School District Privacy & DPA Packet
This page is organized for school and district reviewers who need a clear summary of ClassMate's student-data practices, district contracting readiness, incident-response posture, and review contacts before approving student access.
Last updated: April 15, 2026
Privacy materials, student-data summary, subprocessor list, and district contact details are published in one place.
ClassMate can review a district Data Privacy Agreement, including TXSPA or NDPA-style forms, through the vendor contact listed below.
District requests can include written incident-response and breach-notification terms as part of the contracting process.
School deployments can disable community, chat, and creator-facing social surfaces through a stricter district-safe configuration.
District reviewers can start with the privacy policy, DPA summary, subprocessor list, and district contact path from this packet.
If students will access ClassMate using school-managed Google Workspace accounts such as FISD Google accounts, rollout should happen only after the district's approval process, privacy review, and DPA process are complete.
1. Who this packet is for
This packet is intended for district technology teams, campus technology specialists, privacy reviewers, purchasing teams, and legal reviewers evaluating whether ClassMate is appropriate for student use with school-managed accounts.
2. District approval expectations
ClassMate is not represented on this page as already approved by any individual district. Districts should complete their own review before directing students to use the service with district credentials or classroom workflows.
For district-managed student access, ClassMate expects the review to include at minimum:
- District approval that the product is aligned and appropriate for student use.
- District review of the privacy policy, subprocessor list, and student-data handling summary.
- Execution of a district Data Privacy Agreement if required by district policy.
If a district review standard requires that student-facing deployments not expose chat or social-community features, ClassMate's district-safe configuration can be used to disable those surfaces for the district build.
3. Privacy program summary
ClassMate is an academic productivity platform with optional collaboration and integration features. Based on the current codebase, core account and study data are stored using Supabase, hosted through Vercel, and may be shared with optional processors only when required to provide a requested feature.
Privacy practices are described in the main Privacy Policy. This district packet is meant to make those practices easier for school reviewers to evaluate and to support district contracting.
4. Student data categories
The current app stores or processes data in categories such as:
- Account information such as name, email, account ID, and authentication metadata.
- Profile information such as username, avatar, school, grade, classes, and optional biography details.
- Student-created content such as notes, assignments, calendars, tasks, schedules, projects, and uploaded files or images.
- Community content such as posts, comments, direct messages, and study-group content where those features are enabled.
- Optional connected-service data from Google, Canvas, or other integrations only when the user chooses to connect them.
- Billing metadata for paid web subscriptions, such as plan and Stripe customer identifiers.
- Operational logs and limited performance metrics needed to run, secure, and troubleshoot the service.
5. Service providers and subprocessors
A current service-provider and subprocessor summary is published at /subprocessors.html.
Based on the current production code, primary providers include Supabase, Vercel, Stripe, Google APIs, and selected optional communication or integration services used only when a related feature is activated.
6. Data Privacy Agreement readiness
District reviewers can request a DPA review by emailing hello@classmate.plus. Include the district name, legal contact, procurement contact, and requested form.
ClassMate can review and respond to district data-privacy agreements, including agreements modeled on the Texas Student Privacy Alliance or the Student Data Privacy Consortium's National Data Privacy Agreement process.
A public DPA readiness summary is also available at /dpa.html to make the legal review path easier to follow.
Final obligations will be governed by the signed agreement, not by this webpage alone. District legal review and vendor legal review are still required before rollout.
7. Security and incident response
District privacy reviews often require a written description of incident response, subprocessor handling, and breach notification. ClassMate can provide that information as part of district review and contracting.
- Student data is intended to be used to provide the service and related support, security, and operations.
- Operational access should be limited to personnel or service providers with a business need to support the service.
- District contracting can include written breach-notification timing and cooperation terms.
- District requests for incident-response materials should be sent to the district-review contact below.
8. Parent, student, and deletion requests
The current product includes account deletion tools and user controls for profile edits and integration disconnects. When ClassMate is deployed through a district workflow, requests tied to student records may also need to flow through the district in accordance with applicable law and the signed DPA.
9. Review links
10. Contact for district review
District privacy, legal, and contracting requests can be sent to hello@classmate.plus.
To help the review move faster, include the district name, the requested privacy agreement form, the intended student grade levels, whether district Google accounts will be used, and any requested security or incident-response questionnaires.