Privacy & Data Handling | Classroom Economy App

Privacy & Data Handling Policy

Data We Collect

Personal Identifiers

First Name & Last Initial: For friendly identification in the user interface.
Class Block: To group students by class period and apply block-specific configurations.

Authentication & Setup Data

Student District ID (hashed): Provided by teachers during roster upload, hashed immediately using per-record salts and a global pepper; used to verify identity at login and reset.
DOB Sum (hashed): Month + Day + Year sum, hashed at upload; used for self-service credential resets.
Username (hashed): Derived from challenge word, DOB sum, and initials; one-way hashed and used as the student login handle.
PIN (hashed): Four- to six-digit code for login, stored only as a secure hash.
Passphrase (hashed): Secret phrase for multi-factor authentication and high-stakes actions, stored only as a secure hash.

Educational Activity Data

These records are not personal identifiers—they exist solely to power the in-class simulation and will never be used for external profiling.

Attendance Records: Tap-in/out timestamps and calculated active/inactive minutes; necessary to compute base pay and track participation.
Account Balances: Checking and savings balances, updated dynamically from transaction history.
Transaction History: Detailed records of bonuses, payroll, rent, property tax, insurance premiums, non-sufficient funds fees, and store purchases; required to maintain accurate account states and enforce rules.
Monthly Billing Settings: Configured recurring charges (rent, taxes, insurance) for each student; used to automate billing processes.

How We Use Data

Support the simulation of real-world banking, employment, and budgeting to teach financial literacy.
Analyze usage patterns and generate reports to improve educational outcomes and app functionality.
Communicate important updates and notifications to students and educators.

Data Minimization & Retention

We collect only the data necessary to support classroom activities and educational objectives. All PII is either hashed or stored minimalistically. Data is retained only for as long as required by educational standards and district policies, then securely deleted.

Security Measures

All sensitive data is encrypted at rest.
Authentication credentials are hashed using industry-standard algorithms with per-record salts and a global pepper.
All communications use HTTPS/TLS to encrypt data in transit.
Session management includes idle timeouts and no persistent cookies to prevent unauthorized access.
All hashed data is one-way; no party, including administrators, can reverse the hashes to recover original values.

Student Rights & Access

Students have the right to view and request corrections to their own data. Username recovery requires a new account-generation flow. PIN and passphrase resets are conducted through self-service with appropriate verification steps.

Data Breach Notification

In the event of a data breach, we will notify affected users and authorities within 72 hours and provide guidance on mitigation steps.

Compliance

This application adheres to FERPA, COPPA, and relevant data privacy policies.

Contact Information

For questions or concerns, contact:
Timothy Chang: [email protected]

← Back to Login