Privacy Policy

Privacy Policy

Last update: April 7, 2026

I. Scope

The University of Michigan (“U-M,” “University”) recognizes and values the privacy of the university community members and its guests, and strives to be the leaders and best in the ways in which we manage your personal information. This value is reflected in Regent’s Bylaw Sec. 14.07. Privacy and Access to Information, which states in part:

“In collecting, utilizing, and releasing information about individuals associated with the university, the university will strive to protect individual privacy, to use information only for the purpose for which it was collected, and to inform individuals of the personal information about them that is being collected, used, or released.”

In principle, the University of Michigan strives to:

  • Collect, store, and use the minimum amount of personal information that is necessary for its legitimate business purposes, and to comply with legal obligations.
  • Take reasonable steps to ensure the personal information we manage is accurate and up-to-date.
  • Limit who has access to the personal information in our possession to only those who need it for a legitimate, specific purpose.
  • Protect personal information through appropriate physical and technical security measures tailored to the sensitivity of the personal data we hold.
  • Communicate with our students, faculty, employees, suppliers, partners, and others about how we use personal information in our day-to-day operations.
  • Provide opportunities to control your personal information, as permitted by applicable United States and other laws.
  • Integrate privacy in the design of our activities when that involves the use of personal data.
  • The University of Michigan’s Center for Academic Innovation (“CAI,” “we,” “our”) respects your privacy and is committed to protecting it. This Privacy Policy details the ways in which your personal data may be collected, secured, shared, and used when you interact with Sites, Software, and Michigan Online® Courses, as defined below (collectively, “Services”). When applicable, specific Services are listed by name or category to indicate where data processing activities are unique only to the Services named or described. By accessing or using our Services, you agree to the terms of this Privacy Statement.

Specifically, this Privacy Policy applies to:

  • Our websites (online.umich.edu, onlineteaching.umich.edu, and ai.umich.edu–collectively, “Sites”);
  • Software applications supported by CAI, including those found in the CAI Software Portfolio and those found on our Sites and hosted learning experiences that directly link out to this Privacy Policy (collectively, “Software”); and
  • Michigan Online Courses offered by U-M’s academic units and partners that are hosted by CAI on Michigan Online, an online learning experience portal and platform, at online.umich.edu (“MO Courses”).

This Privacy Policy does not, unless otherwise stated, apply to other U-M learning experiences that may be advertised on online.umich.edu or other U-M websites but are accessed through a third-party platform, such as Coursera or edX, or through a separate U-M platform maintained by a different U-M unit with its own privacy policies and terms of service. Please review the unique privacy policies maintained by these external platform providers for additional information, which are made available in website footers for each website linked above.

II. Sites and MO Courses

What Information We Collect

We collect personal information when you access our Sites and MO Courses in the following ways:

  • Through direct collection: When you directly provide it to us, such as when you sign up for a newsletter on one of our Sites or register for an MO Course.
  • Through automated processes: This includes information you provide us through technology, such as through a cookie placed on your browser when you visit our Sites or participate in MO Course activities.
  • From others: We may receive information from other organizations for legitimate, specific purposes, such as for bulk enrollment in an MO Course.

Our goal is to limit the information we collect to the information needed to focus on the needs and interests of our visitors, support our business operations, and improve the overall functionality of our Sites and MO Courses.

During a user’s visit to our Sites, we automatically collect and store certain information about the visit. Information collected includes:

  • The Internet domain from which a visitor accesses the website
  • The IP address assigned to the visitor’s computer
  • The type of browser the visitor is using
  • The date and time of visit
  • The address of the website from which the visitor has linked to our Sites

In addition, we may collect the following information from users that visit our Sites, including those hosting MO Courses, or through University of Michigan contracted-for third-party advertising and marketing providers (e.g., Google Analytics, Google Ads):

  • Content viewed during the visit
  • Date and time of visit
  • Amount of time spent on the website
  • Visitor location based on IP address
  • Demographic information

Our Sites as well as MO Courses may also provide opportunities for visitors to voluntarily provide personally identifiable information, such as their email address, name, telephone number or street address.

