ClassThought← Back to Home

Privacy Policy

Last Updated: July 16, 2026

1. Introduction

ClassThought ("ClassThought," "we," "us," or "our") is committed to protecting the privacy of our users, especially the students and educators who use our platform. This Privacy Policy describes how we collect, use, disclose, and protect information when you use the ClassThought platform, including the website at classthought.com, our mobile applications, and all related services (collectively, the "Service").

This Privacy Policy applies to all users of the Service, including teachers, school administrators, and other school personnel ("Teachers"), students ("Students"), and any other authorized users. By accessing or using the Service, you agree to the practices described in this Privacy Policy.

This Privacy Policy should be read together with our Terms of Service and our Sub-Processor List, which describes the third-party service providers we use to process user data.

2. Information We Collect

2.1 Information Provided by Teachers

When Teachers register for an account and use the Service, we may collect:

  • Name and email address
  • Password (managed and hashed by our authentication provider; we never store Teacher passwords in readable form)
  • School or Educational Institution affiliation
  • Profile information (such as profile photo and preferred language, if provided)
  • Class names, rosters, seating charts, and configurations
  • Assignments, documents, files, scanned pages, images, audio, and other educational content uploaded to the Service
  • Messages and communications sent through the Service
  • Optional linked sign-in identities (Google or Microsoft), if a Teacher chooses to connect one

2.2 Payment Information

If a Teacher or school purchases a paid subscription, payment is processed by Stripe, our payment processor. Stripe collects and processes payment card details directly; ClassThought never receives or stores full payment card numbers. We store only what we need to manage the subscription: Stripe customer and subscription identifiers, plan type, and subscription status. Students are never asked for, and cannot enter, payment information.

2.3 Information Provided by or About Students

Student accounts are created and managed by Teachers — Students cannot sign themselves up. When Teachers create Student accounts and Students use the Service, we may collect and store:

  • Student name (first name and, if provided by the Teacher, last name)
  • Username and a Teacher-managed classroom password (see Section 6.2 for how these credentials are stored)
  • Student work, assignments, submissions, and typed documents
  • Audio recordings, including reading fluency recordings and voice notes attached to student work
  • Annotations, drawings, whiteboard content, comments, and stickers on classroom materials
  • Messages, class discussion posts, and direct messages exchanged with the Teacher within the Service
  • Learning activity records, such as reading logs and Teacher notes on them, reading fluency scores, goals, badges, and reflections, math practice and math fluency results, and quiz results
  • Classroom management records, such as hall pass requests, approvals, and return times, seating chart placement, and participation records from classroom tools (for example, the random student picker)
  • Notification history and notification preferences
  • Presence data (online/offline status for real-time classroom features)

Student email addresses. We do not ask Students for an email address and Students never provide one. To make Student logins work with our authentication system, the Service automatically generates an internal placeholder address from the Student's username (for example, username@student.classthought.app). This placeholder is not a working mailbox and is never used to send email to Students.

2.4 Information Collected Automatically

When you use the Service, we automatically collect:

  • Device and browser information (browser type, operating system, device type, and screen dimensions)
  • Log and usage data (access times, pages viewed, referring page, and IP address)
  • Approximate location derived from IP address (country, region, and city level only — never precise GPS location)
  • Session information (for maintaining your login state, including on mobile devices)
  • Presence data (online/offline status for real-time classroom features)
  • Mobile push notification tokens, if you install our mobile app and enable notifications (see Section 4)

This usage information powers two analytics systems, both used solely to operate and improve the Service: our own first-party page-view analytics (stored in our database) and Vercel Web Analytics, a privacy-focused, cookie-free analytics service provided by our hosting provider. Student surfaces are excluded from both analytics systems — pages within the student dashboard, the student QR login surface, and any page viewed while a student is signed in on a device are not tracked by either system. Neither system is used for advertising, and we do not use any advertising or cross-site tracking technology. See Section 9 for details.

3. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage user accounts and subscriptions
  • Enable Teachers to create and manage classes, assignments, and student activities
  • Enable Students to access their classes, submit work, and participate in educational activities
  • Facilitate communication between Teachers and Students within the Service
  • Provide real-time classroom features such as student presence, collaboration, and classroom tools
  • Provide reading fluency assessment and scoring tools
  • Deliver notifications that users have enabled (in-app, browser, and mobile push)
  • Send service-related notices and communications to Teachers
  • Understand how the Service is used (page views and feature usage) so we can improve it
  • Monitor and maintain the security and integrity of the Service
  • Comply with legal obligations

We do not use Student Data for advertising, marketing, or any purpose other than providing and improving the educational Service.

4. Mobile App and Push Notifications

If you install the ClassThought mobile app and enable notifications, we store a push notification token for your device and your notification preferences. Notifications are delivered through the Apple Push Notification service (APNs) for iOS devices.

