ClassroomAct

Privacy Policy

AI-Powered Student Attention Monitoring System

✓ COPPA Compliant ✓ FERPA Compliant ✓ SOC 2 Type II

Effective Date: March 25, 2026
Last Updated: March 25, 2026
Version: 2.0

📋 Table of Contents

1. Introduction
2. Who This Policy Covers
3. Information We Collect
4. How We Use Information
5. How We Share Information
6. Children's Privacy (COPPA)
7. Educational Records (FERPA)
8. Data Security
9. Data Retention
10. Your Rights
11. Third-Party Services
12. International Data Transfers
13. Changes to This Policy
14. Contact Information

1. Introduction

Welcome to ClassroomAct ("we," "us," "our," or "ClassroomAct"). We are committed to protecting the privacy and security of all users, especially children and students, in our AI-powered student attention monitoring system.

This Privacy Policy explains how we collect, use, disclose, and safeguard information from:

Educators: Teachers, instructors, and school administrators
Students: Children and young people in educational settings
Parents/Guardians: Adults responsible for students
Visitors: Anyone who browses our website

✓ Compliance Commitments

This policy is designed to comply with:

COPPA (Children's Online Privacy Protection Act)
FERPA (Family Educational Rights and Privacy Act)
GDRP (General Data Protection Regulation) - where applicable
CCPA (California Consumer Privacy Act)
State Privacy Laws (Applicable state regulations)

2. Who This Policy Covers

This Privacy Policy applies to all individuals whose data we process:

Category	Description	Data Types
Educators	Teachers, instructors, administrators	Account, professional, usage
Students	Children and young people (K-12)	Educational, biometric, behavioral
Parents/Guardians	Adults responsible for students	Account, contact, consent
Corporate Users	Corporate trainers, HR professionals	Account, organizational
Website Visitors	General website users	Technical, analytics

3. Information We Collect

3.1 Information from Educators & Administrators

Personal Identification: Full name, email address, phone number
Professional Information: School/institution name, job title, teaching credentials
Account Credentials: Username, password (encrypted)
Payment Information: Billing address, payment method (processed securely)
Communication Preferences: Email preferences, notification settings

3.2 Information from Students (With Consent)

⚠️ Important: Student Data Collection

Student data is only collected with proper consent:

With parental consent for children under 13 (COPPA)
With parental consent for children 13-17
Through school consent programs (FERPA school exception)
Directly from adult students (18+)

Student Data We Collect:

Basic Information: Student name, grade level, class assignment
Profile Photo: For face recognition in Physical Classroom mode
Biometric Data: Facial geometry for recognition, gaze direction, expression patterns
Attention Metrics: Focus scores, engagement levels, time-on-task
Attendance Records: Presence/absence in monitoring sessions
Behavioral Patterns: Historical attention data for analytics

3.3 Information from Parents/Guardians

Full name and email address
Phone number for urgent contact
Relationship to student(s)
Consent records and preferences

3.4 Information We Do NOT Collect

                ✓ We Do NOT Collect:
                Social Security numbers (unless required for specific school compliance)
Financial account information (beyond basic payment processing)
Precise real-time geolocation of students
Biometric data beyond what's necessary for the service
Health or medical information
Content of student communications

            

5.5 How We Collect Information

Source	Type of Information	Method
Account Registration	Educator/parent information	Online forms, verification
Student Profiles	Student data	Admin/teacher creation, import
Monitoring Sessions	Biometric, attention data	AI analysis of video/input
Physical Classroom	Face recognition data	CCTV integration
Payment Processing	Billing information	Secure payment processor
Website Usage	Technical, analytics	Cookies, server logs

3.6 Cookies and Tracking

We use the following types of cookies:

Essential Cookies: Required for basic website functionality
Analytics Cookies: Help us understand how visitors use our site (anonymized)
Security Cookies: For authentication and fraud prevention

You can disable cookies in your browser settings, though some features may not work properly.

