ClassPods

Privacy Policy

Last updated: 2026-05-17

ClassPods provides classroom workflow tools for K-12 teachers and schools. This page describes our privacy posture for account data, classroom data, and school inquiry data. We operate to a GDPR-equivalent posture: lawful basis, minimal collection, documented subprocessors, regional data residency on request, and signed Data Processing Addenda for schools.

What we collect

  • Teacher account data: email, name, locale preference, authentication tokens.
  • Classroom content: quizzes, lesson packs, assignments, and other material a teacher creates or imports.
  • Student responses: answers submitted during live games or assignments. By default, students join with a room code or share link — no student email or account is required.
  • Billing: processed by Stripe; we store invoice metadata and plan state, not card numbers.
  • School inquiries: the information you provide in the school lead form.
  • Operational logs: minimal request and error logs needed for security and reliability.

Legal basis (GDPR-equivalent)

We process personal data on the basis of (i) contract — providing the ClassPods service to teachers and schools; (ii) legitimate interests — operating, securing, and improving the service; and (iii) consent, where required (analytics cookies, optional features).

Data hosting and residency

ClassPods runs on managed infrastructure (primarily Supabase and Vercel). Production data is hosted in a single region selected for low GCC latency. Schools that require a specific data-residency region (EU, Middle East, or other) can request it during procurement; we will document the chosen region in the signed DPA.

Subprocessors

  • Supabase — primary database, authentication, and storage.
  • Vercel — application hosting and edge delivery.
  • Stripe — payment processing and subscription management.
  • Resend — transactional and lifecycle email delivery.
  • OpenAI and Anthropic — generative model providers used for lesson-pack, quiz, and worksheet drafting. Teacher prompts are sent to the provider; we do not opt our usage into provider model training.
  • Google Analytics 4 — anonymized product analytics; gated by cookie consent.

Students and parents

The default flow is room-code-only: students join a live game or assignment without an account and we never request a parent email. Student accounts are optional and only required for features like cross-class progress tracking. We do not market to parents and do not sell or rent any data.

Community library

Content created on the Free plan may be published to the ClassPods community library with attribution, as described during signup and in-product. Paid plans default new content to private.

Retention

We retain account and classroom data for the active life of an account. Teachers can request export and deletion at any time; schools can request bulk deletion at contract end. Email suppressions (bounces, complaints) and billing records are retained for the legally required period.

Your rights

You may request access, correction, export, or deletion of your personal data at any time. School controllers may exercise these rights on behalf of their teachers and students under the signed DPA. Send requests to hello@classpods.org.

Security

Core measures include managed authentication, role-based access controls, encrypted transport (TLS), encryption at rest via Supabase, environment-based credential handling, and minimum-necessary access for the ClassPods team.

Changes

We may update this page as the product and compliance posture evolve. Material changes are reflected on this page and the "last updated" date is revised.