Classroom Pulse - FBA & BIP Data Collection Platform

Overview

Classroom Pulse is committed to protecting the privacy and security of student data. As an educational technology platform handling sensitive behavioral information, we maintain strict compliance with federal regulations and industry best practices.

🔒

Encrypted

256-bit AES encryption at rest and in transit

🏛️

FERPA Compliant

Meets all federal student privacy requirements

👶

COPPA Compliant

Safe for students under 13

🔐

SOC 2 Type II

Audited security controls

Our Privacy Commitment

We never sell student data. We never use student data for advertising. Student data is only used to provide educational services to you and your students.

Key Privacy Principles

Data Minimization

We only collect data necessary to provide the service

Purpose Limitation

Data is only used for stated educational purposes

User Control

You control who sees your data and can export or delete anytime

Transparency

Clear policies on what we collect and how it's used

FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records. Classroom Pulse is designed to help schools maintain FERPA compliance when collecting behavioral data.

How We Support FERPA Compliance

School Official Exception

Classroom Pulse operates under the 'school official' exception, meaning we can access student records to provide contracted educational services without requiring separate parental consent.

Data Processing Agreement

We sign Data Processing Agreements (DPAs) with schools and districts that specify our role as a 'school official' with 'legitimate educational interest.'

Direct Control

Schools maintain direct control over student data. We don't share, sell, or use student data for any purpose other than providing the educational service.

Access Controls

Role-based permissions ensure only authorized educators can view student records. All access is logged for auditing.

Parent Rights

Parents can request to view their child's data through the school. Schools can provide data exports in standard formats.

FERPA compliance settings

Shows the compliance settings dashboard with DPA status and audit controls

/images/help/ferpa-compliance-settings.png

District Responsibility

While Classroom Pulse provides FERPA-compliant tools, the school or district remains the data controller and is responsible for ensuring proper use of student data, obtaining any required consents, and responding to parent requests.

FERPA-Related Features

Audit logs tracking all data access
Data export in standard formats for parent requests
Role-based access control with “need to know” principles
Secure data deletion upon request
Annual FERPA training resources for educators

What Data We Collect

We collect only the data necessary to provide behavioral tracking and analysis services. Here's a complete breakdown of the data we collect and why.

Student Information

Identify students and organize data

Data Collected:

First and last nameRequired
Grade level
Date of birth
School-assigned student ID
Classroom/teacher assignment

NOT Collected:

Social Security numbers
Home addresses
Parent contact info (unless opted in)
Medical records
Disciplinary records

Behavioral Data

Track and analyze student behaviors

Data Collected:

Behavior occurrences (frequency, duration)Required
Antecedents and consequences
Setting and context information
Intensity ratings
Observer notes

NOT Collected:

Video or audio recordings
Photos of students
Biometric data

Assessment Data

Conduct FBAs and track progress

Data Collected:

FBA interview responses
TBFA trial results
Preference assessment results
IEP goal progress data

NOT Collected:

IEP documents themselves
Psychological evaluations
Medical diagnoses

Educator Account Information

Authenticate and provide service

Data Collected:

Email addressRequired
NameRequired
School/organization
Role/title

NOT Collected:

Personal social media
Personal phone numbers
Home addresses

Data Storage & Security

Your data is protected by multiple layers of security, from encryption to access controls to physical data center security.

Infrastructure Security

☁️

Cloud Infrastructure

Hosted on Google Cloud Platform (Firebase) with enterprise-grade security

🌍

Data Residency

Data stored in US-based data centers with geographic redundancy

🔐

Encryption at Rest

All data encrypted using AES-256 encryption

🔒

Encryption in Transit

TLS 1.3 encryption for all data transmission

Application Security

Authentication: Secure login with optional two-factor authentication (2FA)
Session Management: Automatic logout after inactivity, secure session tokens
Access Control: Role-based permissions with least-privilege principle
Audit Logging: Complete audit trail of all data access and modifications
Input Validation: Protection against injection attacks and XSS

Backup & Recovery

Feature	Details
Backup Frequency	Continuous replication with daily snapshots
Backup Retention	30 days of point-in-time recovery
Geographic Redundancy	Multi-region replication within the US
Disaster Recovery	RTO: 4 hours, RPO: 1 hour

Data Retention

Data retention periods vary by subscription tier and data type. You can always export your data before it's removed, and archived data remains accessible.

Retention by Plan

Plan	Active Data	Archived Data	After Cancellation
Free	90 days	90 days	30 days
Starter / Essential	1 year	2 years	12 months
Professional	Unlimited	Unlimited	12 months
School / District	Unlimited	Unlimited + custom	Per contract

Retention by Data Type

Behavior logs

Core data, follows plan limits

Per plan retention period

Assessment results

FBA interviews, TBFA results, preference assessments

Per plan retention period

Generated reports

Can be regenerated from source data

1 year from generation

Audit logs

Required for compliance, all plans

3 years

Account data

Email, profile, settings

Duration of account + 12 months

Export Before Expiration

We'll notify you 30 days before any data is scheduled for deletion. Use this time to export any data you want to keep permanently.

Data Sharing Controls

You have complete control over who can access student data. Sharing is always explicit—data is never shared automatically without your action.

