Privacy Policy

SafeClass Shield Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 1, 2026

1. INTRODUCTION

SafeClass Shield ("we," "us," "our," or "Company") is committed to protecting the privacy and security of personal information collected through our digital safety and parental device monitoring platform (the "Service"). This Privacy Policy describes how we collect, use, disclose, and safeguard information from parents, legal guardians, educational institutions, and students (collectively, "Users" or "you") in compliance with applicable federal and state laws, including the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), the Protection of Pupil Rights Amendment (PPRA), and applicable state student data privacy laws.

This Privacy Policy applies to information collected through:

  • The SafeClass Shield web application and mobile applications
  • Device monitoring agents and browser extensions
  • Communications with our support team
  • Marketing and sales activities

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, do not use the Service.

2. DEFINITIONS

For purposes of this Privacy Policy:

"Educational Records" means records directly related to a student and maintained by an educational agency or institution, or by a party acting for the agency or institution, as defined by FERPA (20 U.S.C. § 1232g).

"Personally Identifiable Information" or "PII" means information that, alone or in combination, is linked or linkable to a specific student or other individual that would allow a reasonable person to identify the student or individual with reasonable certainty.

"Parent" means a parent of a student, a legal guardian, or an individual acting as a parent in the absence of a parent or guardian.

"School Official" means a person employed by the educational institution in an administrative, supervisory, academic, research, or support staff position; a person or company with whom the institution has contracted; or a parent or student serving on an official committee.

"Student Data" means personally identifiable information contained in a student's educational record, as well as information created or collected by the Service related to a student's use of monitored devices.

3. INFORMATION WE COLLECT

3.1 Information Collected from Parents and Educational Institutions

Account Information:

  • Full name and email address
  • Organization name and role (for institutional users)
  • Billing information (processed securely through Stripe, Inc.)
  • Password and authentication credentials (stored as cryptographic hashes)

Profile and Preference Information:

  • Communication preferences and notification settings
  • Language and timezone preferences
  • Subscription tier and license information

Usage Information:

  • Dashboard access logs and activity timestamps
  • Feature usage patterns and analytics
  • Support ticket history and communications

3.2 Information Collected About Students

We collect Student Data only at the direction of Parents or School Officials acting as authorized representatives. We do not collect information directly from students without verified parental consent or school authorization.

Student Profile Information:

  • Name, age, and grade level (provided by Parent or School)
  • Unique student identifier (generated by the Service)
  • Device identifiers and operating system information

Device Activity Data:

  • Websites visited, including URLs, timestamps, and duration
  • Applications installed and usage patterns
  • Screen time data and device usage sessions
  • Content access attempts and blocking events
  • Search queries and typed text (when AI content analysis is enabled)

Academic Integration Data (when authorized):

  • Google Classroom assignments, due dates, and submission status
  • Course enrollment and teacher information
  • Academic integrity indicators (submission timing, source citations)

Communication Data:

  • Parent-child chat messages (end-to-end encrypted)
  • In-app notifications and alerts
  • Approval requests and responses

Location Data:

  • We do NOT collect precise geolocation data
  • Approximate location may be inferred from IP address for security purposes

3.3 Automatically Collected Information

Device and Technical Information:

  • IP address (anonymized after 90 days)
  • Browser type, version, and language
  • Device type, operating system, and version
  • Unique device identifiers (hashed and anonymized)

Cookies and Tracking Technologies:

  • Session cookies for authentication (essential)
  • Performance and analytics cookies (with consent)
  • Security cookies for fraud prevention

We do not use third-party advertising cookies or allow behavioral tracking for marketing purposes.

3.4 Information from Third-Party Sources

Google Classroom Integration: When authorized by a Parent or School Official, we access:

  • Course information, assignments, and due dates
  • Student submission status and timestamps
  • Teacher names and course rosters

This information is accessed via OAuth 2.0 authorization and is subject to Google's API Services User Data Policy. We use this data solely to provide the academic monitoring features of the Service.

Payment Processing: Stripe, Inc. processes payment information on our behalf. We do not store complete credit card numbers or payment credentials on our servers. See Stripe's Privacy Policy at stripe.com/privacy for details.

