Privacy Policy

Effective Date: August 13, 2025

PizzaParties LLC ("we," "our," or "us") is committed to protecting the privacy and security of all users of the ClassCoins platform ("Service," "Platform," or "ClassCoins"). This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of personal information from teachers, administrators, students, parents, and other users. This policy complies with all applicable federal and state privacy laws, including the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and state student privacy regulations.

1. Overview and Legal Framework

ClassCoins is a classroom behavior tracking and rewards platform designed exclusively for educational environments. We operate under strict privacy principles and comply with:

• FERPA: Family Educational Rights and Privacy Act - protecting student education records
• COPPA: Children's Online Privacy Protection Act - protecting children under 13
• State Privacy Laws: Including California Student Privacy Acts and similar state regulations
• PPRA: Protection of Pupil Rights Amendment - regarding surveys and data collection

Data Controller vs. Processor: ClassCoins acts as a "data processor" or "service provider" under the direction of educational institutions (the "data controllers"). Schools retain full ownership and control of all student data.

2. Information We Collect

2.1 Educator and Administrator Information

When teachers or administrators create accounts, we collect:

• Full name and professional title
• School or institutional email address
• School/district name and location
• Authentication credentials (encrypted passwords)
• Professional role and authorization level
• Account preferences and settings

2.2 Student Information (Educational Records)

Student data is entered exclusively by authorized educational personnel and includes:

Directory Information:

• Student first and last name
• Grade level and classroom assignment
• Student identification numbers (if used by school)

Educational Records:

• Behavioral tracking data (points, experience points, achievements)
• Reward redemptions and participation history
• Academic progress indicators related to behavior
• Teacher notes and observations (if entered)
• Disciplinary actions and interventions

2.3 Technical and Usage Information

• IP addresses and device information (for security purposes)
• Browser type and version
• Session timestamps and duration
• Platform usage analytics (aggregated and anonymized)
• Essential functional cookies (no advertising or tracking cookies)
• Error logs and performance data

3. How We Use Information

3.1 Educational Purposes Only

All student information is used exclusively for legitimate educational purposes, including:

• Providing core classroom behavior tracking and reward features
• Enabling students to monitor their own academic and behavioral progress
• Supporting Positive Behavioral Interventions and Supports (PBIS) programs
• Generating educational analytics and reports for teachers and administrators
• Facilitating parent-teacher communication about student progress
• Supporting individualized education plans (IEPs) and 504 plans where applicable

3.2 Platform Operations

• Maintaining platform security and preventing unauthorized access
• Providing technical support to educators and students
• Improving platform functionality based on educational needs
• Ensuring data integrity and preventing duplicate records

4. Data Access and Visibility

4.1 Who Can Access Student Data

Student information is accessible only to individuals with legitimate educational interests:

• The student themselves - via secure access codes, limited to their own progress data
• Assigned teachers - full access to students in their classes
• School administrators - aggregated data and individual records as educationally necessary
• Authorized school personnel - counselors, intervention specialists, etc. with legitimate educational interests
• ClassCoins support staff - limited access for technical support only, under strict confidentiality agreements
• Parents/guardians - access to their child's records upon request through proper channels

4.2 Classroom Data Sharing

Within individual classrooms, students may view limited information about classmates (names and general progress indicators) to:

• Prevent duplicate student records and identity confusion
• Support classroom team-building and collaborative activities
• Enable healthy, teacher-supervised academic competition
• Facilitate peer recognition and positive reinforcement

Important: Students can ONLY view classmates within their assigned classes and cannot access detailed behavioral records, personal information, or data from other classrooms.

5. Legal Basis and Consent Framework

5.1 FERPA Compliance

ClassCoins operates as a "school official" under FERPA regulations when:

• The educational institution has a direct contractual relationship with ClassCoins
• ClassCoins performs institutional services or functions for which the school would otherwise use employees
• Access to student records is limited to legitimate educational interests
• ClassCoins uses student data only for authorized educational purposes

5.2 COPPA Compliance for Children Under 13

For students under 13 years of age, we rely on:

• School Consent: Schools acting as agents for parents in the educational context
• Verifiable Parental Consent: When obtained directly by the school or teacher
• Educational Exception: Collection limited to educational records maintenance

Educator Responsibility: Teachers and administrators using ClassCoins represent that they have obtained all necessary consents and authorizations required by federal, state, and local laws.

