Effective: March 1, 2022

The CliffsNotes website(s), products, services and applications (the “Services”) are operated by LitCharts LLC (“LitCharts,” “we” and “us”), a Course Hero, Inc. company.

This Privacy Policy describes how we collect and use personal data about you through the use of our Services. We respect your privacy and are committed to protecting it through our compliance with this policy.

1. Introduction

This Privacy Policy describes the types of information we may collect from you or that you may provide when you use our Services and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect when you use our Services; in email, text, and other electronic messages between you and us; and when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by us offline or through any other means, including on any other website operated by LitCharts or any third party; or any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Services.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Please check this Privacy Policy periodically for updates.

2. Data Controller, Data Protection Officer, and Representative

Who is responsible for overseeing the personal data we collect and our data management practices?

LitCharts LLC is the data controller of your personal data. Individuals and data protection supervisory authorities in the EU and the UK may contact our data protection representatives according to Article 27 GDPR:

  • EU: DP-Dock GmbH, Attn: LitCharts, Ballindamm 39, 20095 Hamburg, Germany
  • UK: DP Data Protection Services UK Ltd., Attn: LitCharts, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom
  • www.dp-dock.com
  • litcharts@gdpr-rep.com

We may otherwise be contacted as set forth below in the Contact Information section of this Privacy Policy.

3. Children Under the Age of 16

We will remove any information about a child under the age of 16 if we become aware of it.

No one under age 16 may provide any information to, on, or through the Services. We do not knowingly collect personal data from children under 16. If you are under 16, do not use or provide any information on our Services or on or through any of their features, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal data from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us as set forth below in the Contact Information section of this Privacy Policy.

4. Information We Collect About You and How We Collect It

We collect different types of information about you, including information that may directly identify you, information that is about you but individually does not personally identify you, and information that we combine with our other users. This includes information that we collect directly from you or through automated collection technologies.


We collect several types of information from and about users of our Services. For all users of our Service, we collect information such as your internet connection, the equipment you use to access our Services and usage details.

If you subscribe to our Services, we collect your email address, birthday, postal code and country of residence. Furthermore, the following information will be collected directly by our payment processor, Stripe, if you are a paying subscriber: credit card or other payment information (including account number, expiration date, security code, and billing address).

We collect personal data:

  • Directly from you when you provide it to us.
  • Automatically as you navigate through the site. Information collected automatically is usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies;
  • From our payment processor, Stripe, if you are a paying subscriber to our Services.

Information You Provide to Us

The information we collect on or through our Services consists of:

  • information that you provide by filling in forms on our Services. This includes information provided at the time of registering to use our Services, subscribing to our Service, or requesting further services. We may also ask you for when you report a problem with our Services;
  • records and copies of your correspondence (including email addresses), if you contact us;
  • your responses to quizzes and surveys that we might ask you to complete for research purposes or as part of our Services to you;
  • details of transactions you carry out through our Services and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Services, which is collected directly by our payment processor, Stripe.

The personal data we collect from you is required to enter into a contract with you, for us to perform under the contract, and to provide you with our products and services. If you refuse to provide such personal data or request that we delete your personal information, then we may not be able to enter into the contract or fulfill our obligations to you under it. If you are a resident of the EEA or the UK, please also read the Lawful Basis for Processing your Personal Data section of this policy.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Services, we use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:

  • details of your visits to our Services, specifically traffic data, logs, referring/exit pages, date and time of your visit to the Services and their pages, error information (if any), clickstream data, and other communication data and the resources that you access and use on the Services.
  • information about your computer and internet connection, specifically your IP address, Internet Service Provider, operating system, and browser type.

The information we collect automatically may include personal data, or we may maintain it or associate it with personal data we collect in other ways or receive from third parties. It helps us to improve our Services and to deliver a better and more personalized service by enabling us to:

  • estimate our audience size and usage patterns;
  • store information about your preferences, allowing us to customize our Services according to your individual interests;
  • speed up your searches; and
  • recognize you when you return to our Services.

Details about the automated data collection technologies and the specific cookies we use can be found in our Cookie Policy.

