Facebook Pixel

Privacy Policy

Privacy Policy

Last updated: August 19th, 2024

We reserve the right to modify this privacy statement with immediate effect.

Embark Corp (“Company,” “we,” “us”) is dedicated to ensuring data privacy and security for our users. We are fully committed to adhering to all global security and privacy frameworks governing the usage of our service by applicants and other types of users, including:

You agree to this Privacy Policy, in its entirety, when you access or use our Website (embark.com) or share personal information with us.

1. Information We Collect

A. What you share with us

We collect information about you when you voluntarily provide us with information through school, fellowship, financial aid, or other Website forms. The information you may be requested to submit by our school and fellowship clients may include (but is not limited to): (1) Name, (2) Address, (3) Email Address, (4) Telephone Number, (5) Social Security Number [for US applicants], and (6) Date of Birth.  We also might receive information from your communications with us through our Website, email or telephone. Should you explicitly indicate interest in a third-party product or service featured on our site, we will track your interest in this service.

B. What is automatically collected

For the purposes of improving our system performance, we may collect non-personally identifiable information such as your IP address (think of it as your address on the Internet so we can assess volume by country/region), cookies ( a small text file that Web sites can place on your hard drive to help remember your Username, as an example), computer settings (for example, what browser you are using), or analytics stats gathered by web tracking software.

C. Information provided by a Third Party Provider

As a benefit to our users, we integrate with third-party sites that provide information. An example would be an integration with Facebook so users can choose to log in via existing Facebook credentials instead of creating Embark credentials.

2. Use of information

We may share some or all of the information we collect, as described above, with affiliated organizations and companies and with third parties (i.e. non-affiliated companies).

Examples include sharing your data with the following:

  • the institution or organization to which you are applying
  • third-party service providers that can perform a service on your behalf, e.g. test score verification or our support ticketing platform for tracking applicant questions
  • third-party service providers where you have indicated an explicit interest in their services
  • third-party service providers as required by law, for example in response to a regulatory inquiry

Note that third-party web sites will operate under their own privacy policy, and users must choose whether to accept those terms.  In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-U.S. Data Privacy Framework program, Embark is potentially liable. Embark’s liability under this agreement will be governed by the contract in place between Embark and the third party, and the event giving rise to the damage.

3. Your Privacy Choices

Embark currently operates on a strict “opt-in” basis prior to sharing information with unaffiliated third parties not central to completing the application process. We consider this unlikely to change but, should we ever find a valid user benefit to shifting away from this model, we would provide the opportunity for users to “opt-out” via an unsubscribe link or contacting the support team.

4. Security

Embark takes your security seriously. While perfect security on the Internet is impossible to promise, we maintain physical, electronic, and procedural safeguards to protect the information you provide to us. We restrict access to this information to employees with a need to know this information to provide you with the benefit, assistance or service you request or would like to obtain, and to those employees that need the information to do their jobs.

5. Minors

Embark responds responsibly to site visitors who are minors and its application generally target an older audience. We adhere to US federal and state laws regarding visitors under 18 years of age (COPPA).

6. Data Access, Correction, and Removal

Individuals may access their data through the Embark portal using their unique login. If your personally identifiable information changes, or if you no longer desire our service, you can correct, update, or delete the information you have provided to us by contacting us at support at embark.com.

7. Contacting the Website

If you have any questions or comments, please don’t hesitate to contact us directly at privacypolicy@embark.com.


SMS Communications

Purpose of Processing

We may use your mobile phone number to send you important notifications, updates, and reminders related to your use of our services via SMS. This is to ensure you receive timely information that is pertinent to your interactions with our application.


Legal Basis for Processing
Our processing of your mobile phone number for SMS communications is based on your consent, which you provide when you opt-in to receive such messages. You may withdraw your consent at any time by following the opt-out instructions provided in our SMS messages or by contacting us directly.

Data Collected

We collect the following information related to SMS communications:

  • Mobile phone number
  • Message content
  • Delivery status and timestamps
  • Data Sharing and Transfers
We use third-party service providers to facilitate our SMS communications. These providers are contractually obligated to handle your personal data securely and in compliance with applicable data protection laws. We do not share your mobile phone number or SMS content with any other third parties for marketing purposes without your explicit consent.

Data Retention
We retain your mobile phone number and associated SMS communication data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Once the data is no longer needed, it will be securely deleted.

Your Rights
You have the right to:
  • Access the personal data we hold about you.
  • Rectify any inaccuracies in your personal data.
  • Request the deletion of your personal data.
  • Object to or restrict the processing of your personal data.
  • Withdraw your consent to receive SMS communications at any time.
To exercise any of these rights, please contact us at support@embark.com

Security Measures
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures are regularly reviewed and updated to ensure the ongoing security of your data.


European GDPR and EU-U.S DPF and UK Extension to the EU-U.S. DPF Addendums

Embark complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF) and the UK Extension to the EU-US DPF as set forth by the U.S. Department of Commerce. Embark has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the UK in reliance on the EU-U.S. DPF and the EU Extension to the EU-U.S. DPF, respectively.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-US Data Privacy Framework program’s Principles, Embark commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles.  European Union and UK individuals with DPF inquiries or complaints should first contact  Michael Turbe at: support@embark.com.

Embark has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers  for more information and to file a complaint. This service is provided free of charge to you.

If your  DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Embark is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).  Embark is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

GDPR Requirement

Embark Policy

The identity and the contact details of the controller and data protection officer (where applicable

Embark’s controller and data protection officer is Michael Turbé, Embark’s engineering lead, who can be reached at support@embark.com.

The purposes of the processing for which the personal data are intended as well as the legal basis for the processing, including the legitimate interests pursued by the controller

Embark’s typically processes personal data of applicants (often students) on behalf of institutions for the purposes of allowing these institutions to recruit, accept applications,
evaluate, and enroll applicants. See section above on “Use of Information” for other
categories of use.

The recipients or categories of recipients of the personal data, if any

Where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and how the transfer ensure adequacy of protection (i.e. which of the approved transfer mechanisms are used)

Embark uses Amazon’s global web hosting capabilities and personal data is currently stored in the United States.

The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period

The storage period will be determined based on how helpful past data is for the current admissions cycle – for example, some clients like to compare year over year data or allow applicants who are re-applying to reference prior years’ applications.

The existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability

Embark users may request through their institution the update or deletion of their personal data as well as an extract of the data they have provided.

Where the processing is based on consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal

Embark users may request through their institution the withdrawal of their consent, which would result in the deletion of their data, including any application, recommendation or associated documents shared with Embark via the cited institution.

Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data

Each client institution of Embark will note which elements of data, personal or otherwise, are required components of their application or other forms.

The existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Each client institution of Embark will post on its own web site the eligibility requirements for its application, which may include age and other factors.