LicenseWin Privacy Policy
Last updated: 2026-05-26
Operator: Golden Gate Realty and Finance Inc. ("GGRF" or "we"), a California stock corporation (CA SOS #B20250228310), holder of California DRE Corporate License #02361979, operating the LicenseWin educational platform.
Contact for privacy questions: [email protected]
Mailing address: 1900 S Norfolk St, Suite 350, San Mateo, CA 94403
---
1. Scope and Purpose
This Privacy Policy describes how GGRF collects, uses, shares, and retains personal information when you visit `https://licensewin.com` (the "SITE"), enroll in a course, or otherwise interact with LicenseWin. We are committed to handling your personal information in compliance with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act ("CCPA/CPRA"), and with an eye to the principles of the European Union General Data Protection Regulation ("GDPR") where applicable.
This policy applies to (a) prospective students browsing the SITE, (b) enrolled students, (c) graduates, and (d) any other person who provides personal information to us in connection with LicenseWin.
---
2. Categories of Personal Information We Collect
We collect the following categories of personal information.
2.1 Identifiers and Contact Information
- Full legal name
- Email address
- Mailing address
- Telephone number
- Date of birth (collected at enrollment to confirm 18+ eligibility)
- IP address, device identifiers, and browser type
2.2 Government Identification (Proctoring)
- Government-issued photo identification image (e.g., driver license, passport ID page) for final-exam identity verification
- A live photograph of the test taker at the time of the proctored final examination
2.3 Biometric Information (Proctoring)
- Facial-geometry data derived from the photo ID and the live test-taker photograph, used solely to confirm the identity of the test taker during the proctored final examination
- Audio and video session recordings during the proctored final examination
2.4 Payment Information
- Payment-method data (card brand, last four digits, expiration), tokenized and processed by our PCI-compliant payment processor; we do not store full card numbers on our systems
2.5 Course Activity and Education Records
- Course enrollment status, completion timestamps per lesson, quiz scores, final-exam score, certificate of completion records
- Communications between you and our instructor or support team
- Acknowledgments of required disclosures and acceptance of the Enrollment Agreement
2.6 Technical and Usage Data
- Pages visited, time on page, click events, scroll depth, referrer URL
- Cookies and similar technologies (see §9)
- Crash logs, error logs, and performance metrics
2.7 Sensitive Personal Information (as defined under CPRA)
We collect the following sensitive personal information:
- Government identification numbers (driver license number or passport number) for proctoring identity verification
- Biometric facial-geometry data (derived as described in §2.3) used solely to verify identity
We use sensitive personal information only for the purposes set out in §3 below and only to the extent necessary. We do not use it to infer characteristics about you.
---
3. How We Use Personal Information
We use personal information for the following purposes.
3.1 To provide the courses. Enrollment processing, granting LMS access, delivering video lessons, tracking your progress, administering quizzes and the final examination, issuing certificates of completion.
3.2 To verify identity. Confirming you are 18+ at enrollment; verifying your identity at the proctored final examination via your government photo ID and a live photograph or video session, using biometric matching performed by our third-party proctoring vendor.
3.3 To comply with law. Maintaining education records as required by California DRE regulations (currently five (5) years from completion or denial); responding to subpoenas, regulator requests, and lawful audit requests; reporting to BPPE in connection with our exempt-status filing.
3.4 To process payments and refunds. Charging tuition, processing refunds under our Refund Policy, preventing fraudulent charges.
3.5 To communicate with you. Sending enrollment confirmations, course updates, instructor responses, regulatory notices, refund notices, and (with your consent) optional marketing about new courses or career events.
3.6 To improve the platform. Analyzing aggregate usage patterns to improve lesson quality, fix bugs, and design better courses. Where possible, we use de-identified or aggregated data for these purposes.
3.7 To prevent abuse. Detecting and preventing fraudulent enrollments, credential sharing, examination cheating, and unauthorized access.
3.8 For optional career invitations. With your separate, opt-in consent only, sharing your contact information with GGRF's brokerage recruiting team so that they may invite you (post-graduation, on a strictly voluntary basis) to interview. You do not need to consent to this in order to take the course, and your enrollment, grades, and certificate are unaffected by your decision.
---
4. How We Share Personal Information
We do not sell your personal information for monetary consideration. We share it only with the following categories of recipients, and only as needed for the purposes set out above.
4.1 Service providers acting under written contracts that prohibit secondary use, including:
- Our payment processor (Stripe or equivalent) for payment processing
- Our LMS hosting and content delivery providers
- Our third-party proctoring vendor (e.g., Honorlock, ProctorU, Examity, or equivalent) for final-exam administration
- Our email and communications platform
- Our analytics and error-monitoring tools
- Our legal and accounting advisors
4.2 Government agencies and regulators when required by law, court order, or regulator request, including the California Department of Real Estate and the Bureau for Private Postsecondary Education.
4.3 In connection with a corporate transaction. If GGRF undergoes a merger, acquisition, or sale of all or substantially all of its assets, your personal information may be transferred to the successor, subject to this Privacy Policy (or a successor policy notified to you).
4.4 With your opt-in consent only, with GGRF's brokerage recruiting unit, for the limited purpose described in §3.8.
We do not share your personal information with advertising networks for cross-context behavioral advertising.