Recordings for certain MO Courses: 

As part of your participation in certain MO Courses, we may make and use photographic, audio, video, or other recordings (the “Recordings”) of you, your voice, and your likeness. Recordings may include work product and other materials, whether or not copyrighted by you or others, that you make available as part of your participation in online courses or programs at or through the University. 

Note that these Recordings may be necessary for your participation in MO Courses and may be used during and after your enrollment for purposes related to instruction, evaluation, classroom participation, conflict resolution and academic integrity, among other purposes consistent with the University’s academic mission. Recordings may also be shared with University officials and third parties acting on behalf of the University in connection with administration of online courses and programs. Additional Recording details (including ways to limit Recordings when applicable), are shared as part of individual MO Course materials, announcements, or presented as notices inside software or web applications used with MO Courses, such as web conferencing platforms leveraged during recorded class sessions. 

These Recordings will not be used for marketing, publicity, or promotional purposes, unless you explicitly consent separately.

Cookies

When you view our Sites, including those that host MO Courses, we may store some information on your computer in the form of a cookie. Cookies allow us to tailor our website to better match your interests and preferences. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience all features and content of our Sites.

Our Sites use the following types of cookies:

Google Analytics Cookies

Purpose: Google Analytics uses cookies to count visits and traffic sources in order to measure and improve the performance of our websites. See details about Google Analytics’ usage of cookies on websites and privacy policy.

The Google signals service, which is active as part of our Google Analytics account, captures aggregated data, including additional demographic and interest information through existing Google features and cookies, such as DoubleClick cookies (described below) and cross-device reports if visitors are signed in to their Google accounts with Ads Personalization turned on. Visitors to our Sites may later see targeted ads for our Services, across multiple devices, depending on their individual Google account settings.

Opt-out: Find out more about managing cookies through your browser. You can also opt out of Google’s ad personalization from Google Ads Settings

DoubleClick Cookies

Purpose: DoubleClick, which is run by Google, uses cookies to improve advertising. The cookies collect information specific to your browsing activity and keep it linked to your unique cookie ID. See DoubleClick’s cookie policy.

Opt-out: You can opt out of Google’s ad personalization from Google Ads Settings.

CrazyEgg Cookies

Purpose: CrazyEgg Cookies provide information on how visitors use our Sites. See here the Privacy Policy and the Cookie Policy of CrazyEgg.

Opt-out: Find out how to opt out here. This Site may also use a third-party click tracking analytics tool (such as Google Analytics and the Salesforce Marketing Cloud) to capture clickthrough statistics.

Because there is not yet a common understanding of how to interpret web browser-based “Do Not Track” (DNT) signals, CAI does not process or respond to DNT signals.

Social Media Plugins

Some of the pages on our website have embedded social media sharing buttons. When you interact with these buttons, social media platforms place cookies or other tracking technologies on your device. We do not have access to, or control of, any information collected through these buttons. The social media platforms are responsible for how they use your information. For specific information on how these platforms use cookies, see the cookie policies of X (formerly Twitter) , Facebook , Pinterest , LinkedIn , Instagram and YouTube.

How Your Information Is Used and Shared

When you do provide us with personal data, we may use that information to provide you with information about CAI news and events, as well as the things like:

  • Fulfilling Site or MO Course user requests (e.g., create login credentials, send marketing or promotional materials including emails, change newsletter preferences, etc.);
  • Responding to your requests for information;
  • Advertising, including by supporting personalized digital advertising efforts consistent with the Cookies section of this Privacy Policy and through directly contacting you about promotional offers as well as to share more information about new and existing MO Courses and other University of Michigan programs and services based on your website or email activity and/or selected interests but not based on MO Course performance or other in-course learner engagement data, which is not used for promotional purposes;
  • Tracking, measuring and analyzing your use of and activity relating to the Site or MO Course, and your engagement with CAI, the University of Michigan and their programs, services and activities, in order to enhance CAI’s and the University’s relationships with you;
  • Fulfilling a request for or to develop new products or services;
  • Contacting you if necessary in the course of processing or shipping an order for products or services;
  • Generating analytics that improve our Site layouts, content, product offerings and Services;
  • Making inferences and predictions about your potential areas of interest
  • Complying with legal requirements;
  • Compiling aggregate and statistical data to help in website design and to identify popular features;
  • Measuring site and MO Course activity to allow us to update our Services to better meet user wants and needs; and
  • Processing credit card information to properly bill your account(s) (when applicable)