Data sharing controls

Shows the sharing settings panel with team access, parent sharing, and third-party integrations

/images/help/data-sharing-controls.png

Sharing Options

Team Sharing

Share students with team members in your organization

Control:Per-student with role-based access levels

Default:Not shared (explicit opt-in)

Parent Portal

Allow parents to view their child's progress

Control:Opt-in per student, configurable visibility

Default:Disabled

Report Sharing

Share generated reports via secure links

Control:Time-limited links, password protection available

Default:Private until shared

Third-Party Integrations

Connect with SIS or other education platforms

Control:Explicit authorization required, revocable

Default:No integrations enabled

We Never Share Data

Classroom Pulse never shares student data with third parties for marketing, advertising, or any purpose other than providing the service you've requested. Period.

Exporting Your Data

You can export your data at any time in standard formats. This supports parent requests, transfers to other systems, or your own records.

Export Formats

CSV

Universal spreadsheet format, opens in Excel/Sheets

Best for: Data analysis, importing to other systems

PDF

Formatted reports for printing or sharing

Best for: IEP meetings, parent communications

JSON

Complete data export in structured format

Best for: Technical transfer, backup

Data export options

Shows the export dialog with format selection, date range, and data type options

/images/help/data-export-options.png

How to Export

1
Navigate to Settings
Go to Settings → Privacy & Data.
2
Click Export Data
Select the Export Data option.
3
Choose What to Export
Select data types: All data, specific students, date range, or data category.
4
Select Format
Choose CSV, PDF, or JSON based on your needs.
5
Download
Click Export and download the file when ready.

Large Exports

For large data exports, you'll receive an email when your export is ready to download. Export links expire after 7 days for security.

Data Deletion

You have the right to delete your data. We provide multiple deletion options depending on what you need to remove.

Delete Individual Student

Permanently remove a specific student and all their data

1Go to student profile
2Click Edit → Delete Student
3Confirm deletion

Cannot be undone. Consider archiving instead.

Delete Specific Data

Remove specific logs, assessments, or reports

1Navigate to the data
2Click delete/remove option
3Confirm deletion

Some data may be required for report accuracy.

Delete Account

Remove your entire account and all associated data

1Go to Settings → Account
2Click Delete Account
3Enter password to confirm
4Account scheduled for deletion

30-day grace period before permanent deletion.

Request Full Data Deletion

Complete removal of all data for compliance requests

1Email privacy@classroompulse.io
2Verify your identity
3Deletion completed within 30 days

Required for GDPR/CCPA requests.

Deletion is Permanent

Deleted data cannot be recovered. We recommend exporting data before deletion and using archive features for students who may return.

Privacy Settings

Configure your privacy preferences in Settings → Privacy. These settings apply to your account and any students you manage.

Privacy settings page

Shows the privacy settings panel with all configurable options

/images/help/privacy-settings-page.png

Available Settings

Data Sharing Default

Whether new students are shared with team by default

Private (recommended)

Share with team

Parent Portal Access

Global setting for parent access to student data

Disabled

Enabled with approval

Enabled

Analytics Participation

Contribute anonymized data to improve the platform

Opted out

Opted in

Session Timeout

How long before automatic logout

15 minutes

30 minutes

1 hour

4 hours

Two-Factor Authentication

Require 2FA for account access

Disabled

Enabled

Login Notifications

Get notified of new device logins

Disabled

Email notification

Recommended Security Settings

We recommend enabling two-factor authentication, setting a 30-minute session timeout, and enabling login notifications for maximum security.

Have Privacy Questions?

Contact our privacy team for questions about data handling, FERPA compliance, or to request a Data Processing Agreement.

privacy@classroompulse.io

Overview

Encrypted

FERPA Compliant

COPPA Compliant

SOC 2 Type II

Our Privacy Commitment

Key Privacy Principles

Data Minimization

Purpose Limitation

User Control

Transparency

FERPA Compliance

How We Support FERPA Compliance

School Official Exception

Data Processing Agreement

Direct Control

Access Controls

Parent Rights

District Responsibility

FERPA-Related Features

What Data We Collect

Student Information

Data Collected:

NOT Collected:

Behavioral Data

Data Collected:

NOT Collected:

Assessment Data

Data Collected:

NOT Collected:

Educator Account Information

Data Collected:

NOT Collected:

Data Storage & Security

Infrastructure Security

Cloud Infrastructure

Data Residency

Encryption at Rest

Encryption in Transit

Application Security

Backup & Recovery

Data Retention

Retention by Plan

Retention by Data Type

Behavior logs

Assessment results

Generated reports

Audit logs

Account data

Export Before Expiration

Data Sharing Controls

Sharing Options

Team Sharing

Parent Portal

Report Sharing

Third-Party Integrations

We Never Share Data

Exporting Your Data

Export Formats

How to Export

Navigate to Settings

Click Export Data

Choose What to Export

Select Format

Download

Large Exports

Data Deletion

Delete Individual Student

Delete Specific Data

Delete Account

Request Full Data Deletion

Deletion is Permanent

Privacy Settings

Available Settings

Data Sharing Default

Parent Portal Access

Analytics Participation

Session Timeout

Two-Factor Authentication

Login Notifications