5. Lawful Basis for Processing Your Personal Data

How the law allows us to process your personal data, including processing for our legitimate interests (when balanced against your rights and freedoms), to fulfill our obligations to you under a contract with you, and required by law, and with your consent.

If you are in the European Economic Area ("EEA") or the UK, the processing of your personal data is lawful only if it is permitted under the applicable data protection laws. We have a lawful basis for each of our processing activities (except when an exception applies as described below):

Consent. In certain cases, we will obtain your express consent prior to our collection and use of your personal data. You can always revoke your consent by contacting us as set forth in the Contact Information section of this policy.

Legitimate Interests. We will process your personal data as necessary for our legitimate interests. Our legitimate interests are balanced against your rights and freedoms and we do not process your personal data if your rights and freedoms outweigh our legitimate interests. Specifically, our legitimate interests are to: facilitate communication between you and us; detect and correct bugs and to improve our Services; safeguard our IT infrastructure and intellectual property; detect and prevent fraud and other crime; promote and market our business; check your credit and perform risk assessments; and enhance and develop our product and services.

To Fulfill Our Obligations to You under our Contract. We process your personal data in order to fulfill our obligations to you pursuant to our contract with you to deliver our goods and services to you. Specifically, we use your personal data to provide you with access to the Services (including our subscription service), each in accordance with our Terms of Service.

As Required by Law. We may also process your personal data when we are required or permitted to by law; to comply with government inspection, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.

6. Special Categories of Information

Do we process special categories of personal data, such as health information?

We do not ask you to provide, and we do not knowingly collect, any special categories of personal data from you.

7. Third-party Advertising

Who is our advertising partner and what tracking technologies do they use?

We show third-party advertising via Google AdSense. Google AdSense uses cookies to personalize the ads you see based on your browsing history and preferences. For more information about the advertising cookies on our Services, please see our Cookie Policy.

8. Automated Decision Making

Do we use your personal data with any automated decision making processes, such as using data to figure out your religion or sexual orientation?

No. We do not use your personal data with any automated decision making process.

9. How We Use Your Information

An explanation of what we do with the data we collect from you.

We use information that we collect about you or that you provide to us, including any personal data:

  • to present our Services and their contents to you;
  • to provide you with information, products, or services that you request from us;
  • to fulfill any other purpose for which you provide it;
  • to provide you with notices about your paid subscription account, including expiration and renewal notices;
  • to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
  • to notify you about changes to our Services;
  • in any other way we may describe when you provide the information; and for any other purpose with your express consent.

We may also use your information to send marketing emails about our Services, as provided for in the Cookie Choices and Marketing Emails section of this policy.

10. Disclosure of Your Information

We do not share, sell, or otherwise disclose your personal data for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal data that we collect or you provide as described in this policy:

  • to our subsidiaries and affiliates;
  • to contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them. Specifically, these entities provide IT and infrastructure support services (including analytics service providers), and payment processing services. Our payment processor’s privacy policy may be found here for Stripe;
  • to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of LitCharts assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by LitCharts about our users of our Services is among the assets transferred;
  • to third parties to market their products or services to you if you have consented. For more information, see the Cookie Choices and Marketing Emails section of this policy;
  • to fulfill the purpose for which you provide it;
  • for any other purpose disclosed by us when you provide the information; and
  • with your consent, if applicable.

We may also disclose your personal data:

  • to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • to enforce or apply our Terms of Service and other agreements, including for billing and collection purposes; and
  • if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of LitCharts, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Your options on cookies and marketing emails

For residents in the EEA and the UK, you have the choice to opt-in to the use of advertising and other non-essential cookies.

If you have subscribed to our Services, or if you submit your email to us for the purpose of receiving marketing messages, we will use your email to send you promotional messages about our Services. You may unsubscribe from future marketing email communications by clicking the unsubscribe link at the bottom of the email. This opt- out does not apply to messages from us as a result of a product purchase, product service experience, or other transactions. It also does not apply to transactional non-marketing emails required to provide our Services or communicate with you about your account.