We may also use MO Course data, including personal information, to:

  • Provide and administer the course or program in which you are participating, including evaluating your success in and engagement with the education offering;
  • Improve student interventions and outcomes;
  • Respond to your requests and communicate with you regarding current or future courses or programs;
  • Troubleshoot to support a user’s experience;
  • Conduct research (for example, in the areas of education and cognitive science) and analytics related to our education offerings;
  • Satisfy legal, regulatory and contractual obligations;
  • Use as source information to building learning analytics models to enhance teaching and learning at scale; and
  • Make improvements to MO Courses.

We may use personal information collected through Sites and MO Courses to enhance performance and user experience and for other legitimate educational interests. We may also share your personal information in limited circumstances, such as with University partners or external service providers that support business activities.

For MO Courses, we may share your personal information, including registration and performance data, with your employer or other third parties when the third party has registered you as a learner or included you on a group registration list. We may also share this personal information with third parties otherwise affiliated with you or the MO Courses you are enrolled in, such as when the third party is providing credentialing or evaluation services (e.g., a licensing agency or professional development organization) or has partnered with an academic unit in the development of the course. When applicable, additional information concerning information sharing with such third parties will be provided to you as part of course description or registration materials.

We may also share your personal information associated with any Service when required by law, or when we believe sharing will help to protect the safety, property, or rights of the University, members of the University community, and University guests. We will not sell or rent your personal information.

If we use your personal information to contact you for marketing purposes, we will provide you with a method allowing you to opt-out of future communication for advertising, sent by us via email. You can also contact us by emailing, writing, or calling using the contact information provided at the bottom of this Privacy Policy.

Finally, we may use an unaffiliated payment service to allow you to purchase a product or service offered through our Sites and MO Courses (Payment Service). If you wish to purchase a service or make a payment using a Payment Service, you will be directed to a Payment Service webpage. Any information you provide to a Payment Service is subject to the applicable Payment Service’s privacy policy rather than this Privacy Policy. We have no control over, and are not responsible for, any Payment Service’s use of information collected through any Payment Service.

III. Software

What Information We Collect

User-Provided Information – Wherever prior and separate registration is needed to use Software, we will collect and store the information you enter into our systems when you create an account on an applicable Software hosting site, which will generally be accessed via links provided through an organization’s Learning Management System (LMS). We will also collect and store information you provide when engaging with the Software or when contacting us for other purposes or through other methods, such as over email. Information you provide generally will include:

  • Your name, email address, user name, password and other registration information;
  • Information you provide us when you contact us for help;
  • Depending on the Software, transaction-related information, such as when you create or submit an assignment, make a grade prediction, submit or receive feedback on an assignment, create an announcement, or otherwise use features in Software that rely on user input; and
  • Information you enter into our system when using Software, such as contact information and project management information.

Automatically Collected Information – In addition, the Software may collect certain information automatically, such as the type of device you use, the IP address of your device, your operating system, the type of Internet browsers you use, location data or sites used to access/leave each page, and information about the way you use the Software, including your digital interactions with the Software and the date, time, and length of your visits. This information may be collected through the use of cookies and web beacons and is automatically stored in log files each time you visit our Sites and log into the Software. Cookies administered by the Center for Academic Innovation are used to identify a user across page loads during a session and are therefore necessary for an integrated user experience. Some of this automatically-collected data may be linked to user-provided information.

