All Categories
Privacy
How does Classroom Hero protect and secure my information?

How does Classroom Hero protect and secure my information?

The security of your personal information is important to us. The safety and security of your personal information also depends on you and you should maintain good internet security practices. Where you have password-protected access to an account or certain parts of the Services, you are responsible for keeping this password secure at all times. You should not share your password with anyone. You must prevent unauthorized access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or mobile device and browser by signing off after you have finished accessing your account.

Student Account Security: Students access their accounts through teacher-provided classroom codes and may set optional 4-digit security codes to prevent other students from accessing their accounts. Teachers can override these student security codes when necessary for classroom management.

Account Compromise: If you think that any of your accounts have been compromised you should change your account credentials with us immediately. In particular make sure any compromised account can't access Classroom Hero. We will never email you to ask for your password or other account login information. If you receive such an email, please send it to us so we can investigate.

We work hard to protect our educational community, and we maintain reasonable administrative, technical, and physical security procedures and practices appropriate to the nature of the personal information designed to protect personal information from unauthorized or illegal use, destruction, disclosure, or access. In particular:

Technical Security Measures

Encryption and Data Protection:

  • When you enter any information anywhere on the Service, we encrypt the transmission of that information using secure socket layer technology (SSL/TLS) by default
  • Classroom Hero's databases where we store your personal information are encrypted at rest through DigitalOcean's managed database service. This converts your personal information into a form that unauthorized users can't translate
  • We ensure passwords are stored and transferred securely using encryption and salted hashing
  • We use MD5 hashing for student usernames to provide additional privacy protection

Database and Hosting Security:

  • The Service is hosted on DigitalOcean servers with enhanced security measures and industry-standard protections
  • Our database infrastructure includes automated daily backups with secure storage
  • Personal information is stored on servers equipped with industry-standard firewalls
  • The hosting facility provides 24x7 security monitoring and intrusion detection systems
  • LUX Security Integration: Our DigitalOcean infrastructure includes LUX security protocols that provide additional layers of protection for data at rest, ensuring enterprise-grade security standards for all stored educational information.

Session Management:

  • We use temporary JWT (JSON Web Tokens) to maintain secure student login sessions
  • Session tokens automatically expire to prevent unauthorized long-term access
  • We do not store student data in browser LocalStorage for additional privacy protection

Administrative Security Practices

Access Controls:

  • We restrict access to personal information to authorized Classroom Hero employees who need to know that information in order to process it for us
  • Our small team (currently two founders) ensures tight control over data access
  • All personnel are subject to strict confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations

Security Monitoring and Testing:

  • Our engineering team is dedicated to keeping your personal information secure
  • We perform application security testing and conduct risk assessments
  • We periodically review our information collection, storage, and processing practices to guard against unauthorized access to systems
  • Whenever we develop new features, we do so in a manner to keep your personal information safe

Teacher and School Controls:

  • Teachers have complete control over student data and can delete individual students, classes, or entire accounts at any time
  • School Leaders can oversee multiple classrooms while maintaining appropriate access controls
  • We provide clear data export and deletion capabilities for educational institutions

Data Retention and Deletion Security

Automatic Cleanup:

  • We automatically delete inactive teacher accounts after 12 months of inactivity, removing all associated student data
  • Server logs and IP addresses are automatically deleted after six months
  • Product event logs containing IP addresses are purged after six months

Teacher-Controlled Deletion:

  • Teachers can immediately delete student accounts and all associated data through their dashboard
  • All deletion requests are processed immediately and permanently
  • We provide clear instructions for account deletion at https://classroomhero.com/deactivate

Educational Environment Security

Student-Specific Protections:

  • Students cannot create accounts independently - all accounts are teacher-managed
  • Student access is controlled through teacher-provided classroom codes
  • We use anonymized identifiers and MD5 hashing to protect student identity
  • No student personal information is shared with external analytics providers

Classroom Isolation:

  • Student data remains within their specific classroom environment
  • Cross-classroom access is limited to authorized school personnel only
  • Parents can only view their own child's basic progress information

Payment and Financial Security

Subscription Security:

  • All payment processing is handled securely through Stripe
  • We do not store credit card information directly
  • Students cannot make any payments through the platform
  • Only teachers and School Leaders can manage subscription payments

Third-Party Security

Service Provider Protections:

  • All service providers are contractually bound to protect personal information
  • We maintain zero data retention contracts with AI providers (OpenAI, Anthropic)
  • Analytics providers (PostHog, Google Analytics) receive only anonymized data
  • All third-party integrations are essential to service operation and subject to strict privacy requirements

Incident Response and Communication

Security Breach Notification: Although we make concerted good faith efforts to maintain the security of personal information, and we work hard to ensure the integrity and security of our systems, no practices are 100% immune, and we can't guarantee the security of information. Outages, attacks, human error, system failure, unauthorized use, or other factors may compromise the security of user information at any time.

If we learn of a security breach, we will attempt to notify you electronically (subject to any applicable laws and school reporting requirements) so that you can take appropriate protective steps. For example, we may:

  • Post a notice on our homepage (www.classroomhero.com) or elsewhere on the Service
  • Send email to you at the email address you have provided to us
  • Notify schools and districts directly for coordination with their security protocols

Depending on where you live, you may have a legal right to receive notice of a security breach in writing.

What You Can Do to Help

Best Practices:

  • Keep your passwords secure and don't share them with anyone
  • Sign out of your account when finished, especially on shared computers
  • For teachers: Manage student classroom codes securely
  • For students: Keep your 4-digit security code private (if you choose to set one)
  • Report any suspicious activity to your teacher or to us immediately

Google Login Security:

If you use Google login for account access, your account security also depends on your Google account security practices. Make sure to:

  • Use strong passwords for your Google account
  • Enable two-factor authentication on your Google account
  • Keep your Google account recovery information up to date

Basically,

The security of your information is important to us, and we take it very seriously. We're always adding safeguards to ensure the safety and security of Classroom Hero and our educational community of teachers, School Leaders, parents, and students. You can help us out by keeping your password secret! When you enter personal information anywhere on the Service, we encrypt the transmission of that information using SSL by default. Classroom Hero's databases where we store your personal information are encrypted at rest through DigitalOcean's secure infrastructure, which converts all personal information stored in the database to an unintelligible form. Teachers have complete control over student data and can delete it at any time for maximum privacy protection.

Did this answer your question?
😞
😐
🤩
Will Classroom Hero Share any information it collects? How long does Classroom Hero keep information about me?