For users in the EEA or the UK, if you expressly consent, we will use your email to promote third party products and services. If you wish to consent to such use, you can check the relevant box located on the form on which we collect your personal data or otherwise seek such consent. For users not in the EEA or the UK, you consent to receive such promotional offers from us by agreeing to our Terms of Service upon signing up for a free registered user account or paid subscription account.

12. Your Rights Regarding Your Information and Accessing and Correcting Your Information

Your options for accessing and updating the data we store about you, if you are a resident of the EEA or the UK.

If you are a resident of the EEA and UK, you have certain rights under applicable data protection laws, including the right to access and update your personal data, restrict how it is used, transfer certain personal data to another controller, withdraw your consent at any time (when consent is the basis for collection of your personal data), and the right to have us erase certain personal data about you. You also have the right to complain to a supervisory authority about our processing of your personal data.

Access and Update. You can review and change your personal data by logging into the Services and visiting your "My Account" page. You may also notify us through the Contact Information below of any changes or errors in any personal data we have about you to ensure that it is complete, accurate, and as current as possible. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

Restrictions. You have the right to restrict our processing of your personal data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your personal data is determined to be unlawful, or if we no longer need your personal data for processing, but we have retained it as permitted by law.

Portability.You have the right to request that we provide you a copy of, or access to, all or part of such personal data in structured, commonly used and machine-readable format. You also have the right to request that we transmit this personal data to another controller, when technically feasible.

Withdrawal of Consent. To the extent that our processing of your personal data is based on your consent, you may withdraw your consent at any time by contacting us as set forth in the Contact Information section of this policy. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your personal data.

Right to be Forgotten. You have the right to request that we delete all of your personal data. We cannot delete your personal data except by also deleting your user account. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your personal data as set forth in this policy. In addition, we cannot completely delete your personal data as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies.

Complaints. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly, as provided for in the Contact Information section of this policy, in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.

How You May Exercise Your Rights. You may exercise any of the above rights by contacting us as set forth in the Contact Information section of this policy. If you contact us to exercise any of the foregoing rights, we may ask you for additional information to verify your identity. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements.

13. Your California Privacy Rights

Under some circumstances, California law may provide you with the right to obtain a list of third parties (if any) that we provide your personal data to for their own direct marketing purposes.

California Civil Code Section 1798.83 (California’s "Shine the Light" law) permits users of our Services that are California residents and who provide personal data in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of personal data to third parties for their own direct marketing purposes. If applicable, this information would include the categories of personal data and the names and addresses of those businesses with which we shared your personal data with for the immediately prior calendar year (e.g. requests made in 2022 will receive information regarding such activities in 2021). You may request this information once per calendar year. To make such a request, please contact us at set forth in the Contact Information section of this policy.

Your Rights under the California Consumer Privacy Act

This section provides information in accordance with the California Consumer Privacy Act (“CCPA”) for California residents about how we handle certain personal data we have collected over the past 12 months.

If you are a California resident, you have the rights set forth in this section. Please see the Exercising Your Rights section of this policy for instructions on how to exercise these rights.

California Resident Rights under the CCPA Access/Right to Know.

You have the right to request certain information about our collection and use of your personal data over the past 12 months, including:

  • The categories of personal data that we have collected about you.
  • The categories of sources from which that personal data was collected.
  • The business or commercial purpose for collecting or selling your personal data.
  • The categories of third parties with whom we have shared your personal data.
  • The specific pieces of personal data that we have collected about you.

Deletion. You have the right to request that we delete the personal data that we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your personal information to provide you with the Services or complete a transaction or other action you have requested. Please see the Data Retention Periods section of this policy on our purposes for retaining limited personal information.

Right to Opt-Out; Sale of Your Personal Data. In some circumstances, you have the right to opt out of the sale of your personal data. Please note, however, that we do not sell your personal data and have not done so over the last 12 months.

Exercising Your Rights. To exercise the rights described above, you or your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected personal data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use personal data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request. Please see the Contact Information section of this policy for where to submit a Valid Request.

Authorized Agent. You may authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

Non-Discrimination. We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of personal data that we receive from you.

