Classtime was built with protecting its users' data, especially students, in mind. Here the most important points (with more detailed explanations below):
- We do not sell any of your or your students data to external parties.
- All our connections between you and our servers are HTTPS/SSL-encrypted.
- Students do not have to register. We only collect their provided names and related metadata (such as browser version or IP address). Exception: if students use Google/Microsoft/Clever accounts to join a Session, we additionally collect their email address and name. However, we solely collect it for authentication purposes and we never contact students.
- We can remove all of your and your students data any time on request (please send us an email to firstname.lastname@example.org).
California Student Privacy Alliance by CETPA
Classtime is listed as an education organization who has signed the California Student Privacy Agreement, incl. Exhibit E. The California Student Data Privacy Agreement has been reviewed by several sets of legal and subject matter experts ranging from the Federal government, private attorneys, and educators working in the data privacy field both within the State of California and beyond.
Users of this document can know, with a high degree of confidence, that it meets both the requirements of Federal and California State law.
When you sign up as a teacher to use our Services, we require you to provide certain information, such as:
- email address,
- unique password for account security purposes,
- optional information at your sole discretion (e.g. when signing up through Facebook Authentication).
For students, no registration is required. The student only provides a name for identification, which can also be an anonymizing alias. Exception: if students use Google/Microsoft/Clever accounts to join a Session, we additionally collect their email address and name. However, we solely collect it for authentication purposes and we never contact students.
For both teachers and students, we collect meta and traffic data, such as (but not limited to):
- device information,
- geolocation information,
- web navigation data,
- internet protocol (IP) addresses,
- browser type,
- internet service provider (ISP),
- clickstream data,
- referring/exit pages,
- operating system,
- date/time stamp.
Sharing Data with Third Parties
Just like most modern websites, we share user data with trusted third parties to perform certain business-related functions, such as maintaining databases, sending email messages, offering and developing certain features of the Services, and maintenance and security. Examples are (but not limited to):
- Google Cloud Platform (database),
- Sendgrid (email notifications for teacher accounts),
- Intercom (customer support),
- Google (authentication),
- Microsoft (authentication),
- Clever (authentication),
- Auth0 (user registration and authentication).