Potato Class Privacy Policy

Effective Date: April 2026

Potato Class is operated by Growing Standard LLC (“we,” “our,” or “us”). We are committed to protecting the privacy of children and all users of our educational math and reading application. This policy describes what information we collect, how we use it, and the choices available to parents, guardians, and school administrators.

Information We Collect

Account Information

Users may sign in with Google, Apple, or Clever SSO to enable cloud sync and classroom features. When signed in, we receive only the name and email address (or Clever user ID + district ID + school ID) provided by the sign-in service. Users may also use the app anonymously without signing in — in anonymous mode, all data is stored locally in the browser and is not transmitted to any server.

Educational Progress Data

We collect information about a student’s learning activity, including grade level, math skills practiced, questions answered, accuracy rates, stars earned, and assessment results. Math assessment data includes per-domain proficiency across 4 math domains, math placement level (grade equivalent), per-domain grade-level placement, assessment response times (for rush detection), testing window history, and reliability metrics. Reading assessment data includes reading level (across Fountas & Pinnell, Lexile, DRA, and Grade Equivalent systems), per-skill reading proficiency across 16 skill areas, assessment response times, and testing window history. For signed-in users, this data is synced to our cloud database (Google Firebase Firestore) to enable cross-device access and classroom features. For anonymous users, this data is stored only in browser localStorage.

Reading Activity Data

We collect information about a student’s reading activity, including current book selection, library browsing history, and reading tool annotations (highlights and notes). For signed-in users, this data is synced to the cloud. For anonymous users, it remains in browser localStorage only.

Profile Customization

Users create a display name (max 20 characters), select a US state, and customize a potato character. Multiple profiles can be created under a single sign-in for family use, each with their own progress and character. Optional 4-digit PINs (stored as SHA-256 hashes) protect individual profiles. For signed-in users, this data is synced to the cloud. For anonymous users, it remains in browser localStorage only.

Language Preference

Users may select from 11 supported languages (English, Spanish, Chinese, Arabic, Vietnamese, Ukrainian, Portuguese, French, Hindi, Korean, Japanese). This preference is stored per profile to personalize the interface and voice-assistant language.

Information We Do NOT Collect

We do not collect precise geolocation, photos, contacts, browsing history, device identifiers for advertising, or biometric information. We do not use cookies or tracking pixels. We do not allow third-party advertising. Text input fields include automatic on-device filtering to prevent entry of email addresses, phone numbers, and other personally identifiable information.

How We Use Information

• To provide and personalize the educational experience across math and reading
• To track learning progress aligned with Virginia Standards of Learning (math) and the Science of Reading research framework (reading)
• To compute math placement levels and reading levels with estimated percentile rankings against preliminary grade-level norms
• To detect potential rushing behavior during math and reading assessments (using response time data) to ensure assessment validity
• To compute measurement quality metrics (split-half reliability, KR-21) for assessment validity reporting
• To enable classroom features where teachers can view student progress, math domain proficiency, reading levels, and growth data
• To generate age-appropriate text-to-speech audio for accessibility, using the device’s built-in speech synthesizer only (browser Web Speech API or iOS AVSpeechSynthesizer)
• To sync progress across devices when signed in
• To support multiple student profiles under a single family sign-in

Reading Assessment Data

Reading assessment data is collected up to three times per school year during designated testing windows (Fall, Winter, Spring). This data includes:

• Reading level results across four measurement systems (Fountas & Pinnell, Lexile, DRA, Grade Equivalent)
• Per-skill proficiency scores across 16 reading skill areas based on the Science of Reading Big Five framework
• Assessment response times (used solely for rush detection to ensure assessment validity — not for behavioral profiling)
• Growth data comparing results across testing windows

Teachers in classrooms can view their students’ reading assessment results, including rush detection indicators, and may initiate retakes of specific skill areas where rushing was detected. Reading tool annotations (highlights, notes) are stored per-profile and per-book, and are not shared externally.

