COPPA Compliance Statement

SafeClass Shield, Inc.
Children's Online Privacy Protection Act (COPPA) Compliance

Overview

SafeClass Shield, Inc. ("SafeClass Shield," "we," "us," or "Company") is committed to protecting the privacy of children under the age of 13 in compliance with the Children's Online Privacy Protection Act of 1998, as amended ("COPPA") (15 U.S.C. §§ 6501-6506; 16 CFR Part 312). This statement explains how we collect, use, and protect personal information from children under 13.

1. COPPA APPLICABILITY

1.1 Who is Subject to COPPA?

COPPA applies to operators of commercial websites or online services that are directed to children under 13, or that have actual knowledge they are collecting personal information from children under 13.

SafeClass Shield is a parental control and device monitoring platform designed for:

• Parents to monitor their children's online activity
• Schools to ensure digital safety and compliance for K-12 students

COPPA applies to SafeClass Shield because:

1. We knowingly collect personal information from children under 13
2. We operate an online service accessible to children (monitored devices)

1.2 COPPA Safe Harbor

SafeClass Shield participates in the [Future of Privacy Forum (FPF) Safe Harbor Program] (if applicable). [If not participating, remove this section or indicate intent to apply.]

2. PERSONAL INFORMATION COLLECTED FROM CHILDREN

2.1 Information Collected at Parent or School Direction

SafeClass Shield collects personal information from children only at the direction of a parent or school, not directly from the child. We collect:

Child Profile Information:

• First name (provided by parent/school)
• Age or grade level (provided by parent/school)
• Unique child identifier (generated by our system)

Device Activity Data:

• Websites visited (URLs, timestamps, duration)
• Applications used (app name, usage time)
• Search queries entered
• Screen time and device usage patterns
• Screenshots (if enabled by parent/school)
• Content blocking events (what was blocked and when)

Academic Data (when integrated with school systems):

• Google Classroom assignments and due dates
• Submission status and timestamps
• Course enrollment information

Communication Data:

• Parent-child chat messages (end-to-end encrypted)
• Approval requests (e.g., "Can I download this app?")

Technical Information:

• Device type and operating system
• IP address (anonymized after 90 days)
• Device identifiers (hashed)

2.2 Information NOT Collected

SafeClass Shield does NOT collect:

• Child's full name or surname (unless provided by parent/school)
• Physical address
• Email address (children do not have accounts)
• Phone number
• Social Security number
• Precise geolocation (GPS coordinates)
• Voice recordings or biometric identifiers
• Photos or videos uploaded by the child

2.3 Cookies and Tracking

SafeClass Shield uses cookies and similar tracking technologies only for:

• Essential Functions: Authentication, session management, security
• Analytics: Aggregated, non-identifiable usage statistics to improve the service

We do NOT use:

• Third-party advertising cookies
• Behavioral tracking for marketing purposes
• Social media pixels or beacons targeting children

Cookie Management:
Parents can manage cookie preferences in their account settings. Disabling non-essential cookies may limit certain features.

3. PARENTAL CONSENT REQUIREMENTS

3.1 Verifiable Parental Consent

Before collecting, using, or disclosing personal information from a child under 13, SafeClass Shield obtains verifiable parental consent from the child's parent or legal guardian.

Consent Verification Methods:

For Personal Accounts (Individual Parents):

• Credit Card Verification: Small authorization charge (e.g., $0.50), immediately refunded
• Government ID Upload: Parent uploads driver's license or passport; verified within 24 hours
• Video Conference: Scheduled call with parent to verify identity
• Signed Consent Form: Mailed or emailed consent form with follow-up phone verification

For School Accounts:

• SafeClass Shield relies on the school official consent exception under COPPA § 312.5(c)(3)
• Schools are responsible for obtaining any required parental consent
• Schools act as the parent's agent in authorizing collection and use of children's personal information for educational purposes

3.2 Scope of Parental Consent

Parental consent covers:

• Collection: Gathering child's personal information during device monitoring
• Use: Analyzing data to provide safety insights and reports to parents
• Disclosure: Sharing data with service providers necessary to operate the platform (e.g., cloud hosting)

Parents may grant consent for "internal use only" (no sharing with third parties except service providers) or for broader uses (if applicable).