---
5. Retention
We retain personal information for the following periods.
| Category | Retention period |
|---|---|
| Course enrollment, completion, and certificate records | At least 5 years from course completion or withdrawal (DRE compliance); longer if required by regulator or pending dispute |
| Final-exam session recording and biometric verification record | 5 years from completion (DRE audit window), then deleted unless legal hold |
| Payment records | 7 years for tax and accounting purposes |
| Government photo ID image | Deleted within 90 days after successful identity verification, unless required for an ongoing audit or dispute |
| Marketing contact information (after opt-out) | Suppression list retained indefinitely to honor opt-out |
| Analytics / usage logs | 24 months |
| Customer support email correspondence | 5 years from last interaction |
After the applicable retention period, we delete or de-identify the data, unless a longer period is required by law or by an ongoing legal hold.
---
6. Your Privacy Rights
Under CCPA/CPRA (and analogous rights under GDPR where applicable), you have the following rights with respect to your personal information.
6.1 Right to know / access. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting, the categories of third parties to whom we have disclosed it, and (if applicable) the specific pieces of sensitive personal information we have collected.
6.2 Right to delete. You may request that we delete personal information we have collected from you, subject to legal exceptions (most notably the DRE record-retention requirement, which prevents us from deleting education records of enrolled students within the five-year window).
6.3 Right to correct. You may request that we correct inaccurate personal information about you.
6.4 Right to portability. You may request a copy of your personal information in a portable, readily usable format.
6.5 Right to limit use of sensitive personal information. You may request that we limit the use of your sensitive personal information to the purposes strictly necessary to perform the services or as otherwise permitted by law. We already do not use sensitive personal information for any purpose beyond identity verification, so this right is satisfied by default.
6.6 Right to opt out of "sale" or "sharing". We do not sell or share personal information for cross-context behavioral advertising. No action is needed.
6.7 Right to non-discrimination. We will not deny services, charge a different price, or provide a different quality of services if you exercise any of these rights.
6.8 How to exercise. To exercise any right, email `[email protected]` with the subject line "Privacy Request" and a description of your request. We will verify your identity (typically by confirming control of the email address on file) before responding. We respond within forty-five (45) days; we may extend by an additional forty-five (45) days where reasonably necessary, with notice to you.
6.9 Authorized agent. You may designate an authorized agent to submit a request on your behalf. We will require written authorization and identity verification.
6.10 Appeals. If we deny your request, you may appeal by emailing `[email protected]` with the subject line "Privacy Appeal." We will respond to appeals within sixty (60) days.
6.11 California "Shine the Light" law. We do not disclose personal information to third parties for their direct marketing purposes.
6.12 GDPR-style rights (where applicable). If you are in the European Economic Area, the United Kingdom, or another jurisdiction with comparable law, you also have (where applicable) the right to lodge a complaint with your supervisory authority and the right to withdraw consent where processing is based on consent.
---
7. Children
LicenseWin is intended for users who are eighteen (18) years of age or older. California real estate pre-license courses are not offered to minors. We do not knowingly collect personal information from anyone under eighteen, and we do not direct the SITE to children. The Children's Online Privacy Protection Act ("COPPA") does not apply because we do not knowingly collect information from children under thirteen. If we learn that we have inadvertently collected personal information from a person under eighteen, we will promptly delete it.
---
8. Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction, including encryption in transit (TLS), encryption at rest for sensitive identifiers, access controls on a least-privilege basis, role-based authentication, audit logging, and periodic vendor security reviews. No security measure is perfect, and we cannot guarantee absolute security.
In the event of a personal-information security breach affecting California residents, we will notify affected individuals consistent with California Civil Code §1798.82.
---
9. Cookies, Analytics, and Tracking
The SITE uses first-party and third-party cookies and similar technologies for: (a) essential session management and authentication; (b) analytics (e.g., a privacy-respecting analytics tool to count visits and lesson completion); and (c) functional preferences (e.g., remembering your video-playback settings).
We do not use cookies for cross-context behavioral advertising. We honor the Global Privacy Control ("GPC") signal as a request to opt out of any "sale" or "sharing" of personal information; because we do not engage in those activities, the GPC signal simply confirms our existing practice.
You may manage cookies through your browser settings. Disabling essential cookies may prevent you from logging in or accessing course content.
---
10. International Transfers
We are based in the United States, and we process personal information in the United States. If you access the SITE from outside the United States, you understand and consent to the transfer of your personal information to the United States, where data-protection laws may differ from those in your home jurisdiction. Where required, we rely on lawful transfer mechanisms (such as Standard Contractual Clauses).
---
11. AI and Synthetic Media
Some LicenseWin video lessons use AI-rendered audio and/or video presentation of our instructor of record, Alan Wen. The AI rendering is generated from materials that Mr. Wen has licensed to GGRF for this purpose. We do not use student likenesses, voices, or images to train AI models, and we do not use student personal information to generate AI content. The proctoring vendor's biometric processing is used solely for one-to-one identity verification of the test taker and is not used to train any AI model.
---
12. Updates to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent version. Material changes will be communicated by email to enrolled students and by notice on the SITE at least seven (7) days before they take effect. Continued use of the SITE after the effective date constitutes acceptance of the updated policy.
---
13. Contact Us
For any privacy question, request, or concern, contact:
Privacy Team — LicenseWin / Golden Gate Realty and Finance Inc.
1900 S Norfolk St, Suite 350
San Mateo, CA 94403
Email: `[email protected]`
Phone: (650) 628-6628
You may also contact the California Attorney General's office or the California Privacy Protection Agency regarding your CCPA/CPRA rights.
---
*Document version 1.0 — drafted 2026-05-26.*