Privacy Policy

We collect information necessary to provide our educational services effectively and securely. Information You Provide: • Account Information: Name, email address, school/district affiliation • Profile Information: Role (teacher, specialist, administrator), grade levels, subjects • Student Data: Names, grade levels, behavioral observations, IEP/504 information (no SSN or unnecessary PII) • Communication Data: Messages between team members, parent communications • Support Data: Customer service inquiries, feedback, training participation Information Collected Automatically: • Usage Data: Features used, frequency of use, performance metrics • Device Information: Browser type, operating system, device identifiers • Log Data: IP addresses, access times, pages viewed, system performance • Cookies: Session management, preferences, authentication tokens We do NOT collect: • Social Security Numbers • Financial information (handled by Stripe) • Medical records beyond behavioral observations • Biometric data • Unnecessary personal information about students

We use collected information solely to provide and improve our educational services. Primary Uses: • Service Delivery: Providing behavior tracking and analysis tools • Account Management: Authentication, authorization, and user support • Communication: Sending important updates, reports, and notifications • Analysis: Generating insights and recommendations for educators • Improvement: Enhancing features based on usage patterns • Support: Responding to inquiries and providing technical assistance AI and Analytics: • Behavioral pattern recognition to support interventions • Predictive analytics for early intervention • Aggregate trend analysis for educational insights • Personalized recommendations based on classroom needs We Never: • Sell student or user data • Use data for advertising • Share data with unauthorized third parties • Use student data for commercial purposes • Create profiles for non-educational purposes

We share information only as necessary to provide our services and protect users. Within Your Organization: • Team members you authorize can access shared student data • Administrators have oversight capabilities as configured • Parents receive reports only for their children Service Providers: • Cloud hosting (Amazon Web Services) - data storage • Payment processing (Stripe) - billing only • Email services (SendGrid) - communications • Analytics (internal only) - service improvement All service providers are: • Contractually bound to protect data • Limited to necessary access only • Prohibited from using data for other purposes • Required to maintain security standards Legal Requirements: We may disclose information when required by: • Court orders or subpoenas • Law enforcement requests with proper authority • Child protection requirements • Safety emergencies We will notify you of legal requests unless prohibited by law.

We implement comprehensive security measures to protect your data. Technical Safeguards: • Encryption in transit (TLS 1.3) and at rest (AES-256) • Secure authentication with optional two-factor authentication • Regular security audits and vulnerability assessments • Intrusion detection and prevention systems • Secure backup and disaster recovery procedures Administrative Safeguards: • Role-based access controls • Regular security training for staff • Strict data access policies • Incident response procedures • Vendor security assessments Physical Safeguards: • Data centers with 24/7 security • Biometric access controls • Environmental monitoring • Redundant power and cooling systems Security Incident Response: • Immediate investigation and containment • Notification within 72 hours when required • Detailed incident reports • Remediation and prevention measures

We are committed to protecting student privacy and maintaining FERPA compliance. FERPA Compliance: • We operate as a "school official" under FERPA • Data is used solely for legitimate educational interests • Access is limited to authorized personnel • Parents have rights to access their child's records COPPA Compliance: • We do not knowingly collect data from children under 13 • Student data is managed by educators, not students • No marketing or advertising to children • Parental consent obtained when required Student Rights: • Access to their educational records (through school) • Correction of inaccurate information • Control over disclosure of records • Deletion upon request (subject to retention requirements) Data Minimization: • We collect only necessary educational data • Regular review and deletion of unnecessary data • Clear retention policies • Secure disposal procedures

You have control over your personal information. Access Rights: • View all data we have about you • Download your data in standard formats • Review access logs and audit trails • See how your data is being used Control Rights: • Update or correct your information • Delete your account and associated data • Restrict processing of your data • Object to certain uses of your data • Opt-out of non-essential communications Data Portability: • Export your data at any time • Transfer to another service • Machine-readable formats available • Bulk export for institutions Communication Preferences: • Choose which notifications you receive • Opt-out of marketing communications • Set digest frequency for reports • Control alert thresholds To exercise these rights, contact: privacy@classroompulse.io

We retain data only as long as necessary for educational purposes and legal compliance. Active Accounts: • Data retained while account is active • Regular reviews for data minimization • Automatic cleanup of old temporary data Inactive Accounts: • Notification after 12 months of inactivity • Account suspension after 18 months • Data deletion after 24 months (with notice) Post-Termination: • 90-day grace period for data export • Immediate deletion upon request (where legally permitted) • Audit logs retained for 3 years • Aggregated/anonymized data may be retained Educational Records: • Compliance with state retention requirements • Typically 3-7 years for behavioral records • Permanent records transferred to institution • Clear documentation of retention policies Legal Holds: • Data preserved when litigation is anticipated • Notification to affected users when permitted • Release of hold when no longer required

Information for users outside the United States. Data Location: • Primary servers located in the United States • Data may be processed in the US • US privacy laws apply to data processing International Transfers: • Standard contractual clauses for EU data • Privacy Shield principles followed (where applicable) • Adequate safeguards for all transfers Your Rights (GDPR): • All rights listed in Section 6 • Data protection officer contact available • Right to lodge complaints with supervisory authority • Explicit consent for data processing Regional Compliance: • GDPR (European Union) • PIPEDA (Canada) • State privacy laws (California, Virginia, etc.) • Educational privacy laws worldwide

We use minimal cookies necessary for service functionality. Essential Cookies: • Authentication and security • Session management • User preferences • Load balancing We Do Not Use: • Third-party advertising cookies • Cross-site tracking • Social media pixels • Behavioral advertising Cookie Management: • Browser settings control cookie acceptance • Essential cookies required for service access • Clear cookie policy in browser banner • Regular cookie audit and cleanup Do Not Track: • We respect Do Not Track browser signals • No tracking across external websites • Limited to first-party functional cookies

We are committed to protecting children's privacy in educational settings. Our Approach: • No direct collection from children • Educators manage all student data • No student accounts or logins • Parents access through secure links Safeguards: • Age-appropriate privacy notices • Clear data handling procedures • Limited data collection • No behavioral advertising Parental Rights: • Access to child's educational records • Correction of inaccuracies • Deletion requests (subject to educational requirements) • Control over data sharing School Responsibilities: • Obtaining necessary consents • Managing parent communications • Ensuring appropriate use • Training staff on privacy

We may update this policy to reflect changes in our practices or legal requirements. Notification Process: • Email notice for material changes • In-app notifications • 30-day notice period for significant changes • Opportunity to export data before changes Types of Changes: • Minor: Clarifications, formatting (immediate) • Standard: New features, processes (30-day notice) • Material: Significant privacy impacts (explicit consent) Version History: • All versions archived and available • Clear change logs provided • Dated versions for reference • Rollback provisions for institutions Your Options: • Accept changes and continue service • Export data and terminate account • Request clarification on changes • Negotiate institutional agreements

We're committed to addressing your privacy concerns promptly. Privacy Team: Email: privacy@classroompulse.io Phone: (972) 439-5845 Mail: Privacy Team, Classroom Pulse, Dallas, TX 75201 Response Times: • General inquiries: 2-3 business days • Rights requests: Within 30 days • Security concerns: Within 24 hours • Urgent matters: Same business day Additional Resources: • Privacy portal: privacy.classroompulse.io • Documentation: docs.classroompulse.io/privacy • Training: Regular privacy webinars • Updates: privacy@classroompulse.io newsletter