Privacy Policy and Data Protection Terms
NCLab (the “Service”) is operated by NCLab Inc. (the “Provider”, “we”, “us”). This document describes how we collect, use, disclose, store, and protect Personal Data, and includes additional terms applicable to institutional customers and educational records.
General Terms
For purposes of applicable data protection laws, including the EU General Data Protection Regulation (GDPR) where applicable, NCLab acts as a Controller when it determines the purposes and means of processing Personal Data (for example, for direct platform operations). NCLab acts as a Processor when it processes Personal Data on behalf of an institutional customer under a written agreement and documented instructions.
Personal Data That We Collect
We collect Personal Data when users register for and use the Service, contact us, respond to surveys, or interact with Service features. Personal Data may include without limitation name, email address, mailing address, account credentials, institutional identifiers, training participation data, and certification records.
We automatically collect technical and usage data such as Internet Protocol (IP) address, device and browser characteristics, session identifiers, usage statistics, and referral information through cookies and similar technologies.
If you register for training or subscription services, limited billing-related information may be collected. NCLab does not collect or store full credit card numbers or card security codes. All payment processing is handled by external payment processors.
We may receive Personal Data from institutional customers, workforce agencies, learning management systems, identity providers, payment processors, or other authorized integrations.
How We Use Personal Data
We use Personal Data to operate and improve the Service, including account management, authentication, delivery of educational content, assessment, credential issuance, progress tracking, customer support, and system security.
Personal Data is also used to comply with legal obligations, enforce our Terms of Use, prevent fraud or misuse, and protect the rights and safety of users, institutions, and NCLab.
Where permitted by applicable law and user preferences, we may communicate Service-related updates, training opportunities, or events. Aggregate and anonymized analytics may be used for research and service improvement.
Monitoring Usage of Resources
To ensure stability, security, and proper operation of the Service, we monitor technical metrics such as data storage volume, CPU usage, memory usage, bandwidth consumption, runtime behavior, and application module usage. This information is processed using statistical and operational methods for service provision, optimization, security, billing, authentication, support, and research.
Disclosure of Personal Data
We disclose Personal Data only as necessary to operate the Service, comply with legal obligations, enforce our Terms of Use, or protect against fraud, security threats, or harm.
We may share Personal Data with trusted service providers acting on our behalf, including hosting providers, infrastructure vendors, analytics providers, and payment processors. These providers are contractually obligated to protect Personal Data and use it only as necessary to provide services to NCLab.
If NCLab is involved in a merger, acquisition, reorganization, or sale of assets, Personal Data may be transferred as part of that transaction. Users will be notified before Personal Data becomes subject to a different privacy policy.
Accessing User Accounts
NCLab does not access user accounts except with explicit permission or when necessary to provide technical support, resolve issues, or meet contractual or legal obligations.
Email Communications
Email addresses are used for account access, password recovery, Service notifications, and essential training-related communications. Users may opt out of non-essential communications where permitted by law.
Cookies
Cookies are used to support authentication, session management, security, and Service functionality. Disabling cookies may limit access to the Service.
Data Storage and Security
NCLab uses third-party hosting and infrastructure providers to operate the Service. We implement reasonable administrative, technical, and organizational safeguards to protect Personal Data against unauthorized access, loss, misuse, or alteration.
Data Retention
NCLab retains Personal Data for as long as necessary to provide the Service and to comply with legal, contractual, audit, reporting, credential verification, and funding requirements.
Complete training and participation records are retained for a minimum of two (2) years after training completion. Longer retention periods may apply where required by institutional agreements, workforce funding programs (including WIOA), regulatory oversight, or audit obligations.
Your Rights Regarding Personal Data
Subject to applicable law, users may request access to, correction of, or deletion of Personal Data. Requests may be limited by legal, contractual, or regulatory retention requirements.
International Data Transfers
Personal Data may be processed in the United States or other jurisdictions where our service providers operate. Data is handled in accordance with this policy regardless of location.
Institutional Data Processing Addendum (DPA)
When NCLab processes Personal Data on behalf of an institutional customer, the institution acts as Data Controller and NCLab acts as Data Processor. NCLab processes Personal Data solely to provide contracted educational, training, assessment, credentialing, reporting, and support services, and only in accordance with the institution’s documented instructions and applicable law.
NCLab ensures that authorized personnel are bound by confidentiality obligations and that subprocessors are subject to appropriate data protection requirements. NCLab assists institutions, where reasonably possible, in responding to data subject requests and compliance obligations.
FERPA Addendum
When providing services to educational institutions subject to the Family Educational Rights and Privacy Act (FERPA), NCLab acts as a “school official” with a legitimate educational interest.
Education records are used solely to provide contracted services and remain under the control of the educational institution. NCLab does not claim ownership of education records and does not disclose them except as authorized by the institution, permitted by FERPA, or required by law.
NCLab maintains reasonable safeguards for education records and assists institutions with access, amendment, and retention obligations in accordance with FERPA.
Changes to This Policy
NCLab may update this policy from time to time. Material changes will be communicated by email or prominent notice at least three (3) days before taking effect.
Contact Us
Questions or requests regarding this policy may be directed to support@nclab.com.