so may affect your ability to use the Site. The method for disabling cookies may vary by device and browser, but can usually be found in preferences or security settings.

C. Information provided by a Third Party Provider

As a benefit to our users, we might integrate with third-party sites that provide information. For example, we currently email applicants a link to free comparison data about their colleges of interest sourced from the government’s College Scorecard site

2. Use of information

We may share some or all of the information we collect with affiliated organizations and companies and with third parties (i.e. non-affiliated companies).  Please find here a notice of the purposes for which this information could be shared, and your rights as it pertains to the sharing of data for each purpose.

Examples include sharing your data with the following:

  • the U.S. government for purposes of populating your FAFSA(®)

  • third-party service providers that can perform a service on your behalf, e.g. our support ticketing platform for tracking applicant questions and making sure we get back to you with a timely answer

  • third-party service providers where you have indicated an explicit interest in their services

  • third-party service providers as required by law, for example in response to a regulatory inquiry

    Note that third-party web sites will operate under their own privacy policy, and users must choose whether to accept those terms. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Embark is potentially liable. Embark’s liability under this agreement will be governed by the contract in place between Embark and the third party, and the event giving rise to the damage.

4. Security

Embark takes your security seriously. While perfect security on the Internet is impossible to promise, we maintain physical, electronic, and procedural safeguards to protect the information you provide to us. We restrict access to this information to employees with a need to know this information to provide you with the benefit, assistance or service you request or would like to obtain, and to those employees that need the information to do their jobs.

5. Minors

Embark responds responsibly to site visitors who are minors and its application generally target an older audience. We adhere to US federal and state laws regarding visitors under 18 years of age (COPPA).

6. Data Access, Correction, and Removal

      Individuals may access their data through the Embark portal using their unique login.  If your personally identifiable information changes, or if you no longer desire our service, you can correct, update, or delete the information you have provided to us by contacting us at

7. Embark’s California Consumer Privacy Notice – Important Privacy Choices for Consumers

This policy applies to California residents and supplements our Online Consumer Information Privacy Policy. This Addendum describes our privacy principles and practices and provides instructions on how to exercise your rights under the California Consumer Privacy Act (CCPA). These policies apply to our customers and visitors located in the United States. Since they may change, please visit this site from time to time to review the policies for updates. Different policies may apply to some of the products and services offered through the Embark site. You will find these different policies within the site or on other Internet sites linked to this site. If a different policy applies, we will highlight this for you. The other policies may vary from our policies listed above. These differences are required by the type of the products and services being offered and the laws that apply to them as well as our business arrangements with their providers. We urge you to read carefully these policies in addition to the ones listed above.


8. Embark Vermont and North Dakota Consumers

None of the above will be shared without your consent pursuant to Vermont and North Dakota state law. Vermont and North Dakota are “opt in” states; not “opt out” states. Non-public personal financial information may not be shared with others except as permitted by law unless the Vermont or North Dakota consumer specifically consents to the disclosure. In addition, Vermont and North Dakota law prohibits the sharing of credit reports and/or creditworthiness information with affiliates unless the consumer has consented to (“opted-in”) to such sharing.

9. Contact Us

This policy may be updated from time to time at the discretion of Embark. We will communicate those changes to you by posting them on this website.  If you have any questions or comments, please don’t hesitate to contact us directly at

In the event that Embark goes through a business transition, such as a merger, acquisition by another company, or sale or transfer of all or part of our assets, your personal data will likely be among the assets transferred. You will be notified promptly by email or by notice on our website of any such change of control of your personal information.

European GDPR and Privacy Shield Policies Addendum

Embark complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union members countries.  Embark has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit

In compliance with the Privacy Shield Principles, Embark commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Michael Turbe at:

Embark has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit for more information and to file a complaint.

Please note that if your complaint is not resolved through the aforementioned channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Embark is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).  Embark is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

GDPR Requirement

Embark Policy

The identity and the contact details of the controller and data protection officer (where applicable

Embark’s controller and data protection officer is Michael Turbé, Embark’s engineering lead, who can be reached at support at

The purposes of the processing for which the personal data are intended as well as the legal basis for the processing, including the legitimate interests pursued by the controller

Embark typically processes personal data of applicants (often students) on behalf of institutions for the purposes of allowing these institutions to recruit, accept applications, evaluate, and enroll applicants. See section above on “Purpose” for other categories of use.

The recipients or categories of recipients of the personal data, if any

Where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and how the transfer ensure adequacy of protection (i.e. which of the approved transfer mechanisms are used)

Embark uses Amazon’s global web hosting capabilities and personal data is currently stored in the United States.

The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period

The storage period will be determined based on how helpful past data is for the current admissions cycle – for example, some clients like to compare year over year data or allow applicants who are re-applying to reference prior years’ applications.

The existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability

Embark users may request through their institution the update or deletion of their personal data as well as an extract of the data they have provided.

Where the processing is based on consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

Embark users may request through their institution the withdrawal of their consent, which would result in the deletion of their data, including any application, recommendation or associated documents shared with Embark via the cited institution.

Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data

Each client institution of Embark will note which elements of data, personal or otherwise, are required components of their application or other forms.

The existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Each client institution of Embark will post on its own web site the eligibility requirements for its application, which may include age and other factors.