3.3 Right to Revoke Consent

Parents may revoke consent at any time by:

• Logging into their account and deleting the child's profile
• Emailing coppa-requests@safeclassshield.com
• Calling 1-800-SAFEKID and requesting account deletion

Upon revocation:

• We stop collecting data from the child's device
• We delete the child's personal information within 30 days
• Parents have 30 days to export data before permanent deletion

4. NOTICE TO PARENTS

4.1 Direct Notice Before Consent

Before obtaining parental consent, SafeClass Shield provides parents with direct notice that includes:

What Information We Collect:

• Child's name, age, and grade level
• Device activity (websites, apps, screen time)
• Academic data (if school integrations are enabled)
• Parent-child communications

How We Use the Information:

• To provide device monitoring and safety reports
• To alert parents of inappropriate content or potential risks
• To generate usage analytics and insights
• To improve the service

Our Disclosure Practices:

• We do not sell or rent children's information
• We share data only with service providers necessary to operate the platform
• We do not use children's information for targeted advertising

Parental Rights:

• Right to review child's personal information
• Right to request deletion of child's information
• Right to refuse further collection or use
• Right to revoke consent at any time

Contact Information:

• Email: coppa-requests@safeclassshield.com
• Phone: 1-800-SAFEKID
• Website: https://safeclassshield.com/coppa

4.2 Privacy Policy

Our full Privacy Policy provides additional details on data practices. Key sections relevant to children's privacy:

• Section 3.2: Information Collected About Students
• Section 4.1: Permitted Uses of Student Data
• Section 9: Children's Privacy (COPPA Compliance)

5. SCHOOL OFFICIAL CONSENT EXCEPTION

5.1 When Schools Act as Parents' Agents

Under COPPA § 312.5(c)(3), schools may provide consent on behalf of parents when an online service is used for educational purposes. This exception applies when:

1. The service is used for educational or school-authorized purposes
2. The service is not used for commercial purposes (e.g., building profiles for marketing)
3. The school has authority to act as the parent's agent under applicable law

SafeClass Shield qualifies for this exception when contracted by schools for:

• Digital safety and compliance monitoring
• Cyberbullying and self-harm prevention
• Academic integrity monitoring
• Device management for school-issued devices

5.2 School Responsibilities

When a school authorizes SafeClass Shield under the school official consent exception, the school is responsible for:

• Providing annual notice to parents about third-party service providers
• Allowing parents to opt out of data collection (if permissible under school policy)
• Ensuring SafeClass Shield is used only for educational purposes
• Reviewing SafeClass Shield's privacy practices and security measures

SafeClass Shield provides schools with template notification language and parent FAQs to support these responsibilities.

5.3 Parents' Rights Still Apply

Even when schools provide consent, parents retain all COPPA rights, including:

• Right to review their child's information
• Right to request deletion (subject to school's record retention policies)
• Right to refuse further collection (by opting out at the school level)

Parents should contact their child's school to exercise these rights. Schools may direct SafeClass Shield to honor parent requests.

6. USE OF CHILDREN'S PERSONAL INFORMATION

6.1 Permitted Uses

SafeClass Shield uses children's personal information only for the purposes for which parental consent was obtained:

Primary Use - Safety Monitoring:

• Monitor device activity to detect inappropriate content
• Alert parents to potential cyberbullying, self-harm indicators, or dangerous contacts
• Enforce parental controls and screen time limits
• Generate usage reports and insights for parents

Secondary Use - Service Improvement:

• Aggregated, de-identified analytics to improve AI content filtering
• Research on digital safety trends (with IRB approval for published research)
• Product development and feature testing (using anonymized data)

We Do NOT Use Children's Information For:

• Targeted advertising or marketing
• Building behavioral profiles for non-safety purposes
• Selling or renting to third parties
• Cross-service tracking or data brokering

6.2 Conditional Access Prohibition

SafeClass Shield does not condition a child's participation in any activity on the child providing more personal information than is reasonably necessary for that activity (COPPA § 312.7).

