Classtime was built with protecting its users' data, especially students, in mind. Here the most important points (with more detailed explanations below):
- Classtime is trusted by millions of educators and learners globally.
- We do not sell any of your or your students' data to external parties. Schools own their data, we secure it.
- All data is automatically secured with TLS encryption.
- Certified server and platform service providers.
- We are vetted by various data protection organizations (CSDA, Privatim, Educa).
- Students do not have to register. We only collect their provided names and related metadata (such as browser version or IP address). Exception: if students use Google/Microsoft/Clever/Email accounts to join a session, we additionally collect their email address and name. However, we solely collect it for authentication purposes.
We can remove all of your and your students' data any time on request (please send us an email to firstname.lastname@example.org).
California Student Privacy Alliance by CETPA
Classtime is listed as an educational organization that has signed the California Student Privacy Agreement, incl. Exhibit E. The California Student Data Privacy Agreement has been reviewed by several sets of legal and subject matter experts ranging from the federal government, private attorneys, and educators working in the data privacy field both within the State of California and beyond. Users of this document can know, with a high degree of confidence, that it meets both the requirements of federal and California State law.
When you sign up as a teacher to use our services, we require you to provide certain information, such as:
- Email address,
- Unique password for account security purposes,
- Optional information at your sole discretion (e.g. when signing up through Facebook Authentication).
For students, no registration is required. The student only provides a name for identification, which can also be an anonymizing alias.
There is one exception: if students use Google/Microsoft/Clever/Email accounts to join a session, we additionally collect their email address and name. However, we solely collect it for authentication purposes.
For both teachers and students, we collect meta and traffic data, such as (but not limited to):
- Device information
- Geolocation information
- Web navigation data
- Internet protocol (IP) addresses
- Browser type
- Internet service provider (ISP)
- Clickstream data
- Referring/exit pages
- Operating system
- Date/time stamps
Sharing Data with Third Parties
Just like most modern websites, we share user data with trusted third parties to perform certain business-related functions, such as maintaining databases, sending email messages, offering and developing certain features of the services, and maintenance and security. Examples are (but not limited to):
- Google Cloud Platform (database)
- Sendgrid (email notifications for teacher accounts)
- Intercom (customer support)
- Google (authentication)
- Microsoft (authentication)
- Clever (authentication)
- Auth0 (user registration and authentication)