Information Provided by Others – We may receive information collected by other organizations that are using Software. Additionally, certain Software (specifically: Gallery, Write and Revise, Write and Annotate, and Recommender) can be easily integrated with third-party learning management systems and platforms using the Learning Tools Interoperability® (LTI) standard (collectively, “LTI Applications”). For LTI Applications, we may receive information collected by LMS providers through LTI-enabled transfers or from the organizations and LMS providers directly. For all Software, including LTI Applications, information provided by others may include all of the same categories listed in the “User-Provided Information” and “Automatically Collected Information” sections above. LTI-enabled transfers occur automatically when using the LTI Application through your LMS and include account information (username and/or email address connected to the account) linked to the LMS you are using to access the LTI Application. The automatic transfer of account information is necessary to provide a fully integrated and seamless user experience between the LMS and LTI Application.

The User-Provided Information, Automatically Collected Information, and Information Provided by Others described above shall be collectively referred to as “Software Data.”

How Your Information Is Used

We use Software Data collected through the Software to enhance the Software’s performance and user experience and for other legitimate educational interests or as required by law. We do not sell or rent your personal data.

We may use Software Data to:

  • Provide and administer the course or program in which you are participating, including evaluating your success in and engagement with the education offering;
  • Improve student interventions and outcomes;
  • Respond to your requests and communicate with you regarding current or future courses or programs;
  • Troubleshoot to support a user’s experience;
  • Conduct research (for example, in the areas of education and cognitive science) and analytics related to our education offerings;
  • Satisfy legal, regulatory and contractual obligations;
  • Use as source information to build learning analytics models to enhance teaching and learning at scale; or
  • Make improvements to the Software or other Services.

Additionally, we may use Software Data collected about learners enrolled in U-M learning experiences to send advertisements or other marketing materials via email about other programs, promotions or services to students enrolled in U-M courses and programs if they have requested or agreed to receive such information, or where we are otherwise permitted by local law to contact these learners for these purposes.

How Your Information Is Shared

We will only disclose your personal data to:

  • School officials (instructors and administrators) for them to conduct their educational responsibilities, including individuals who work for the LMS provider and, where applicable, at the organization offering the LMS experience;
  • Government officials, as required by law, such as to comply with a subpoena, or similar legal process or when we believe in good faith that disclosure is necessary to protect our rights (including in legal proceedings), protect your safety or the safety of others, investigate fraud, or respond to a government request; and
  • Trusted service providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.

IV. Data Storage, Security, and Retention

The University of Michigan recognizes the importance of maintaining the security of the information it collects and maintains. We maintain physical, electronic, and procedural safeguards to protect against the loss, misuse, or alteration of the information under our control.

Unless shared in a manner consistent with this Privacy Policy, all of your information is stored in CAI offices, on local servers managed by the University of Michigan, or on servers maintained by external cloud storage providers (e.g., Google, Dropbox, and Salesforce) that have agreed to implement data security protocols based on the appropriate University of Michigan data classification.

We limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our Services. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches. We maintain data we collect in ways that comply with the Family Education Rights and Privacy Act (FERPA) and U-M FERPA policies wherever applicable.

We will retain User-Provided Information for as long as you use the Software and for a reasonable time thereafter.

V. Your Consent

By using our Services you signify that you agree with the terms of our current Privacy Policy. If you do not agree with any terms in this Privacy Policy, please discontinue use.

VI. Opting-Out of Certain Activities

If you do not want us to contact you with marketing communications or other information regarding our products and services via email (or if you agreed to be contacted for such purposes at the time your personal information was collected by us but you no longer wish to be contacted or have your information used in such a way), you can let us know by following the unsubscribe instructions on any communications sent to you.

You can also unsubscribe at any time by emailing us at [email protected] and including the name of the Service(s) you are concerned with in your email.

Please note that if you have registered an account for an individual Service, including an MO Course or Software account, opting out of marketing messages will not result in your removal from all other (i.e., non-marketing) messages relating to those Services. We reserve the right to send you certain communications relating to your account, your registration, and your use of our Software and MO Courses, such as messages relating to account management, customer service, systems maintenance, and updates to terms of service and privacy policies. These transactional account messages will thus be unaffected if you choose to opt-out of marketing communications.