Math Assessment Data

Math assessment data is collected up to three times per school year during designated testing windows (Fall, Winter, Spring). This data includes:

• Per-domain proficiency across 4 math domains (Number & Number Sense, Computation & Estimation, Measurement & Geometry, Probability & Statistics) with independent grade-level placement per domain
• Overall math placement level (grade equivalent) with estimated percentile ranking against preliminary norms
• Assessment response times (used solely for rush detection to ensure assessment validity — not for behavioral profiling)
• Measurement quality metrics (split-half reliability, KR-21 reliability estimate) computed per assessment
• Growth data comparing results across testing windows

Teachers in classrooms can view their students’ math assessment results, including per-domain proficiency levels and rush detection indicators.

Anonymized Assessment Analytics

When a student completes a math or reading assessment, an anonymized data record is stored in our database for the purpose of building empirical percentile norms. This record contains enrolled grade level, assessed level, per-domain scores, whether rushing was detected, and per-item correctness with pre-calibrated difficulty estimates.

This data contains no student names, email addresses, account identifiers, or any personally identifiable information. It cannot be linked back to any individual student. It is used solely to improve the accuracy of percentile rankings and assessment quality over time. The Firestore security rule on this collection permits authenticated writes only and denies all client reads— no student, teacher, or unauthenticated visitor can retrieve raw records.

Payment Information

Potato Class is free for everyone— there are no in-app purchases, no subscriptions, no paid tiers, and no advertising. No payment information of any kind (credit card, bank account, Apple Pay, Google Pay) is ever collected, processed, or accessible to us. We do not use Stripe, Apple In-App Purchase, or any other payment processor at runtime. All Stripe integration code and API secrets have been removed from the application, the backend Worker, and the hosting infrastructure’s secret store.

AI and Generative Services

Potato Class does not use runtime LLM or generative-AI services of any kind in the student-facing product.

• No chatbot, no conversational AI, no AI-generated content
• No student text, voice, image, or activity data is sent to any AI service
• The “AiPa” assistant character speaks pre-authored, developer-written text through the device’s built-in text-to-speech engine (Web Speech API on web, AVSpeechSynthesizer on iOS) — no cloud AI voice service is used
• All math questions are produced by deterministic in-code generators that ship with the app bundle
• All reading passages, hints, explanations, and AiPa dialogue are human-authored

This is a structural property of the application, not a policy setting. It can be verified by network inspection on any student device.

Third-Party Services

Google Firebase (Authentication + Firestore)

We use Firebase Authentication for sign-in (Google, Apple, and Clever) and Firestore for cloud data storage. Firebase is certified under SOC 1, SOC 2, and SOC 3. Data is encrypted in transit and at rest.

Cloudflare (Workers + DNS)

We use Cloudflare Workers as a secure proxy for SSO token exchange. The Worker rejects any non-HTTPS request. Cloudflare does not store request content beyond immediate processing.

Clever (Optional SSO + Rostering)

For districts that use Clever, we accept Clever SSO sign-in and receive only the Clever user ID, district ID, and school ID. Clever is used as an authentication provider only.

Vercel

The web app is hosted on Vercel for static file serving and CDN. Vercel serves application files and performs no user data processing. No analytics, tracking, or advertising services are used on either platform.

We do not sell, rent, or share personal information with any third party for marketing, advertising, or profiling purposes.

Children’s Privacy (COPPA Compliance)

Potato Class is designed for children in grades K through high school. We comply with the Children’s Online Privacy Protection Act (COPPA).

• We collect only the minimum information necessary for the educational service
• Schools may consent on behalf of parents for educational use, as permitted under COPPA
• We do not condition participation on disclosure of unnecessary personal information
• Parents may review, request deletion of, and refuse further collection of their child’s data
• We do not engage in behavioral or targeted advertising directed at children
• The “AiPa” voice assistant speaks only pre-authored, developer-written text. Speech is synthesized using the device’s built-in text-to-speech engine (browser Web Speech API on web, AVSpeechSynthesizer on iOS) — no cloud AI voice service is used and no student-generated text is sent to any external service.
• Text input fields include automatic on-device filtering to prevent entry of personally identifiable information.
• Profile PINs are stored as SHA-256 hashes — the actual PIN digits are never stored or transmitted.
• Math and reading assessment response times are used solely for academic integrity purposes (rush detection) and are not used for behavioral tracking or profiling.
• Anonymized assessment analytics contain no personally identifiable information and cannot be linked to individual students.
• The application collects no information regulated under COPPA when used anonymously. When signed in, the same educational data protections apply.

