All Categories
Privacy
EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and UK extension to DPF

EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, and UK extension to DPF

Important Note: Classroom Hero is currently in the process of pursuing certification under the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce (collectively the "DPF Programs"). While we are working toward this certification, we currently rely on other appropriate safeguards for international data transfers as described in our "What if I'm not in the U.S.?" section, including Standard Contractual Clauses and other mechanisms approved under GDPR Article 46.

Our Commitment to DPF Compliance

Once certified, Classroom Hero will adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Classroom Hero will also adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal information received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the "DPF Principles"), the DPF Principles shall govern.

Data Processing Under DPF

Types of Personal Information

Classroom Hero may receive from the EU, UK and Switzerland some or all of the personal information listed in the section "What Information Does Classroom Hero Collect?". This includes:

For Teachers and School Leaders:

  • Account registration information (name, email address, school affiliation)
  • Subscription and billing information
  • Classroom setup and management data
  • AI tool usage for educational content creation

For Parents:

  • Basic account linking information
  • Profile data for viewing student progress

For Students (processed under school direction):

  • Student names as provided by teachers
  • Educational gamification data (points, avatar customizations, game progress)
  • AI-generated quiz responses and educational activity completion
  • Virtual marketplace transaction records

Controller and Processor Roles

Classroom Hero obtains and processes such personal information as a Controller or Processor, as explained in the section "Is Classroom Hero a controller?" For all types of processing, Classroom Hero commits to the DPF Principles with respect to all personal information received from the EU, UK and Switzerland. We may use the personal information received from the EU, UK and Switzerland for the purposes set forth in this Privacy Policy or as you may otherwise be notified.

As a Processor:

  • Student Data processing under school direction and control
  • Educational gamification activities managed by teachers
  • Classroom management functions operated under school policies

As a Controller:

  • Teacher, School Leader, and parent account registration and management
  • Subscription processing and billing for educational services
  • Limited parent account features for viewing student progress

Third-Party Transfers and Onward Transfer Liability

Classroom Hero may transfer personal information to third parties as described in this privacy policy. Classroom Hero is responsible for the processing of personal data it receives, under the DPF Programs, and subsequently transfers to third parties acting as an agent on its behalf. Classroom Hero complies with the DPF Principles for all onward transfers of personal data from the EU, UK and Switzerland, including the onward transfer liability provisions.

Our Service Providers Under DPF

Essential Service Providers:

  • DigitalOcean: Database hosting and infrastructure (with appropriate DPF-compliant safeguards)
  • Stripe: Payment processing for teacher and School Leader subscriptions
  • Analytics Providers: PostHog and Google Analytics (receive only anonymized data)
  • AI Providers: OpenAI and Anthropic (with zero data retention contracts for student information)

Onward Transfer Protections:

  • All service providers are contractually bound to DPF-equivalent protections
  • Limited data sharing reduces transfer liability exposure
  • Anonymous analytics ensure no personal data in research transfers
  • Strong oversight of third-party data processing practices

Regulatory Oversight and Enforcement

With respect to personal data received or transferred pursuant to the DPF Programs, Classroom Hero is subject to the jurisdiction and regulatory enforcement powers of the U.S. Federal Trade Commission and other authorized statutory bodies. In certain situations, Classroom Hero may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Educational Context Considerations

School Protection:

  • Schools acting as Controllers maintain primary authority over Student Data
  • Additional protections for educational records under FERPA and similar laws
  • Transparency about any government data requests affecting educational information

Individual Rights and Complaint Resolution

Access and Rights Exercise

Where appropriate, we will provide you with access to the personal information that we maintain about you and enable you to exercise your rights to your personal information as set out in the "What are Classroom Hero's commitments to providing transparency and rights?" section.

For EU, UK, and Swiss Individuals:

  • Right to access personal information
  • Right to correct inaccurate data
  • Right to delete personal information (subject to educational record requirements)
  • Right to restrict processing
  • Right to data portability where applicable

Complaint Resolution Process

Classroom Hero commits to resolve DPF Principles-related complaints about the collection and use of your personal data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the DPF Programs should contact us at privacy@classroomhero.com.

Resolution Steps:

  • Direct Contact: Initial complaints should be directed to Classroom Hero
  • Independent Recourse: If not resolved satisfactorily, complaints may be referred to an independent dispute resolution provider
  • Binding Arbitration: Under certain conditions, binding arbitration may be available when other dispute resolution procedures have been exhausted

Alternative Dispute Resolution

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Classroom Hero will commit to refer unresolved complaints concerning our handling of personal data received in reliance on the DPF Programs to an appropriate alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, you may access the independent dispute resolution mechanism. These services are provided at no cost to you.

Educational Data Protections

Enhanced Student Privacy

Additional Safeguards for Educational Data:

  • DPF protections apply to all Student Data transferred from EU, UK, and Switzerland
  • Teacher-controlled environment provides additional oversight
  • School consent model ensures appropriate authority for data processing
  • Compliance with both DPF principles and educational privacy requirements

Simplified Compliance: Our streamlined platform design enhances DPF compliance:

  • Limited third-party integrations reduce transfer complexity
  • Clear Controller/Processor roles simplify accountability
  • Teacher control ensures immediate response to rights requests
  • Anonymous analytics prevent unnecessary personal data transfers

Current Safeguards Pending Certification

While pursuing DPF certification, Classroom Hero currently maintains robust international transfer protections:

Standard Contractual Clauses (SCCs):

  • EU-approved SCCs for all EU/UK data transfers
  • GDPR Article 46 compliant transfer mechanisms
  • Regular review and updates as regulations evolve

Additional Safeguards:

  • Encryption in transit and at rest
  • Access controls and data minimization practices
  • Regular security assessments and compliance reviews
  • Transparency about data storage locations and processing practices

Basically,

Classroom Hero is working toward certification under the EU-U.S. Data Privacy Framework (DPF), UK Extension, and Swiss-U.S. DPF to provide enhanced protections for personal data transferred from the European Union, United Kingdom, and Switzerland. Until certification is complete, we maintain strong alternative safeguards including Standard Contractual Clauses and other GDPR-approved mechanisms. Once certified, the DPF will provide an additional layer of protection for international data transfers, with independent dispute resolution and binding arbitration options available for EU, UK, and Swiss individuals.

Did this answer your question?
😞
😐
🤩
What if I'm not in the U.S.? Canada Data Privacy