VII. Changes to this Statement

We may occasionally decide to change our Privacy Policy, especially as new features are added to our Services. We will indicate at the top of this Privacy Policy when it was last updated.

VIII. How to Contact Us

If you’d like us to access, update, correct, or delete your personal information associated with our Services, we can be reached via email at [email protected]. Please list the specific Service of concern in your email and we will respond in a reasonable time. Please note that some or all of the information we collect may be required in order for the Services to function properly, and we may be required to retain certain information by law.

Other ways to contact us are provided below.

Our postal address:

Center for Academic Innovation

317 Maynard Street

Ann Arbor, MI 48104

Telephone: (734) 764-7351.

IX. Special Notices

Persons Under the Age of 13 or Their Parents or Guardians

COPPA imposes legal and regulatory requirements on certain operators of websites or online services directed to children under 13 years of age, and on certain operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. The Federal Trade Commission, United States’ consumer protection agency, enforces COPPA, which spells out what operators of websites and online services that are subject to COPPA must do to protect the privacy and safety of children under the age of 13 online when COPPA applies. The University of Michigan, and the vendors with whom we work, sometimes collect data from children under the age of 13, or share such information with one another. The sharing and collection of such information is done in accordance with all applicable law, including COPPA to the extent it applies under the circumstances.

Persons Within the European Union

If you are located in the EU, then our processing of your personal information may fall under Regulation 2016/679 (the General Data Protection Regulation, or the “GDPR”).

In addition to the privacy information provided above, there is additional information specific to the EU legal framework below. Please also see our GDPR resources webpage for more information.

Legal basis for processing

Our processing activities of your personal information will rely on different lawful grounds depending on the circumstances. Generally speaking, we typically rely on the following lawful bases in order to process your personal information under the GDPR:

  • Necessity to enter or for the performance of a contract (ex: for online applications you submit; for the information provided when enrolling; for the payment information we process for tuition);
  • Necessity for our legitimate interests or those of third parties (our legitimate interest to maintain a community for alumni);
  • Consent (for the research projects you may participate in; for processing of special categories of personal data).

Your rights

U-M is committed to facilitating the exercise of the rights granted to you by EU data protection law in a timely manner.

In the context of our processing activities that are subject to the GDPR, you have the following rights regarding your personal information:

  • Access, correction and other requests – You have the right to obtain confirmation of whether we process your personal data, as well as the right to obtain information about the personal data we process about you. You also have a right to obtain a copy of this data. Additionally, and under certain circumstances, you may have the right to obtain erasure, correction, restriction and portability of your personal data.
  • Right to object – You have the right to object to receiving marketing materials from us by following the opt-out instructions in our marketing emails, as well as the right to object to any processing of your personal data based on your specific situation. In the latter case, we will assess your request and provide a reply in a timely manner, according to our legal obligations.
  • Right to withdrawal consent – For all the processing operations that are based on your consent, you have the right to withdraw your consent at any time, and we will stop those processing operations as allowable by law.

Please note that when you make requests based on these rights, if we are not certain of your identity, we may need to ask you for further personal information to be used only for the purposes of replying to your request.

Retention period: 

We strive to keep personal data in our records only as long as necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate interests and all applicable legal requirements.

Data transfers: 

When you interact with U-M, your personal information is transferred to the United States. The United States is not currently among the countries outside the European Union that have been deemed by the European Commission to have an adequate level of legal protections for personal information. To ensure the lawful transfers of personal information from the EU, U-M relies on the derogations laid out in Article 49 GDPR. In particular, we rely on your explicit consent for some of the transfers and on necessity for the performance of a contract or the implementation of pre-contractual measures taken at your request (for instance, for the transfer of personal data necessary for your application for admission). However, please be aware that we provide safeguards for the information transferred, as required by the GDPR itself and in accordance with this General Privacy Statement.

Concerns: 

If you have any concerns or questions about how your personal data is used, please contact us at [email protected]. We will promptly respond to your request and do our best to address your concern. However, if you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority, as granted by Article 77 of the GDPR. You also have the right to submit a complaint in the Member State of your residence, place of work or of an alleged infringement of the GDPR.