• Children are not required to create accounts or log in (monitoring is passive)
• Parents/schools control what data is collected and how the service is used
• No "upsells" or premium features that require additional child data

7. DISCLOSURE OF CHILDREN'S PERSONAL INFORMATION

7.1 No Sale or Rental

SafeClass Shield does NOT sell, rent, or trade children's personal information to any third party. This prohibition includes:

• Data brokers
• Advertising networks
• Marketing platforms
• Other EdTech companies

7.2 Permitted Disclosures

SafeClass Shield discloses children's personal information only in the following circumstances:

To Parents and Authorized School Officials:

• Parents have full access to their child's data via the parent dashboard
• School officials with authorized access can view data for students under their supervision

To Service Providers: We share children's information with third-party service providers who perform functions on our behalf, subject to confidentiality agreements and COPPA compliance obligations:

• Amazon Web Services (AWS): Cloud hosting and database (COPPA-compliant)
• Google Cloud Platform: Google Classroom integration (COPPA-compliant)
• Stripe, Inc.: Payment processing (does not access child data)
• SendGrid: Transactional emails to parents (child data not included in emails)

All service providers:

• Use children's information only to provide services to SafeClass Shield
• May not disclose children's information to others
• Must implement reasonable security measures
• Must delete children's information when services are terminated

For Legal Compliance:

• To comply with court orders or lawful requests from government authorities
• To protect the safety of a child (e.g., reporting suspected abuse to authorities)
• To enforce our Terms of Service or protect our rights

With Parental Consent:

• We may disclose children's information for purposes not described above only with explicit parental consent

7.3 No Third-Party Ad Networks

SafeClass Shield does NOT allow third-party ad networks to collect personal information from children through our service for behavioral advertising purposes.

8. PARENTAL RIGHTS UNDER COPPA

8.1 Right to Review

Parents have the right to review their child's personal information collected by SafeClass Shield.

How to Exercise:

• Log into your parent account and view the child's profile and activity dashboard
• For a complete data export, email coppa-requests@safeclassshield.com
• We provide data in a readable format (CSV, JSON, or PDF) within 10 business days

8.2 Right to Delete

Parents have the right to request deletion of their child's personal information.

How to Exercise:

• Delete the child's profile from your parent account (immediate effect)
• Email coppa-requests@safeclassshield.com or call 1-800-SAFEKID
• We complete deletion within 30 days (see Section 9 for details)

Limitations:

• We may retain information to comply with legal obligations (e.g., pending litigation)
• De-identified, aggregated data may be retained for research purposes

8.3 Right to Refuse Further Collection

Parents have the right to refuse further collection or use of their child's information while still allowing the child's participation (to the extent feasible).

How to Exercise:

• Disable specific monitoring features in account settings (e.g., turn off screenshot capture)
• Downgrade to a lower monitoring level
• Pause monitoring temporarily

Note: Disabling key features may limit the effectiveness of the service.

8.4 Right to Revoke Consent

Parents may revoke consent at any time, terminating the service and triggering data deletion (see Section 3.3).

9. DATA RETENTION AND DELETION

9.1 Retention Period

SafeClass Shield retains children's personal information only as long as necessary to provide the service and fulfill the purposes for which parental consent was obtained.

Active Accounts:

• Data retained for the duration of the subscription
• Ongoing collection continues as long as monitoring is enabled

Terminated Accounts:

• After account termination or consent revocation, parents have 30 days to export data
• After 30 days, all personal information is permanently deleted

Exceptions:

• Legal obligations (e.g., litigation hold, subpoena)
• De-identified data (no longer personally identifiable under COPPA)

9.2 Secure Deletion

When children's information is deleted:

• Database records are cryptographically erased (encryption keys destroyed)
• Backups are automatically deleted within 90 days
• Log files are redacted of personally identifiable information

9.3 Automatic Deletion at Age 13

When a child turns 13, SafeClass Shield may continue to retain their information under the regular Privacy Policy (adult/teen privacy protections), not COPPA. Parents may opt to delete the child's data at this transition point.