4. HOW WE USE INFORMATION

4.1 Permitted Uses of Student Data

We use Student Data solely for educational purposes and to provide the Service as authorized by Parents or School Officials. Specifically, we use Student Data to:

Provide and Improve the Service:

  • Monitor device activity and enforce safety rules
  • Generate reports and insights for Parents and School Officials
  • Detect and block inappropriate content using AI-powered filtering
  • Facilitate parent-child communication through in-app messaging
  • Sync academic assignments and track completion

Ensure Safety and Security:

  • Identify potential cyberbullying, self-harm indicators, or dangerous content
  • Detect security threats, fraud, and unauthorized access
  • Comply with legal obligations and respond to valid legal requests

Communicate with Authorized Users:

  • Send notifications about blocked content or safety alerts
  • Respond to support requests and provide technical assistance
  • Send service updates and changes to terms (opt-in for marketing)

Research and Product Development:

  • Analyze aggregated, de-identified data to improve AI filtering accuracy
  • Conduct research on digital safety trends (with IRB approval for published research)
  • Test and develop new safety features

We will NOT:

  • Sell or rent Student Data to third parties
  • Use Student Data for targeted advertising
  • Create user profiles for non-educational purposes
  • Share Student Data with third parties except as disclosed in this Policy
  • Retain Student Data longer than necessary for educational purposes

4.2 Uses of Parent and Institutional User Information

We use Parent and Institutional User information to:

  • Create and manage accounts
  • Process payments and manage subscriptions
  • Provide customer support and respond to inquiries
  • Send administrative communications about the Service
  • Improve the Service and develop new features
  • Comply with legal obligations and enforce our terms
  • Send marketing communications (with consent, opt-out available)

5. DISCLOSURE OF INFORMATION

5.1 Disclosure of Student Data

We disclose Student Data only in the following circumstances:

To Parents and Authorized School Officials:

  • Parents have full access to all Student Data related to their children
  • School Officials with authorized access can view Student Data for students under their supervision

To Service Providers: We share Student Data with third-party service providers who perform services on our behalf, subject to strict confidentiality agreements:

  • MongoDB Atlas (AWS): Database hosting and storage (SOC 2 Type II, ISO 27001 certified)
  • Amazon Web Services (AWS): Infrastructure and file storage (FERPA compliant, ISO 27001, SOC 2 certified)
  • Google Cloud Platform: Classroom API integration (FERPA, COPPA, GDPR compliant)
  • Stripe, Inc.: Payment processing (PCI DSS Level 1 certified)
  • SendGrid (Twilio): Transactional email delivery (SOC 2 Type II certified)

All service providers are contractually required to:

  • Use Student Data only to provide agreed-upon services
  • Implement reasonable security measures
  • Comply with applicable student privacy laws
  • Return or delete Student Data upon request or contract termination

For Legal Compliance and Protection: We may disclose Student Data when required by law or in good faith belief that disclosure is necessary to:

  • Comply with legal process (subpoena, court order, law enforcement request)
  • Enforce our Terms of Service or investigate potential violations
  • Protect the safety, rights, or property of our users or the public
  • Detect, prevent, or address fraud, security, or technical issues

We will provide notice to Parents or School Officials before disclosure unless prohibited by law or court order.

In Connection with Business Transfers: If we are acquired by or merged with another company, Student Data may be transferred as part of that transaction. The acquiring company will be bound by the commitments in this Privacy Policy.

With Consent: We may disclose Student Data for purposes not described in this Policy with the express consent of the Parent or authorized School Official.

5.2 Disclosure of Parent and Institutional User Information

We may disclose Parent and Institutional User information:

  • To service providers who assist in operating the Service
  • To comply with legal obligations
  • In connection with business transactions
  • With consent for specific purposes
  • To protect our rights and prevent fraud

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard technical, administrative, and physical safeguards to protect information from unauthorized access, disclosure, alteration, and destruction:

Technical Safeguards:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • End-to-end encryption for parent-child chat messages
  • Bcrypt password hashing with per-user salts
  • Multi-factor authentication for administrative access
  • Regular security audits and vulnerability scanning
  • Intrusion detection and prevention systems
  • Automated security monitoring and alerting

Administrative Safeguards:

