Privacy Policy

4.1 Within the Service. User Content may be shared with other authorized users within the same class or Educational Institution as part of the normal operation of the Service. For example, Teachers can view Student submissions, and Students can view assignments posted by their Teachers.

4.2 Service Providers. We may share information with third-party service providers who assist us in operating the Service, including:

• Supabase: Our database and authentication provider, which hosts and processes data necessary for the operation of the Service;
• Vercel: Our hosting provider, which serves the Service to users; and
• Other service providers as needed to operate specific features of the Service.

These service providers are contractually obligated to use the information only to provide services to us and are prohibited from using it for their own purposes.

4.3 Legal Requirements. We may disclose information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

4.4 Business Transfers. If ClassThought is involved in a merger, acquisition, or sale of all or a portion of its assets, we will notify users of any change in ownership or uses of personal information, as well as any choices users may have regarding their personal information.

4.5 No Sale of Data. We do not sell, rent, or trade any personal information or Student Data to third parties for their commercial purposes.

5.1 FERPA. When the Service is used by an Educational Institution, we process Student Data as a "school official" with a legitimate educational interest under the Family Educational Rights and Privacy Act ("FERPA"). The Educational Institution retains ownership and control of all Student Data. We use Student Data only to provide the Service and as directed by the Educational Institution.

5.2 COPPA. ClassThought complies with the Children's Online Privacy Protection Act ("COPPA"). We do not knowingly collect personal information from children under 13 without appropriate consent.

• When the Service is used in a school setting, we rely on the Educational Institution to provide consent for the collection of student personal information as permitted under COPPA ("School Consent").
• We collect only the minimum personal information necessary to provide the Service.
• Student accounts do not require email addresses.
• We do not condition a Student's participation in any activity on the disclosure of more personal information than is reasonably necessary.

5.3 Parental Rights. Parents or legal guardians have the right to:

• Review the personal information we have collected from their child;
• Request that we delete their child's personal information; and
• Refuse to permit further collection or use of their child's personal information.

To exercise these rights, parents should contact their child's Teacher or Educational Institution, or contact us directly at admin@classthought.com.

5.4 Student Data Protections. We maintain the following protections for Student Data:

• We do not use Student Data for targeted advertising;
• We do not create advertising profiles based on Student Data;
• We do not sell Student Data;
• We do not use Student Data for purposes other than providing and improving the educational Service; and
• We do not disclose Student Data except as authorized by the Educational Institution, as required by law, or as described in this Privacy Policy.

We take the security of your information seriously and implement reasonable administrative, technical, and physical safeguards to protect against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using SSL/TLS;
• Encryption of passwords using industry-standard hashing algorithms;
• Row-level security policies in our database to ensure users can only access data they are authorized to see;
• CSRF protection on all data-modifying operations;
• Regular review of our data collection, storage, and processing practices; and
• Restricted access to personal information to employees and service providers who need it to operate, develop, or improve our Service.

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security.

7.1 Retention. We retain personal information and User Content for as long as the account is active or as needed to provide the Service. Student Data is retained for as long as the Student's account is active and the Educational Institution maintains its use of the Service.

7.2 Deletion by Teachers. Teachers may delete Student accounts and associated data from their classes at any time. Teachers may also delete their own accounts and associated data.

7.3 Deletion by Request. Educational Institutions, Teachers, or parents may request deletion of Student Data by contacting us at admin@classthought.com. We will process deletion requests within a reasonable timeframe.

7.4 Inactive Accounts. We reserve the right to delete account data after a prolonged period of inactivity that reasonably suggests the account has been abandoned.

7.5 Backup Copies. Deleted data may persist in backup copies for a reasonable period of time but will not be available to other users and will be permanently removed in accordance with our backup retention schedule.

We use cookies and similar technologies to operate and improve the Service. Specifically:

• Essential Cookies: Required for the Service to function, including authentication cookies that maintain your login session.
• Session Storage: Used for Student sessions to maintain login state during active use. Student session data is temporary and is automatically cleared when the browser is closed.

We do not use advertising or tracking cookies. We do not use cookies to track users across other websites.

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.

When Teachers include links to external content within assignments or class materials, they are solely responsible for verifying the appropriateness of such content.

10.1 California Residents. If you are a California resident, you may have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"). However, Student Data processed under a school's direction is generally exempt from CCPA/CPRA. For non-student users, you may have the right to request access to, deletion of, or information about the personal information we collect. To exercise these rights, contact us at admin@classthought.com.

10.2 State Student Privacy Laws. We comply with applicable state student data privacy laws. If your state has specific requirements regarding student data privacy, your Educational Institution is responsible for notifying us of such requirements. We will work with Educational Institutions to ensure compliance.