Notification content passes through Apple's notification service. Notification messages can include classroom context — for example, a student's first name and the type of activity ("submitted a reading log," "is requesting a hall pass"). This content is transmitted to Apple solely to deliver the notification to your device and appears on your device's lock screen and notification center according to your device settings.

You can disable notifications at any time in the app's notification settings or in your device's system settings. Notification preferences are controlled by each account owner: teachers control their own notifications, and notifications about a student are governed by the recipient's own settings.

5. How We Share Information

5.1 Within the Service. User Content may be shared with other authorized users within the same class or Educational Institution as part of the normal operation of the Service. For example, Teachers can view Student submissions, and Students can view assignments posted by their Teachers.

5.2 Service Providers (Sub-Processors). We share information with third-party service providers who help us operate the Service. We maintain a list of these providers — including what each one does and what categories of data it may process — on our Sub-Processor List page. In summary, they include:

  • Supabase — database, authentication, file storage, and real-time infrastructure (hosts all Service data);
  • Vercel — web hosting and privacy-focused web analytics;
  • Render — hosting for our document-conversion worker, which transiently converts uploaded Word documents into page previews (no file retention);
  • Stripe — payment processing for Teacher and school subscriptions;
  • Apple — mobile app distribution (App Store) and push notification delivery (APNs);
  • Resend — delivery of account emails to Teachers (password resets, confirmations, security notices);
  • Hostinger — email infrastructure for our administrative mailbox and communications with Teachers;
  • Google — optional integrations chosen by users: YouTube video playback, Google Drive file selection, Google sign-in, and translation of user-entered text in the translation tools;
  • Microsoft — Office document preview (Word, Excel, PowerPoint files are rendered by Microsoft's online viewer) and optional Microsoft sign-in; and
  • MyMemory and LibreTranslate — backup translation services used by the translation tools when needed.

These service providers process information only to provide their services to us. If we add, replace, or remove a sub-processor, we update the Sub-Processor List and its "Last Updated" date.

5.3 External Content and Integrations. Some features send limited data to third parties only when a user actively uses them: text typed into the translator or dictionary tools is sent to translation services to be translated; previewing an uploaded Office document sends the file to Microsoft's viewer for rendering; playing an embedded YouTube video connects the viewer's browser to YouTube (which applies its own privacy policy); and selecting a file from Google Drive connects to Google with the Teacher's permission. These flows are described in the Sub-Processor List.

5.4 Legal Requirements. We may disclose information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

5.5 Business Transfers. If ClassThought is involved in a merger, acquisition, or sale of all or a portion of its assets, we will notify users of any change in ownership or uses of personal information, as well as any choices users may have regarding their personal information.

5.6 No Sale of Data. We do not sell, rent, or trade any personal information or Student Data to third parties for their commercial purposes.

6. Data Security

6.1 Safeguards. We implement administrative, technical, and physical safeguards designed to protect against unauthorized access, alteration, disclosure, or destruction of personal information. These measures include:

  • Encryption of all data in transit using SSL/TLS;
  • Teacher passwords managed by our authentication provider using industry-standard hashing — they are never stored in readable form;
  • Row-level security policies in our database so users can only access data they are authorized to see;
  • Private, access-controlled file storage: student files, recordings, and uploads are served through short-lived signed links rather than public URLs;
  • CSRF protection on all data-modifying operations; and
  • Restricted access to personal information to those who need it to operate, develop, or improve the Service.

6.2 Student Classroom Credentials. Student accounts use simplified, Teacher-managed classroom credentials rather than personal passwords. By design, the managing Teacher can view and retrieve a Student's classroom password at any time — for example, to help a young student log in or to print classroom login cards. Unlike Teacher passwords, these classroom passwords are not one-way hashed because Teachers need to retrieve them for classroom management. They are protected by encryption in transit and by database access controls that limit them to the managing Teacher. Student classroom passwords should never be a password the Student uses anywhere else, and they protect access only to that Student's classroom space.

6.3 No Guarantee. No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. If we become aware of a breach affecting personal information, we will notify affected Educational Institutions and users consistent with applicable law.

7. Student Data and Children's Privacy

7.1 FERPA. When the Service is used by an Educational Institution, we process Student Data as a "school official" with a legitimate educational interest under the Family Educational Rights and Privacy Act ("FERPA"). The Educational Institution retains ownership and control of all Student Data. We use Student Data only to provide the Service and as directed by the Educational Institution. (FERPA does not have a government certification program; no vendor can be "FERPA certified." Instead, we describe our actual practices in this Policy and in our Sub-Processor List so schools can evaluate them.)

7.2 COPPA. We do not knowingly collect personal information from children under 13 without appropriate consent, consistent with the Children's Online Privacy Protection Act ("COPPA").

