Data privacy, in plain language

• Student identity: first name (or display name), grade level, and an opaque Clever/ClassLink ID or email for authentication.
• Learning data: practice attempts, scores, timestamps, assessment results, reading levels.
• Engagement data: items earned, badges unlocked, session length.

We do not collect home address, phone number, date of birth, or biometric data. We do not use cookies for cross-site tracking.

• To place students at the right instructional level.
• To show teachers progress reports and class dashboards.
• To run the game (earn stars, unlock items, save progress).
• To diagnose bugs and improve the product in aggregate.

• Firebase (Google Cloud): student profiles, progress, assessment records. US data residency.
• Cloudflare Workers: Clever/ClassLink token exchange, TTS proxy. No student learning data stored.
• Vercel: static web app hosting. No student data stored.

• The student themselves.
• The student's teacher(s) and class admins.
• District admins (for districts with an active contract).
• Growing Standard staff — only when necessary for support, bug investigation, or roster reconciliation.

The district owns its students' data. On contract termination or written request, we will:

• Export student data in CSV/JSON format within 14 days.
• Delete all personally identifiable student data within 30 days of written request.
• Retain only anonymized, aggregated learning analytics (no PII).
• Purchase records (license entitlements) are retained permanently to support purchase restoration. These contain only the user identifier and entitlement flags — no learning data or PII.

Students with school-managed accounts cannot self-delete data while the school license is active. Deletion for these students is managed by the school administrator.

• Parents may request a copy of their child's data through the district, or directly by emailing privacy@potatoclass.com.
• Parents may request deletion of their child's data at any time.
• Districts contracting with Growing Standard assert school-official consent under FERPA; parental consent is handled via the district's existing consent process.

• Clever Universal Data Sharing Agreement — signed.
• Student Data Privacy Consortium (SDPC) National DPA — ready to sign on request.
• State-specific DPAs (CA, NY, CO, IL, TX, etc.) — ready to sign on request.
• District-specific DPAs — custom terms reviewed within two business days.

See the DPA details page for SLAs and standard redlines, or email privacy@potatoclass.com to start a review.

• TLS 1.2+ for all data in transit.
• AES-256 encryption at rest (Firebase + Cloudflare).
• SOC 2 Type II certified infrastructure (Google Cloud).
• Role-based access control for admin operations.
• No payment card or financial data is collected, processed, or stored by us.