Below are the categories of third parties with whom we share your personal data that we collect and have collected over the past 12 months.
Category of Personal Information Personal Information We Collect Categories of Third Parties With Whom We Share this Personal Information
Profile or Contact Data
  • Email
  • Country
  • Postal code
  • Date of birth
  • Service Providers
Payment Data
(Collected directly by our Payment Processor)
  • Payment type (credit or debit)
  • Credit or debit card number (full number), CVV and expiration date
  • Postal code
  • Payment Processor Only (Stripe)
Commercial Data
  • Purchase history
  • Consumer profiles
  • Service Providers
Online Identifiers
  • Account name
  • Password
  • Service Providers
Device/IP Data
  • IP address
  • Type of device/operating system/browser used to access the Services
  • Service Providers
  • Analytics Providers
Web Analytics
  • Web page interactions
  • Non-identifiable request IDs
  • Advertising Partners
  • Analytics Partners
Demographic Data
  • Age/date of birth
  • Postal code
  • Service Providers
  • Payment Processor (zip code only)
Geolocation Data
  • IP-address-based location information
  • Service Provider
  • Payment Processor (zip code only)
Other Identifying Information that You Voluntarily Choose to Provide
  • Identifying information in emails or letters you send us
  • Service Providers

14. Data Security

Information transmitted over the Internet is not completely secure, but we do our best to protect your personal data.

You can help protect your personal data and other information by keeping your password to our websites confidential.

We have implemented measures designed to secure your personal data from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Services. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.

Data In Other Countries Outside the European Economic Area (EEA) and the UK

We may process your personal data outside of your home country, including to the United States. We only do this when we are legally permitted to do so and when we have appropriate safeguards in place to protect your personal data.

If you are a resident of the EEA or UK, in order to provide our Services to you, we may send and store your personal data outside of the EEA and UK, including to the United States. Accordingly, your personal data may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an adequate level of protection for your personal data.

Your personal data is transferred by us to another country only if it is required or permitted under applicable data protection law and provided that there are appropriate safeguards in place to protect your personal data. To ensure your personal data is treated in accordance with this Privacy Policy, we use Data Protection Agreements with all third party recipients of your data that include, where applicable, the Standard Contractual Clauses adopted by the European Commission (the "Standard Contractual Clauses"). The European Commission has determined that the transfer of personal data pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your personal data. Under these Standard Contractual Clauses, you have the same rights as if your data was not transferred to such a third party. You may request a copy of our Data Protection Agreement(s) by contacting us as set forth in the Contact Information section of this policy.

16. Data Retention Periods

How long we retain your personal data and why.

We will retain your personal data unless you delete your account via the Account Settings page. If you do not delete your account, we may retain your personal data:

  • for as long as necessary to comply with any legal requirement;
  • on our backup and disaster recovery systems in accordance with our backup and disaster recovery policies and procedures;
  • for as long as necessary to protect our legal interests or otherwise pursue our legal rights and remedies; and
  • for data that has been aggregated or otherwise rendered anonymous in such a manner that you are no longer identifiable, indefinitely.
  • If you choose to delete your account entirely, we may retain your data on our backup and disaster recovery systems but never for any period longer than one month following the date on which you deleted your account data.

17. Changes to Our Privacy Policy

When we post changes to our Privacy Policy and whether you will be notified.

We may change this Privacy Policy at any time. It is our policy to post any changes we make to our Privacy Policy on this page with a notice that the Privacy Policy has been updated on the Services’ home page or home screen. If we make substantial changes to how we treat our users’ personal data, we will notify you by email to the email address specified in your account. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Services and this Privacy Policy to check for any changes.

18. Contact Information

How to contact us with privacy-related questions or concerns.

If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy, have any requests related to your personal data pursuant to applicable laws, or otherwise need to contact us, you must contact us by postal mail or email with the Contact Information we provide below.

Contact Information for LitCharts LLC (Data Controller):

By postal mail:

P.O. Box 1162
Madison, NJ 07940

By email:

You can email at at privacy@cliffsnotes.com to submit your privacy-related questions or concerns.

Back to Top