  • Students cannot create their own accounts — only Teachers can create Student accounts.
  • When the Service is used in a school setting, we rely on the Educational Institution to provide consent for the collection of student personal information as permitted under COPPA ("School Consent").
  • We collect from Students only the information needed to provide the classroom features their Teacher uses.
  • Student accounts do not require an email address, phone number, or any payment information.
  • We do not condition a Student's participation in any activity on the disclosure of more personal information than is reasonably necessary.

7.3 Parental Rights. Parents or legal guardians have the right to:

  • Review the personal information we have collected from their child;
  • Request that we delete their child's personal information; and
  • Refuse to permit further collection or use of their child's personal information.

To exercise these rights, parents should contact their child's Teacher or Educational Institution, or contact us directly at admin@classthought.com.

7.4 Student Data Protections. We maintain the following protections for Student Data:

  • We do not use Student Data for targeted advertising;
  • We do not create advertising profiles based on Student Data;
  • We do not sell Student Data;
  • We do not use Student Data for purposes other than providing and improving the educational Service; and
  • We do not disclose Student Data except as authorized by the Educational Institution, as required by law, or as described in this Privacy Policy.

8. Data Retention and Deletion

8.1 Retention. We retain personal information and User Content for as long as the account is active or as needed to provide the Service. Student Data is retained for as long as the Student's account is active and the Educational Institution maintains its use of the Service.

8.2 Deletion by Teachers. Teachers may delete Student accounts and associated data from their classes at any time. Teachers may also delete their own accounts and associated data through the account settings; account deletion removes the account's records and uploaded files from our systems.

8.3 Deletion by Request. Educational Institutions, Teachers, or parents may request deletion of Student Data by contacting us at admin@classthought.com. We will process deletion requests within a reasonable timeframe.

8.4 Inactive Accounts. We reserve the right to delete account data after a prolonged period of inactivity that reasonably suggests the account has been abandoned.

8.5 Backup Copies. Deleted data may persist in our infrastructure provider's backup copies for a limited period but is not available to other users and is removed as backups age out.

9. Cookies, Local Storage, and Analytics

We use cookies and similar browser storage technologies to operate the Service. Specifically:

  • Essential Cookies: Required for the Service to function, including authentication cookies that maintain Teacher login sessions.
  • Local Storage: Used to maintain login state and preferences on each device. Student sessions persist on the device (so young students don't have to log in every time class starts) until they expire or are signed out; each device session can be ended by logging out, and Teachers control Student credentials.
  • First-Party Analytics: We record page views in our own database — including the page visited, IP address, approximate location (country/region/city), browser and device type, screen size, and referring page — to understand usage and improve the Service.
  • Vercel Web Analytics: Our hosting provider's privacy-focused, cookie-free analytics, which reports aggregate page views and visit statistics.

Students are excluded from analytics. Both analytics systems are disabled on student surfaces: the student dashboard, the student QR login surface, and any page viewed while a student is signed in on a device are not tracked. Analytics apply to our public website and Teacher/administrative pages only. (Educational activity records — such as assignment submissions or reading scores — are classroom features described in Section 2.3, not analytics, and are unaffected.)

We do not use advertising cookies, and we do not track users across other websites. Analytics data is used only to operate and improve the Service — never for advertising or profiling. Embedded third-party content (such as a YouTube video a Teacher assigns) may set that provider's own cookies when played; see Section 5.3.

10. Third-Party Services and Links

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service. Our own third-party service providers are listed on the Sub-Processor List.

When Teachers include links to external content within assignments or class materials, they are solely responsible for verifying the appropriateness of such content.

11. State-Specific Privacy Rights

11.1 California Residents. If you are a California resident, you may have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"). However, Student Data processed under a school's direction is generally exempt from CCPA/CPRA. For non-student users, you may have the right to request access to, deletion of, or information about the personal information we collect. To exercise these rights, contact us at admin@classthought.com.

11.2 State Student Privacy Laws. We work with Educational Institutions to support their obligations under applicable state student data privacy laws. If your state has specific requirements regarding student data privacy, your Educational Institution is responsible for notifying us of such requirements, and we will work with the Institution to address them.

12. International Users

The Service is hosted and operated in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located. By using the Service, you consent to the transfer of your information to the United States. We will take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on the Service and updating the "Last Updated" date. For material changes that affect Student Data, we will provide prominent notice to Educational Institutions and Teachers. Changes to our third-party service providers are reflected on the Sub-Processor List with its own "Last Updated" date. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, requests, or objections regarding this Privacy Policy, your personal information, Student Data, or our service providers, please contact us at:

ClassThought

Email: admin@classthought.com

For requests related to Student Data, parents and Educational Institutions may also contact their child's Teacher directly, who can manage Student accounts and data through the Service.

← Back to Home
Sub-Processor ListTerms of Service →