4. How We Use Information

We use collected information for the following purposes:

Purpose	Data Used	Legal Basis
Service Provision	All account and user data	Contract performance
Attention Monitoring	Student biometric, behavioral	Legitimate educational interest
Face Recognition	Student facial data	Explicit consent
Analytics & Reporting	Student, session data	Educational legitimate interest
Communication	Contact information	Consent, contract performance
Billing & Payments	Payment information	Contract performance
Security & Fraud Prevention	Technical, access data	Legitimate interest
Service Improvement	Aggregated, anonymized data	Legitimate interest
Legal Compliance	As required	Legal obligation

4.1 Primary Uses

Providing the Service: Operating and maintaining ClassroomAct
Student Monitoring: Analyzing attention and engagement during educational sessions
Face Recognition: Identifying students in Physical Classroom mode
Generating Reports: Creating analytics and reports for educators
Communicating: Sending account updates, notifications, and support
Billing: Processing subscription payments

4.2 How We Use Student Data Specifically

Student data is used solely for educational purposes:

To provide attention monitoring to their educators
To generate analytics that help teachers understand engagement
To enable face recognition in Physical Classroom settings
To track attendance patterns
To identify students who may need additional support

We NEVER use student data for: Advertising, marketing, selling, or any non-educational purpose.

5. How We Share Information

5.1 Information We MAY Share

Recipient	Information Shared	Purpose
School Officials	Student data within school	Educational administration
Teachers	Their students' data	Classroom monitoring
Parents	Their children's data	Progress updates (for older students)
Service Providers	Limited technical data	Hosting, maintenance, support
Legal Requirements	As required	Compliance with law

5.2 Information We Will NOT Share

                ✗ We Will NEVER:
                Sell students' personal information to anyone
Share students' information with advertisers
Use students' information for marketing
Share with third parties for their commercial purposes
Rent or trade personal information
Use biometric data for any purpose beyond the service

            

5.3 Service Providers

We use trusted third-party service providers who are contractually obligated to protect privacy:

Service	Provider	Data Handled
Cloud Hosting	[Provider]	All data storage
Payment Processing	[Provider]	Billing information only
Email Services	[Provider]	Contact information
Analytics	[Provider]	Anonymized usage data

5.4 Legal Disclosures

We may disclose information when required to:

Comply with a subpoena, court order, or legal process
Respond to government authority requests
Protect the rights, property, or safety of ClassroomAct, users, or others
Enforce our Terms of Service
Investigate or prevent fraud or security issues

6. Children's Privacy (COPPA)

ClassroomAct takes children's privacy seriously and is fully committed to COPPA compliance.

6.1 What is COPPA?

The Children's Online Privacy Protection Act (COPPA) is a U.S. federal law that applies to online services collecting information from children under 13. It requires:

Verifiable parental consent before collection
Limited data collection
Parent access and deletion rights
No use of children's data for marketing

6.2 Our COPPA Commitments

                ✓ Our COPPA Compliance
                We do NOT collect personal information from children under 13 without verifiable parental consent
We collect ONLY information necessary for the educational service
We do NOT use children's information for targeted advertising
We do NOT sell children's personal information
Parents can review, edit, or delete their child's information
We provide clear, plain-language privacy notices

            

6.3 Verifiable Parental Consent

Before collecting any information from children under 13, we require verifiable parental consent through one or more of these methods:

Method	Description	Verification Strength
Signed Consent Form	Print, sign, scan and return	Highest
Video Conference	Live call with ID verification	High
Credit Card	Small verification charge ($1)	Medium-High
Government ID	Parent provides ID copy	High
Medical/School Consent	Existing consent on file	High
Notarized Statement	Notarized parental consent	Highest

6.4 Information We Collect From Children

With proper parental consent, we collect:

Student Name: For identification and attendance tracking
Grade Level: For age-appropriate analytics and benchmarking
Profile Photo: For face recognition (Physical Classroom mode only)
Attention Data: Focus scores, engagement levels during sessions
Expression Patterns: General engagement indicators

6.5 Parental Rights Under COPPA

Parents have the right to:

Review: See the information we've collected about their child
Delete: Request deletion of their child's information
Refuse: Refuse further collection/use of their child's information
Limit: Limit how we share their child's information
Complain: File a complaint with the Federal Trade Commission

📧 Exercising Parental Rights

To exercise any COPPA rights, contact our dedicated COPPA team:

Email: coppa@classroomact.com

Response Time: Within 30 days

Verification: We may verify your identity before processing requests

6.6 School Consent Exception

Under COPPA, schools can consent on behalf of parents for educational purposes within the school context. When schools use ClassroomAct:

The school represents it has obtained parental consent for educational use
Schools must maintain records of such consent
Parents can contact the school to review or delete their child's information
We work with schools to ensure proper consent mechanisms are in place

7. Educational Records (FERPA)

ClassroomAct is designed to comply with the Family Educational Rights and Privacy Act (FERPA), which protects the privacy of student educational records.

7.1 What is FERPA?

FERPA is a U.S. federal law that gives parents certain rights regarding their children's educational records. These rights transfer to the student when they reach 18 years of age or attend a school beyond the high school level.

7.2 Our FERPA Commitments

                ✓ Our FERPA Compliance
                We treat all student information as educational records
We do NOT disclose student information without consent
We maintain comprehensive access logs (audit trails)
We provide parents/students access to records upon request
We help schools maintain FERPA compliance
We only use data for legitimate educational purposes

            

7.3 Student Rights Under FERPA

Parents and eligible students (18+) have the right to:

Inspect: Inspect and review the student's educational records within 45 days of a request
Request Amendment: Request correction of records believed to be inaccurate
Consent: Consent to disclosures of personally identifiable information
File Complaint: File complaints with the U.S. Department of Education

7.4 Disclosure of Educational Records

We may disclose student information WITHOUT consent to:

School Officials: Teachers and administrators with legitimate educational interest
Service Providers: Third parties providing services to the school (under contract)
Parents: Parents of dependent students (generally under 18)
Judicial Orders: In response to court orders or subpoenas
Health & Safety: In emergency situations to protect health/safety
State/Local Authorities: As required by state law

7.5 Directory Information

Schools may designate certain information as "directory information" that can be shared without consent. If your school designates student information as directory information:

We will follow the school's direction
You may opt out by contacting your school
Directory information typically includes: name, grade, class assignment

7.6 Data Sharing Agreements

📋 Requirements for Schools

Before deploying ClassroomAct, we require:

Signed Data Sharing Agreement (DSA)
Documentation of parental consent mechanisms
School's FERPA notification and annual consent forms
Security and compliance assessment
Designation of school data privacy official

7.7 Audit Trail & Accountability

We maintain comprehensive records demonstrating compliance:

Access Logs: Every access to student records is logged
Collection Records: Documentation of data collection consent
Disclosure Records: All sharing events are documented
Security Events: All security-related incidents are recorded
Retention Schedule: Clear data lifecycle management

These records are available for school review upon request and retained for 7 years.

8. Data Security

8.1 Security Measures

We implement comprehensive technical and organizational security measures:

Technical Safeguards

Encryption at Rest: AES-256 encryption for all stored data
Encryption in Transit: TLS 1.3 for all data transmission
Access Controls: Role-based access to limit data access to authorized personnel
Multi-Factor Authentication: Required for all administrator accounts
Network Security: Firewalls, intrusion detection, and DDoS protection
Regular Penetration Testing: Annual third-party security audits
Secure Development: Security-first development practices

Organizational Safeguards

Employee Training: Annual privacy and security training required
Background Checks: Background verification for employees with data access
Data Minimization: Collect only what's necessary
Need-to-Know Basis: Access granted only when required
Incident Response: Documented security incident procedures
Vendor Management: Third-party security assessments

8.2 Security Certifications

Our security practices are certified and regularly audited:

SOC 2 Type II Certification
Annual penetration testing by independent firms
FERPA compliance verification
COPPA safe harbor alignment

8.3 Data Breach Response

In the event of a data breach:

We will notify affected users within 72 hours
We will notify relevant authorities as required
We will provide breach details and remediation steps
We will work with law enforcement as needed

9. Data Retention

We retain data only as long as necessary for the purposes outlined in this policy:

Data Type	Retention Period	Deletion Method
Student Profiles	Duration of enrollment + 3 years	Automated upon expiry + manual request option
Attention Analytics	7 years (educational records requirement)	Automated archival, then secure deletion
Biometric Templates	Duration of enrollment	Automatic deletion when student removed
Session Recordings	30 days (or longer if requested)	Automatic deletion after retention period
Account Records	Until account deletion + 2 years	Manual or automated upon request
Payment Records	7 years (tax/legal compliance)	Legal retention requirement
Audit Logs	7 years	Automated deletion
Marketing Data	Until consent withdrawn	Automated upon opt-out

9.1 Data Deletion Requests

You may request deletion of your data at any time. Upon receiving a deletion request:

We will verify your identity
We will delete or anonymize your data within 30 days
Some data may be retained if required by law
Backup data will be deleted during normal cleanup cycles

10. Your Rights

10.1 General Rights

Depending on your location, you may have the following rights:

Access: Request a copy of all personal data we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal data
Portability: Request your data in a portable, machine-readable format
Objection: Object to certain processing activities
Withdrawal: Withdraw consent at any time (without affecting prior processing)
Restriction: Request limitation of processing in certain circumstances

10.2 Specific Rights by Role

For Parents:

Review your child's information
Have your child's information deleted
Stop further collection/use of your child's information
Opt out of certain data sharing
File a complaint with the FTC

For Educators:

Access student data in your classes
Export reports and analytics
Manage student profiles
Control data sharing settings

For Students (18+) and Adult Users:

All general rights listed above
Access to your educational records
Request correction of records

📧 How to Exercise Your Rights

To exercise any of these rights:

Email: privacy@classroomact.com

Subject Line: [Your Request Type] - [Your Name]

Response Time: Within 30 days

We may need to verify your identity before processing requests.

11. Third-Party Services

We use trusted third-party services to operate ClassroomAct:

Service Type	Provider	Purpose	Data Shared
Cloud Infrastructure	AWS / [Provider]	Data hosting and storage	All data
Payment Processing	Stripe / [Provider]	Subscription billing	Billing info only
Email Delivery	SendGrid / [Provider]	Communication delivery	Contact info
Analytics	Mixpanel / [Provider]	Usage analytics	Anonymized data
Video Conferencing	Zoom / [Provider]	Live consent verification	Video data only

All third parties are contractually required to maintain the same level of privacy protection as outlined in this policy.

12. International Data Transfers

If you are located outside the United States:

Our servers are located primarily in the United States
By using ClassroomAct, you consent to transfer of your data to the U.S.
We ensure appropriate safeguards for international transfers
We comply with applicable data transfer regulations

For data transferred from the EU/EEA, we use:

Standard Contractual Clauses approved by the EU Commission
Adequacy decisions where applicable
Additional security measures for cross-border transfers

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

We will post the updated policy on this page
We will update the "Last Updated" date
For material changes, we will notify you via email
Your continued use after changes constitutes acceptance

We will provide at least 30 days notice before any material changes to data collection or usage practices take effect.

14. Contact Information

📧 Contact Us

General Inquiries: info@classroomact.com

Privacy Concerns: privacy@classroomact.com

COPPA Questions: coppa@classroomact.com

Data Protection Officer: dpo@classroomact.com

Billing: billing@classroomact.com

Mailing Address:
Innovation and Research Network
[Your Address]
[City, State, Zip]

Filing Complaints

If you believe we have violated privacy laws, you have the right to:

COPPA Complaints: File with the Federal Trade Commission at ftc.gov/complaint
FERPA Complaints: File with the U.S. Department of Education at studentprivacy.ed.gov
State Attorney General: Contact your state's Attorney General
Direct Contact: Contact us first so we can address your concerns