Privacy policy

We collect information you provide directly, data created while using the product, and a limited amount of technical and analytics information needed to run and improve the service. All application data is stored on infrastructure located in the United States.

• Provide and improve classroom tools, including the whiteboard canvas, group generation, seating charts, name picker, timer, stopwatch, classroom clock, daily schedule, noise monitor, traffic light, scoreboard, online dice, live polling, QR code generation, and first-then visual supports
• Power AI-assisted tools, including the lesson planner, rubric generator, quiz generator, worksheet generator, and flashcard generator
• Create and manage your account, sign you in securely, and unlock premium access
• Save your classes, students, groups, boards, and preferences across sessions and devices
• Process payments, verify subscription status, and maintain billing records
• Analyze usage patterns, debug issues, and improve the experience
• Respond to support questions, service updates, and security notices
• Protect the service against fraud, abuse, and technical attacks
• Comply with applicable legal, accounting, and regulatory obligations

Student privacy commitments

• We support educators in maintaining FERPA compliance.
• We recommend appropriate consent practices for students under 13 in line with COPPA.
• Student data is used only to provide classroom-management functionality.
• We do not use student data for advertising or marketing profiles.
• We do not sell student information.
• Educators can control and delete student data.

Children's privacy

Our service is intended for educators, not direct use by children under 13. We do not knowingly collect personal information directly from children. If you enter student information, including information about children under 13, you are responsible for obtaining any required parental consent, school approval, or other authorization under COPPA, FERPA, and other applicable laws.

By using the service with student data, you represent that you have the authority to provide that information for legitimate educational purposes.

How data is protected

We use Supabase and related infrastructure to store and manage application data in the United States. We use layered technical and organizational safeguards, but no internet-connected system can guarantee absolute security.

• Encrypted connections using SSL/TLS
• Encrypted storage at rest
• Row-level security and user-specific access controls
• Automated backups and authentication controls
• Protection against common vulnerabilities such as SQL injection, XSS, and CSRF
• Regular updates and security maintenance

How long we keep data

• Active account data is retained while your account remains active.
• Deleted accounts and related classroom data are removed from active systems within 30 days.
• Payment records may be retained for 7 years for tax, accounting, and compliance purposes.
• Analytics data is retained under the applicable third-party provider settings.
• Support history may be retained for 2 years for service quality and dispute resolution.
• Deleted data can remain in backups for up to 90 days before permanent removal.

International users should note that data is transferred to, stored in, and processed in the United States, where privacy laws may differ from those in your jurisdiction.

We rely on a small set of third-party providers to run analytics, payments, support, and core infrastructure. We also use cookies and local browser storage for authentication, preferences, analytics, and support functionality.

Most browsers accept cookies automatically, but you can change your browser settings to reject or limit cookies. Some site features may not work properly if you disable them.

Several of our tools, the AI Lesson Planner, the AI Rubric Generator, the AI Quiz Generator, the AI Worksheet Generator, the AI Flashcard Generator, the AI Image Generator (built into the image widget), and the AI Sticker Maker, use third-party model providers to generate content on your behalf. Text generation runs on Google's Gemini API; image and sticker generation runs on OpenAI's gpt-image-2 model (ChatGPT Images 2.0). This section explains exactly what is sent, what is not, and how your inputs are handled.

What we send to Google Gemini

• The lesson, rubric, quiz, or worksheet inputs you provide: subject, grade level, topic, duration, assignment description, learning objectives, standards, materials, question counts, difficulty, and any optional notes.
• When you link a saved class, only aggregate class context (class size, grade level, and differentiation tags). Student names and any identifying information stay in your browser and are never transmitted.

What we do not send

• Individual student names, roster entries, or other PII.
• Account details, payment information, or your email address.
• Content from any other tools on this site (whiteboard boards, groups, seating charts, timers, scoreboard, name picker entries, live poll questions and votes, etc.).

Google processes these requests under its Gemini API terms and confirms that inputs from paid API customers are not used to train their models. Generated lesson plans, rubrics, quizzes, and worksheets are saved to our database tied to your account. They are private to you and are never shared with other users unless you explicitly create a share link.

Image and sticker generation (OpenAI gpt-image-2)

When you generate an image in the image widget or a sticker in the sticker widget, the text prompt you wrote plus the selected style preset (if any) are sent to OpenAI's gpt-image-2 model. Your account email, student names, class names, and other PII are never sent. OpenAI processes these requests under its API data usage policies and confirms that API inputs are not used to train OpenAI models by default. The resulting PNG is uploaded to our Supabase Storage bucket so the widget can reload it later, and a local index of recent generations is kept in your browser so you can reuse a previous sticker without re-generating.

If you would prefer not to use AI-assisted tools, simply do not open the AI Lesson Planner, Rubric Generator, Quiz Generator, Worksheet Generator, Flashcard Generator, AI image generation panel, or AI Sticker Maker. The rest of the app (whiteboard, groups, seating charts, timers, scoreboard, live polls, and other non-AI tools) never contacts Gemini or OpenAI.

General controls

• Access and review your data
• Correct or update your account details
• Delete your account and associated data from the Settings page
• Export your data in supported formats
• Withdraw consent by stopping use of the service and deleting your account
• Use browser tools or extensions to limit analytics tracking

GDPR rights (EEA users)

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Rights related to automated decision-making and profiling

CCPA rights (California users)

• Right to know what personal information is collected
• Right to know whether personal information is disclosed or sold
• Right to request deletion
• Right to access personal information
• Right to equal service and price
• Right to opt out of sale, although we do not sell personal information

Legal basis for processing

For users in the EEA, we process data based on consent, contract performance, legal obligations, and legitimate interests such as operating, securing, and improving the service.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in product functionality, legal requirements, security practices, or our service providers.

• We will post the updated policy on this page.
• We will update the last-updated date shown on the page.
• For material changes, we may also notify registered users by email or through an in-app notice.

Contact us

Questions, concerns, or privacy requests can be sent directly to our team.

Classroom Group Generator
Email: hello@classroomgroupgenerator.com
Contact form: Visit the contact page

We aim to respond within 30 days. For access, correction, or deletion requests, include "Privacy Request" in your subject line.