10. DATA SECURITY FOR CHILDREN

10.1 Security Measures

SafeClass Shield implements robust technical, administrative, and physical safeguards to protect children's personal information:

Technical:

• AES-256 encryption at rest
• TLS 1.3 encryption in transit
• End-to-end encryption for parent-child chat
• Role-based access controls
• Multi-factor authentication for admin accounts

Administrative:

• Background checks for employees with access to children's data
• Annual COPPA training for all staff
• Confidentiality agreements
• Incident response procedures

Physical:

• Secure data centers with 24/7 monitoring
• Biometric access controls
• Redundant infrastructure for high availability

For full details, see our Data Security Policy.

10.2 Breach Notification

In the event of a data breach affecting children's information:

• Parents notified within 72 hours
• FTC notified if breach affects > 500 children (per FTC guidance)
• Free credit monitoring offered (if financial data exposed)
• Steps to mitigate harm provided

11. NO BEHAVIORAL ADVERTISING TO CHILDREN

SafeClass Shield does NOT:

• Display advertising to children
• Collect persistent identifiers (e.g., cookies, device IDs) for behavioral advertising
• Allow third-party ad networks to collect information about children
• Build behavioral profiles of children for marketing purposes

The SafeClass Shield platform is ad-free for all users, including children.

12. STATE-SPECIFIC CHILDREN'S PRIVACY LAWS

In addition to COPPA, SafeClass Shield complies with state laws that provide additional protections for children:

California (CCPA/CPRA):

• Prohibition on selling children's personal information (ages 13-15 without opt-in; under 13 with parental consent)
• Enhanced notice and consent requirements

California (AB 1584 - SOPIPA):

• Prohibition on targeted advertising to students
• Prohibition on creating profiles for non-educational purposes

Other States:

• New York, Illinois, Texas, and other states with student privacy laws

SafeClass Shield meets or exceeds the requirements of all applicable state laws.

13. COPPA SAFE HARBOR CERTIFICATION

[If applicable:] SafeClass Shield is a member of the Future of Privacy Forum's (FPF) Student Privacy Pledge and adheres to the FPF Safe Harbor Program for COPPA compliance. Our practices are reviewed annually by FPF.

[If not applicable, remove or indicate intent to apply.]

14. COPPA COMPLIANCE ATTESTATION

SafeClass Shield, Inc. hereby attests that:

1. We comply with all provisions of the Children's Online Privacy Protection Act (COPPA) and its implementing regulations (16 CFR Part 312).
2. We obtain verifiable parental consent before collecting personal information from children under 13.
3. We provide parents with clear notice of our data practices before obtaining consent.
4. We use children's personal information only for the purposes disclosed and consented to by parents.
5. We do not condition a child's participation on providing more information than reasonably necessary.
6. We do not disclose children's personal information to third parties without parental consent, except to service providers bound by confidentiality.
7. We implement reasonable security measures to protect children's information.
8. We honor parents' rights to review, delete, and refuse further collection of their child's information.
9. We retain children's information only as long as necessary and delete it upon request or when no longer needed.
10. We do not engage in behavioral advertising to children or allow third-party ad networks to collect children's information.

This attestation is made under penalty of perjury under the laws of the United States.

15. CONTACT INFORMATION

For COPPA-related questions, requests to review or delete your child's information, or to revoke consent:

COPPA Compliance Officer:
SafeClass Shield, Inc.
Email: coppa-requests@safeclassshield.com
Phone: 1-800-SAFEKID (1-800-723-3543), Option 5
Mail: [Company Address], Attn: COPPA Compliance

Federal Trade Commission (FTC):
To report alleged COPPA violations:

Consumer Response Center
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Phone: 1-877-FTC-HELP (1-877-382-4357)
Website: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule

Effective Date: January 1, 2026
Last Reviewed: January 1, 2026
Next Review Date: January 1, 2027

This COPPA Compliance Statement is a public document and may be shared with parents, schools, and regulatory authorities. We are committed to protecting children's privacy and welcome feedback on our practices.

SafeClass Shield, Inc.
Committed to Children's Privacy and Online Safety