  • Role-based access controls (RBAC) with principle of least privilege
  • Background checks for employees with access to Student Data
  • Confidentiality agreements for all personnel
  • Regular security training for staff
  • Incident response procedures and breach notification protocols
  • Annual third-party security assessments

Physical Safeguards:

  • Data centers with 24/7 security, biometric access controls, and video surveillance
  • Redundant power and network infrastructure
  • Climate-controlled environments with fire suppression
  • Geographic data replication for disaster recovery

6.2 Data Storage and Processing Locations

Student Data is stored and processed in secure data centers located in the United States:

  • Primary data center: AWS US-East-1 (Northern Virginia)
  • Backup data center: AWS US-West-2 (Oregon)

We do not transfer Student Data outside the United States without explicit consent and appropriate data transfer mechanisms.

6.3 Limitations

While we employ robust security measures, no system is completely secure. We cannot guarantee the absolute security of information transmitted through or stored on the Service. Users are responsible for maintaining the confidentiality of their passwords and account credentials.

7. DATA RETENTION

7.1 Student Data Retention

We retain Student Data only for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Active Account Retention:

  • Student activity data: Retained for the duration of the subscription plus 30 days
  • Academic integration data: Retained while integration is active plus 90 days
  • Chat message history: Retained for 1 year or until account deletion

Post-Deletion Retention:

  • De-identified analytics: May be retained indefinitely for research and product improvement
  • Backup copies: Deleted within 90 days of account deletion request
  • Legal holds: Retained as required for pending litigation or legal obligations

Educational Institution Accounts:

  • Student Data is typically retained for the academic year
  • At the end of each academic year, schools may request bulk deletion of graduated students
  • Retention schedules can be customized to meet district policies

7.2 Deletion Requests

Parents and School Officials may request deletion of Student Data at any time by:

  • Using the in-app account deletion feature
  • Contacting privacy@safeclassshield.com
  • Submitting a written request to our Data Protection Officer

We will respond to deletion requests within 30 days and complete deletion within 60 days, except where retention is required by law or for legitimate business purposes (e.g., pending litigation, fraud prevention).

7.3 Account Termination

Upon subscription termination or non-renewal:

  • Parents have 30 days to export Student Data
  • After 30 days, Student Data is permanently deleted
  • Aggregated, de-identified analytics may be retained

8. PARENTAL AND SCHOOL RIGHTS

8.1 Access and Correction Rights

Parents and authorized School Officials have the right to:

  • Access all Student Data collected and maintained by the Service
  • Review activity reports, blocked content logs, and communication history
  • Request correction of inaccurate or incomplete information
  • Export Student Data in a machine-readable format (CSV, JSON)
  • Download device activity reports and analytics

To exercise these rights, contact support@safeclassshield.com or use the in-app data export tools.

8.2 Deletion and Opt-Out Rights

Parents and School Officials have the right to:

  • Request deletion of specific Student Data or entire student profiles
  • Disable specific monitoring features (e.g., screenshot capture, keystroke logging)
  • Revoke third-party integrations (e.g., Google Classroom)
  • Terminate the Service and request complete data deletion

8.3 Consent Management

For users in jurisdictions requiring explicit consent for data processing:

  • Parents can manage consent preferences in account settings
  • Granular controls for specific data types and processing activities
  • Ability to withdraw consent at any time (may limit Service functionality)

8.4 FERPA Rights (Educational Institutions)

For school-contracted accounts, SafeClass Shield acts as a "School Official" with a legitimate educational interest as defined by FERPA. Educational institutions maintain all FERPA rights, including:

  • Control over disclosure of Educational Records
  • Right to inspect and review service provider data handling practices
  • Ability to direct deletion or return of Educational Records
  • Annual notification of privacy practices to parents

9. CHILDREN'S PRIVACY (COPPA COMPLIANCE)

9.1 Age Restrictions

SafeClass Shield is designed for use by Parents and School Officials to monitor children's online activity. We do not knowingly collect personal information directly from children under 13 without verified parental consent or school authorization under COPPA's school exception (15 U.S.C. § 6502(b)(1)(D)).