Data Security

• All data transmitted over HTTPS (TLS 1.2+)
• API keys stored server-side in encrypted secrets, never on device
• Firestore data encrypted at rest using AES-256
• Authentication via Google, Apple, and Clever OAuth 2.0 flows; Potato Class never sees or stores a password
• Profile PINs hashed with SHA-256 before storage
• Web app anonymous data stored in browser localStorage (domain-scoped, inaccessible to other sites); signed-in data stored in Firestore
• Reading assessment mid-test save data stored in the same secure profile storage and automatically cleared upon assessment completion
• Regular security practice reviews

Compliance & Certifications

Potato Class is built to meet the data privacy standards required by schools, districts, and families. We comply with or align to the following regulations and frameworks:

• COPPA(Children’s Online Privacy Protection Act) — We collect only the minimum data necessary for the educational service. No advertising, no tracking, no data sales. Parents retain full rights to review, delete, and control their child’s data. Schools may consent on behalf of parents for educational use.
• FERPA(Family Educational Rights and Privacy Act) — Student education records are protected. Parents and eligible students have the right to inspect, request correction of, and request deletion of educational records. Schools acting as the parent’s agent for COPPA consent are responsible for notifying parents. We will enter into data privacy agreements with schools upon request.
• Student Data Privacy Consortium— Our practices align with the Student Data Privacy Consortium principles: data minimization, purpose limitation, no secondary use, no advertising, transparent data practices, and providing data portability (export and deletion).
• SOC 1/2/3 Certified Infrastructure— Student data is stored in Google Firebase (Firestore), which holds SOC 1, SOC 2, and SOC 3 certifications. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

For data privacy agreements, compliance documentation, or district onboarding, contact privacy@potatoclass.com.

Data Retention and Deletion

Self-service deletion:Users can delete all their progress data directly from the app at any time via Settings → Data → “Delete All Progress Data.” This removes all progress, stars, accessories, and assessment data from the active account on both the device and cloud storage (if signed in). Deleted data is retained in a recovery state for 30 days, during which users can restore their progress via Settings → Data → “Restore Progress.” After 30 days, the data is permanently and irreversibly deleted from all systems.

Signed-in users: Educational progress data (including math progress, math assessment history, reading levels, reading assessment history, and reading tool annotations) is retained while the account is active. Anonymized assessment analytics (containing no PII) are retained indefinitely for norm development. Users or parents may also request deletion of all personal data by contacting us. Verified deletion requests are fulfilled within 30 days. Schools may request bulk deletion when students leave the district or when use of Potato Class ends.

School-managed accounts: Students whose accounts are provisioned through a school or district roster (e.g., via Clever) cannot self-delete their data while their school enrollment is active. Data deletion for these students is managed by the school administrator or teacher. This ensures district data integrity and compliance with school data-governance policies. After the school enrollment ends, standard self-service deletion is available.

Anonymous web users: All data is stored locally in the browser and can be cleared by the user at any time by clearing browser data or using the in-app delete option. No server-side data exists to delete for anonymous users.

Parental Rights (FERPA Compliance)

For students using Potato Class through a school, the school acts as the parent’s agent for consenting to data collection under COPPA. Parents retain all FERPA rights: to inspect and review educational records, request corrections, and request deletion. Contact your child’s school or contact us directly to exercise these rights.

Changes to This Policy

We may update this policy from time to time. Changes will be posted in the app and at potatoclass.com/privacy. Material changes to how we handle children’s data will include prominent notice and any required consent.

Contact Us

If you have questions about this policy or wish to exercise your data rights, contact:

Growing Standard LLC
Email: privacy@potatoclass.com
Website: potatoclass.com