6. Data Security and Protection Measures

6.1 Technical Safeguards

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based permissions with principle of least privilege
• Authentication: Multi-factor authentication for administrator accounts
• Network Security: Firewalls, intrusion detection, and regular security monitoring
• Data Isolation: School data segregated and isolated from other institutions

6.2 Administrative Safeguards

• Regular security training for all personnel with data access
• Background checks for employees handling student data
• Incident response procedures and breach notification protocols
• Regular security audits and penetration testing
• Data backup and disaster recovery procedures

6.3 Physical Safeguards

• Secure data centers with 24/7 monitoring and access controls
• Environmental controls and redundant power systems
• Secure disposal of hardware containing sensitive data

7. Data Retention and Deletion

7.1 Retention Periods

• Active Student Records: Retained while student is enrolled and account is active
• Graduated/Transferred Students: Retained for up to 7 years or per school policy, whichever is shorter
• Inactive Teacher Accounts: Data retained for 2 years, then permanently deleted
• Technical Logs: Retained for 1 year for security and troubleshooting purposes

7.2 Data Deletion Process

Upon request or at the end of retention periods:

• Data is permanently deleted from all systems, including backups
• Secure deletion procedures ensure data cannot be recovered
• Certificate of destruction provided upon request for compliance audits
• Schools receive 90-day notice before any scheduled deletions

8. Third-Party Service Providers

8.1 Approved Vendors

We may engage trusted third-party service providers to support ClassCoins operations, including:

• Cloud hosting and infrastructure providers
• Email and communication services
• Security monitoring and backup services
• Analytics and performance monitoring (with anonymized data only)

8.2 Vendor Requirements

All service providers must:

• Sign comprehensive data processing agreements
• Maintain equivalent or stronger security standards
• Undergo regular security assessments
• Agree to use data only for ClassCoins operational purposes
• Immediately report any security incidents or breaches

9. Student and Parental Rights

9.1 FERPA Rights

Parents and eligible students (18+ or in postsecondary education) have the right to:

• Inspect and Review: Request access to educational records within 45 days
• Request Amendment: Seek correction of inaccurate or misleading records
• Consent to Disclosures: Control disclosure of personally identifiable information
• File Complaints: Report FERPA violations to the Department of Education

9.2 Additional Privacy Rights

• Data Portability: Request export of data in machine-readable formats
• Deletion Rights: Request deletion of student records (subject to legal retention requirements)
• Access Logs: Request information about who has accessed student records
• Opt-Out Rights: Withdraw from optional features or data collection

9.3 Exercising Rights

To exercise these rights:

1. Contact your child's teacher or school administrator first
2. For direct requests, email hello@classcoins.com with:
   • Student's full name and school
   • Relationship to student (if parent/guardian)
   • Specific request and any supporting documentation
3. We will respond within 30 days and coordinate with the school as appropriate

10. Data Breach Notification

10.1 Incident Response

In the event of a security incident affecting student data:

• Immediate Response: Incident contained and investigated within 24 hours
• School Notification: Affected schools notified within 72 hours
• Regulatory Reporting: Compliance with federal and state breach notification laws
• User Communication: Clear, timely communication about nature and scope of incident
• Remediation: Comprehensive steps to prevent future incidents

10.2 Notification Contents

Breach notifications will include:

• Description of the incident and timeline
• Types of information involved
• Steps taken to investigate and respond
• Recommended actions for affected parties
• Contact information for further questions

11. International Data Transfers

ClassCoins stores and processes all data within the United States using domestic cloud infrastructure. We do not transfer student data outside the United States except in the following limited circumstances:

• Emergency technical support requiring temporary access by qualified personnel
• Legal compliance requirements (e.g., court orders)
• With explicit school consent for specific educational purposes

Any international transfers will comply with applicable data protection frameworks and include appropriate safeguards.

12. Cookies and Tracking Technologies

12.1 Essential Cookies Only

ClassCoins uses only essential cookies required for platform functionality:

• Session Cookies: Maintain user login status and security
• Preference Cookies: Remember user settings and configurations
• Security Cookies: Prevent unauthorized access and fraud

12.2 No Advertising or Tracking

We do NOT use:

• Advertising or marketing cookies
• Cross-site tracking technologies
• Social media tracking pixels
• Behavioral profiling or targeting tools

13. Age Verification and Consent

13.1 Under 13 Protections

For students under 13:

• No direct collection of personal contact information
• No behavioral advertising or profiling
• Limited data collection to educational records only
• School-mediated access without personal account creation

13.2 Teen Privacy (13-17)

For students 13-17:

• Enhanced privacy controls and transparency
• Clear notification of data practices
• Ability to request account deletion upon graduation
• No sharing of information for non-educational commercial purposes

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or platform features. Material changes will be communicated through:

• Email notification to all registered educators and administrators
• Prominent notice on the ClassCoins platform
• 60-day advance notice for changes affecting student data practices
• Updated effective date at the top of this policy

Schools and users who do not agree to material changes may terminate their accounts and request data deletion as described in this policy.

15. Contact Information and Complaints

15.1 General Inquiries