Built for schools, safe for kids

What we collect & why

We collect only what's needed to run the learning service. Specifically:

• Account email (from Google sign-in) — to associate progress with the right learner and let teachers see real roster names.
• Display name + grade level — shown to teachers/parents; never exposed to other students.
• Quiz attempts (subject, sub-topic, correct count, total count, timestamp) — to power streaks, mastery tracking, and the weekly recap.
• Wrong-answer queue (question text + correct answer for items missed) — to power the Practice Mistakes spaced-repetition feature.
• Roster membership — when a student joins a classroom via a join code, we record the (classroom, student) pair.

What we never do

• We never sell, rent, or share student data with advertisers.
• We never serve third-party ads to anyone in a K-12 context.
• We never use student work or quiz responses to train AI models that are publicly released.
• We never require a student to provide personal information beyond their first name and grade to join a classroom.
• We never enable behavioral profiling or cross-site tracking.

COPPA (Children's Online Privacy Protection Act)

AnythingText K-12 complies with COPPA for users under 13:

• School-authorized use: When a teacher onboards a class via a join code, we operate under the school-consent exception — the school provides consent on the parent's behalf for educational purposes only.
• Parental consent: For family use outside a school setting, a parent must create the account and add the child as a profile under their own login. The parent is the consenting authority for any child under 13.
• Minimum necessary data: We collect only what's needed to deliver the service (see above), and never request unnecessary personal information from a child.
• No advertising: No behavioral advertising is shown to any K-12 user, regardless of age.

FERPA (Family Educational Rights and Privacy Act)

When schools use AnythingText K-12, we act as a "school official" with a legitimate educational interest, under FERPA's school-official exception. This means:

• Student education records (quiz scores, mastery data) belong to the school, not to us.
• We use student data only for the purposes the school directs.
• We do not redisclose student data to third parties without authorization.
• Schools or parents may request access, correction, or deletion at any time.

Parental rights & controls

Parents and legal guardians can, at any time:

• Review what we've collected about their child via the student dashboard (quiz history, badges, mastery).
• Correct or update their child's display name or grade level via the Family dashboard.
• Delete all K-12 data linked to their account via the "Delete my K-12 data" control on the student dashboard.
• Refuse further collection — simply stop using the service or contact us.

Deleting student data

You can delete your K-12 data in one of two ways:

1. Self-service: Open your student dashboard and click "Delete my K-12 data". This permanently removes your quiz history, wrong-answer queue, family profiles, and any classrooms you created. It does not delete your AnythingText account itself.
2. Email request: Write to support@anythingtext.com with the subject "K-12 data deletion" and the email address on the account. We respond within 30 days.

School / district setup

For schools or districts that want SSO and centralized oversight:

• Register your Google Workspace domain so all teachers signing in with that domain are auto-associated with the school.
• Designated school admins can list every classroom and roster member within the domain.
• We sign Data Processing Addendums (DPAs) on request. Email support@anythingtext.com with "DPA" in the subject.

Data Processing Addendum (DPA)

Schools and districts may need a signed DPA before adopting the service. Our standard DPA covers:

• Scope of processing (we are a processor, the school is the controller of student records).
• Sub-processors (AWS for hosting + SES, OpenAI for AI features that you opt into).
• Security commitments (encryption in transit + at rest, breach notification within 72 hours).
• Data return / deletion at contract end.

Email support@anythingtext.com to request a signed DPA.