9.2 Parental Consent Requirements

For personal accounts (non-school), before collecting any personal information from a child under 13, we obtain verifiable parental consent through:

  • Credit card verification (small authorization charge, immediately refunded)
  • Government-issued ID verification
  • Consent form submission via email with follow-up verification call

9.3 School Authorization

For school-contracted accounts, we rely on the school's consent and authorization to collect and use Student Data for educational purposes. Schools are responsible for obtaining any required parental consents under COPPA.

9.4 Parental Rights Under COPPA

Parents have the right to:

  • Review personal information collected from their child
  • Request deletion of their child's personal information
  • Refuse further collection or use of their child's information
  • Revoke consent previously granted

To exercise COPPA rights, contact privacy@safeclassshield.com with your account email and student name.

10. THIRD-PARTY SERVICES AND LINKS

10.1 Third-Party Integrations

The Service integrates with third-party platforms (e.g., Google Classroom, Stripe) that have their own privacy policies. We are not responsible for the privacy practices of these third parties. We encourage users to review:

10.2 External Links

The Service may contain links to third-party websites for educational or informational purposes. We do not control these sites and are not responsible for their content or privacy practices. Parents and School Officials should supervise students' access to external links.

11. STATE-SPECIFIC PRIVACY RIGHTS

11.1 California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of personal information collected, sources, purposes, and third parties with whom it is shared.

Right to Delete: Request deletion of personal information (subject to exceptions).

Right to Opt-Out: Opt-out of "sale" or "sharing" of personal information (we do not sell or share Student Data).

Right to Correct: Request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those authorized by law.

Non-Discrimination: We will not discriminate against users for exercising CCPA/CPRA rights.

To exercise these rights, contact privacy@safeclassshield.com or call 1-800-SAFEKID (toll-free).

11.2 Other State Laws

We comply with student data privacy laws in all states where we operate, including but not limited to:

  • California AB 1584 (Student Online Personal Information Protection Act)
  • New York Education Law § 2-d
  • Illinois Student Online Personal Protection Act (SOPPA)
  • Texas Education Code Chapter 32 (Student Data Privacy)

State-specific data protection addenda are available upon request for institutional customers.

12. INTERNATIONAL DATA TRANSFERS

SafeClass Shield is based in the United States and primarily serves U.S. customers. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), through Standard Contractual Clauses and other approved transfer mechanisms.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will notify users of material changes by:

  • Posting the updated Policy on our website with a new "Last Updated" date
  • Sending email notification to account holders (for material changes)
  • Displaying an in-app notification upon next login (for material changes affecting Student Data)

For educational institution accounts, we will provide at least 30 days' notice before material changes take effect and offer the opportunity to terminate the contract if the changes are unacceptable.

Continued use of the Service after changes become effective constitutes acceptance of the updated Policy.

14. CONTACT INFORMATION

Data Protection Officer

For privacy-related questions, concerns, or requests, contact our Data Protection Officer:

Email: privacy@safeclassshield.com
Phone: 1-800-SAFEKID (1-800-723-3543)
Mail:
SafeClass Shield, Inc.
Attn: Data Protection Officer
[Company Address]
[City, State, ZIP]

Parent and Student Privacy Requests

To exercise privacy rights on behalf of a student: Email: parental-rights@safeclassshield.com
Online Portal: https://safeclassshield.com/privacy-request

Educational Institution Inquiries

For institutional data protection agreements and compliance documentation: Email: institutional-compliance@safeclassshield.com
Phone: 1-800-SAFEKID, Option 2

15. EFFECTIVE DATE AND ACKNOWLEDGMENT

This Privacy Policy is effective as of January 1, 2026.

By creating an account or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Policy, do not use the Service.

For educational institutions, this Privacy Policy is incorporated by reference into the Master Services Agreement or Data Protection Agreement executed between the institution and SafeClass Shield.

SafeClass Shield, Inc.
Committed to Student Privacy and Digital Safety

This Privacy Policy was prepared with the assistance of legal counsel specializing in education technology, FERPA, and COPPA compliance. It is designed to provide comprehensive transparency about our data practices while meeting the legal requirements for operating a K-12 education technology service.

For legal inquiries, contact: legal@safeclassshield.com

Last updated: January 1, 2026 | © 2026 SafeClass Shield, Inc. All rights reserved.

Questions? Contact dpo@safeclassshield.com or call 1-800-SAFEKID