Classroom Ascent

Privacy Policy

Last updated: July 8, 2026

This Privacy Policy explains how Classroom Ascent, operated by Erik Valtersson, sole trader registered in Sweden (“we”, “us”), handles personal information in the Classroom Ascent service (the “Service”). The Service is a gamified classroom tool: teachers create classes and reward students, and students play an adventure game connected to their class.

Our approach in one paragraph: we collect the minimum information needed to run the Service, we use it only to run the Service, and we delete it when it is no longer needed. We never show ads, never sell personal information, never use student data for marketing or advertising, and never build profiles of students for any purpose other than making the game work.

1Who is responsible for what

The Service involves two distinct data relationships:

Teacher information. Teachers subscribe to the Service individually. For a teacher's own information, we are the data controller (GDPR/LGPD terminology) or business (US terminology), and this Policy describes that processing.

Student information. Teachers use the Service in their professional capacity, and the students' school (or district/education authority) remains the party responsible for student information — the data controller in GDPR/LGPD terms. We process student information only to provide the Service, acting on behalf of the school through the teacher: by subscribing, the teacher confirms in our Terms of Service that they are authorized by their school to use the Service with student information. In US terms, we operate as a service provider acting at the school's direction, consistent with the “school official” model under FERPA.

For schools and districts that wish to formalize this relationship, a data processing agreement (including our list of subprocessors) is available on request — see Section 12. Students and parents/guardians who wish to review, correct, or delete a student's information should contact the teacher or school; the Service gives teachers direct tools to do both, and we support every such request.

2Information we collect

About teachers:

About students (on the school's behalf):

We do not collect sensitive personal information (such as health information, government identifiers, precise location, or biometric data) and never ask teachers or students to provide any. A student's character appearance choices are cosmetic game options, not information about the student. We do not collect information from students beyond what is needed for the Service to function.

3How we use information

Teacher information is used to provide the Service: creating and administering the account, operating class and reward features, and service communications (for example, a warning before an inactive account is deleted). Under the GDPR/LGPD, the legal bases are performance of a contract and, for security and retention measures, our legitimate interest in keeping the Service secure and not storing data longer than necessary.

Student information is used solely to provide the Service's classroom features. Under the GDPR, the school determines the legal basis for its use of the Service (for public schools, typically a task in the public interest). Under COPPA, where students are under 13, we rely on the school's authorization — given through the teacher as the school's representative — to collect student information. Schools may provide this authorization in place of individual parental consent because the information is collected solely for the use and benefit of the school and for no other commercial purpose.

What we never do with student information: no advertising or marketing of any kind; no selling, renting, or trading; no behavioral profiling; no use for developing or improving unrelated products; no disclosure to third parties except the service providers listed below.

4Who can see the information

Teachers see the names and game data of students in their own classes. Students in the same class can see each other's name, level, and game progress (for example, on the class leaderboard). No one outside the class has access.

We do not share personal information with third parties for their own purposes. The information is processed by the following service providers (subprocessors for student information) on our behalf:

ProviderFunctionProcessing location
Google (Firebase) Authentication (including sign-in emails such as password resets), database, hosting EU (multi-region eur3: Belgium and the Netherlands); parts of the authentication service may involve processing in the U.S. (see Section 7)

We may also disclose information if required by law, in which case we will notify the affected teacher or school unless legally prohibited.

5Children's privacy

The Service is used by students, including children under 13, within the context of school instruction. In addition to everything above:

6How long we keep information

7Where information is processed

Information is stored in Google's data centers within the European Union (multi-region eur3: Belgium and the Netherlands). Certain supporting functions provided by Google (for example, parts of the Firebase Authentication service) may involve processing in the United States. Where information originating in the EU/EEA, the UK, or Brazil is transferred internationally, we rely on the EU–U.S. Data Privacy Framework, under which Google LLC is certified, with Standard Contractual Clauses as a fallback mechanism.

8Your rights

Depending on where you live, you may have the right to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. This includes rights under the GDPR (EU/EEA), the LGPD (Brazil), COPPA and FERPA (US, exercised through the school for student information), and US state privacy laws where applicable.

We will never discriminate against anyone for exercising a privacy right. EU/EEA residents may lodge a complaint with their supervisory authority (in Sweden: IMY, www.imy.se); Brazilian residents may contact the ANPD.

9Security

All traffic is encrypted in transit (TLS), and information is encrypted at rest by our hosting provider. Access is governed by security rules ensuring that teachers can only reach their own classes and students only their own information. Deletion runs through controlled server-side functions so that all copies of the information are removed, including sign-in accounts.

10Cookies and local storage

The Service uses only the browser storage strictly necessary for it to function: the sign-in session (managed by our authentication provider) and the user's role in the app. We use no advertising, marketing, or tracking cookies, and no third-party analytics.

11Changes to this Policy

If we make material changes, we will notify teachers through the Service or by email. Material changes to how we handle student information will not take effect without notice, and schools that have entered into a data processing agreement with us will be notified in accordance with that agreement. The date at the top shows when this Policy was last updated.

12Contact

Classroom Ascent
Erik Valtersson (sole trader, Sweden)
Privacy inquiries: privacy@classroomascent.com
General support: support@classroomascent.com

For schools and districts: our data processing agreement, including the current list of subprocessors, is available on request at the address above.