Data Protection

This page is a practical trust overview. It explains the operational principles Classroom Pulse applies across educational data, account administration, website activity, and subscription workflows.

For contractual terms, see the Data Processing Agreement. For broader personal data handling disclosures, see the Privacy Policy.

Classroom Pulse organizes its practices around a few core principles

• Data minimization: collect what is needed, not what is convenient
• Purpose limitation: use information for service, support, security, and commercial operations only as authorized
• Access discipline: limit access based on need and role
• Lifecycle management: retain, export, delete, or de-identify data according to the applicable workflow or agreement

Not all data in a SaaS business is handled the same way.

Examples

• Student and educational records are customer-directed and handled in school-managed workflows
• User account and workspace settings are needed to operate the product
• Billing and transaction data are needed to run subscriptions and finance operations
• Website and operational analytics help us secure and improve the service

Separating these categories helps us apply the right legal, technical, and operational controls to each one.

Examples of current protections include

• Authentication and session controls
• Infrastructure-managed encryption and backup practices
• Permissioning and controlled workspace access
• Logging, monitoring, and incident response workflows
• Vendor and subprocessor review for critical services

Customers and users may request access, exports, corrections, or deletion depending on their role and the information involved.

Important distinction

• Student record requests are often routed through the institution that controls the data
• Billing, support, and commercial records may be subject to separate legal retention requirements

Contact privacy@classroompulse.io if you need help identifying the correct request path.