Jump to a section
Related resources
How personal data is handled across the product, site, and billing workflows.
Operational security controls, incident handling, and vulnerability reporting.
Printable trust packet and buyer-facing downloads for procurement review.
How Classroom Pulse supports school-directed FERPA workflows.
District and state-specific addendum workflow support.
Primary vendors used for hosting, billing, and transactional email delivery.
Commercial terms that govern subscriptions and institution access.
1. Scope and order of precedence
This agreement covers Classroom Pulse when it handles customer-directed personal data as a processor or service provider.
This Data Processing Agreement applies when Classroom Pulse processes personal data on behalf of a customer in connection with the services. It forms part of the applicable Terms of Service, order form, or other written service agreement between Classroom Pulse and the customer.
- The customer remains responsible for determining whether use of the service is permitted under applicable law and local policy.
- If a separate signed agreement or state-specific addendum conflicts with this DPA, the signed agreement controls for that customer.
- This DPA is intended to support school, district, and procurement reviews and is not legal advice to the customer.
2. Roles, subject matter, and duration
The customer is the controller, business, school, district, or other organization that determines the purposes and means of the customer data submitted to Classroom Pulse. Classroom Pulse acts as the processor or service provider for that customer data when providing the services.
- Subject matter: behavior tracking, reporting, communication, support, and related platform operations.
- Duration: the term of the service relationship plus any limited retention period required for backup cycling, compliance, or dispute resolution.
- Data subjects: students, parents or guardians, teachers, specialists, administrators, and other authorized personnel.
| Category | Examples | Purpose |
|---|---|---|
| Customer administrators and staff | Names, work email addresses, school affiliation, user role, audit logs, support history | Account management, permissions, support, and workspace administration |
| Students | Names or identifiers selected by the customer, observations, plans, progress notes, reports | Behavior tracking, educational reporting, and intervention workflows |
| Parents and guardians | Names, contact details, and communication delivery details entered by the customer | Parent communication and report delivery initiated by the customer |
| Commercial and operational contacts | Billing contacts, invoice recipients, and procurement stakeholders | Subscription administration, invoicing, and contract operations |
3. Customer instructions and responsibilities
Classroom Pulse will process customer personal data only on documented instructions from the customer, as reflected in the service configuration, support requests, applicable agreement, and this DPA.
- The customer is responsible for its legal basis, notices, authorizations, and institutional approvals.
- The customer controls what data is entered, who has access, and when parent communications are initiated.
- The customer remains responsible for reviewing educational records, AI-assisted outputs, and any downstream use of exports or reports.
- The customer must not instruct Classroom Pulse to process data in violation of applicable law.
4. Classroom Pulse obligations
- Process customer personal data only to provide, secure, support, and improve the services as authorized by the customer agreement.
- Ensure personnel with access to customer data are subject to confidentiality obligations.
- Implement and maintain reasonable technical and organizational measures appropriate to the risk.
- Not sell customer personal data or use student data for targeted advertising.
- Flow down data protection obligations to authorized subprocessors.
- Notify the customer if we believe an instruction violates applicable law, unless prohibited from doing so.
5. Security measures
Classroom Pulse maintains safeguards designed to protect confidentiality, integrity, and availability.
Technical controls
- Encryption in transit and at rest where supported by the platform architecture
- Authentication controls and role-based permissions
- Logging, monitoring, patching, and backup procedures
Organizational controls
- Least-privilege access principles
- Incident response procedures and internal escalation paths
- Vendor management and confidentiality requirements
6. Subprocessors and commercial data distinctions
Classroom Pulse may engage subprocessors to deliver the service. We require those subprocessors to protect customer data in a manner consistent with applicable obligations.
| Subprocessor | Purpose | Location |
|---|---|---|
| Google Cloud / Firebase | Application hosting, authentication, database storage, and backups | United States |
| Stripe | Subscription billing, transaction handling, and fraud controls | United States |
| Resend or comparable email infrastructure | Transactional email delivery requested by the customer or required to operate the service | United States |
- We will provide notice of material changes to subprocessors through an updated policy, written notice, or contract workflow where appropriate.
- Billing, invoicing, tax, support, anti-fraud, and website administration data may be processed by Classroom Pulse as an independent business or controller rather than under this DPA.
- State-specific student privacy addenda may supplement or narrow the subprocessor and notice terms for a particular customer.
7. Assistance, incidents, and audit support
- Classroom Pulse will provide reasonable assistance to help the customer respond to lawful requests about customer personal data, taking into account the nature of processing.
- Where a personal data incident affecting customer data is confirmed, Classroom Pulse will notify the customer without undue delay and provide information reasonably available to support response efforts.
- Customers are responsible for communications to families, regulators, or employees unless the law or contract requires otherwise.
- Upon reasonable written request, Classroom Pulse will provide information reasonably necessary to demonstrate compliance with this DPA, subject to confidentiality, security, and proportionality limits.
8. International transfers, state addenda, and deletion
- Classroom Pulse primarily operates in the United States, and customer data may be processed in the United States or other locations where authorized providers operate.
- Where required, the parties will cooperate on reasonable contractual transfer safeguards.
- For customers subject to state student privacy laws, a state-specific addendum or purchase agreement may supplement these terms.
- Upon termination or written request consistent with the applicable agreement, Classroom Pulse will provide a reasonable opportunity to export customer data and then delete or de-identify it, unless retention is required by law or necessary for security, billing, or dispute resolution.
9. Signature, questions, and enterprise workflow
For self-serve use, this DPA is incorporated by reference into the applicable service agreement. Enterprise, school, and district customers who need a signed copy, procurement packet, or state-specific addendum should contact Classroom Pulse.
- Privacy and contract review: privacy@classroompulse.io
- Legal and signature requests: legal@classroompulse.io
- Security questionnaire support: security@classroompulse.io
Questions or documentation requests
Use these contacts for signed agreements, security questionnaires, vendor review packets, or state-specific addenda.
Procurement intake
Open procurement review intakePrivacy
privacy@classroompulse.ioSecurity
security@classroompulse.io