Legal

Privacy Policy

Last updated:

This policy explains what personal data Classentra collects, how we use it, who we share it with, and the rights you have over your data. It applies to teachers, students, and visitors to classentra.com.

Introduction

Classentra is an independent live-course operating system built for teachers who run their own classes. This Privacy Policy covers the Classentra service at classentra.com and all related dashboards, APIs, and emails we operate.

Classentra is operated by Les Entreprises Urbaino, a sole proprietorship based in Quebec, Canada. It is subject to Canadian federal privacy law (PIPEDA) and Quebec's Act Respecting the Protection of Personal Information in the Private Sector (commonly referred to as Law 25).

It applies to everyone who interacts with Classentra: teachers who create accounts to run courses, students who enrol in those courses, and visitors who browse the marketing site.

For any privacy questions, email privacy@classentra.com. We aim to respond within 30 days.

Data We Collect

From account creation and sign-in

  • Email address
  • First name, last name, and optional title (teachers)
  • Role (teacher or student)
  • Password hash — we never store plain-text passwords
  • OAuth identifiers when you sign up via GitHub or Google (user id, email, display name, avatar URL)
  • Email verification status
  • Session tokens, stored server-side and expired automatically

From product usage

  • Courses you own or are enrolled in, including title, description, dates, and visibility
  • Course items: announcements, materials, assignments, submissions, notes, sessions, files, and links
  • Messages, reactions, and read receipts in course and direct message channels
  • Personal and course-derived calendar events
  • Notifications
  • Attendance records
  • Grades and feedback on submissions
  • Files you upload, stored in Cloudflare R2

From billing (teachers only)

  • Stripe customer id
  • Plan, billing interval, billing currency, subscription status, and current period end
  • Pending plan change information
  • Invoices and payment method metadata such as card brand, last 4 digits, and expiry — full card details are stored by Stripe, never by Classentra

From AI features

  • AI requests initiated by teachers or students, including the course context grounded into each request
  • Usage counters such as AI units per month

From live sessions

  • Native live class participation (participant-minutes and recording metadata when applicable) via Daily
  • External meeting URLs you paste in (Zoom, Meet, Teams)

Automatically collected

  • Performance telemetry via Vercel Speed Insights — Core Web Vitals, cookieless
  • Page view analytics via Vercel Web Analytics — cookieless, with country-level geolocation derived from IP
  • Rate-limit tracking (IP address and request counts), purged automatically when the window expires
  • Standard server logs (request path, timestamp, user agent) retained for security and debugging

What we do not collect

  • We do not collect precise location
  • We do not fingerprint devices
  • We do not use marketing or advertising cookies
  • We do not sell personal data

How We Use Data

  • Deliver the core service: account management, course workflows, messaging, assignments, grades, and live sessions
  • Personalize the teacher and student dashboards
  • Send transactional email such as verification, password reset, billing receipts, and notifications
  • Process payments via Stripe (teachers only)
  • Generate AI suggestions grounded in your course content, teacher-controlled and opt-in per action
  • Prevent abuse and secure the platform through rate limiting, disposable-email blocking, and session management
  • Monitor performance and stability via Vercel telemetry
  • Comply with legal obligations

Legal Basis (GDPR / UK GDPR)

If you are in the EU, UK, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following bases:

  • Contract — to provide the service you signed up for
  • Legitimate interests — for security, fraud prevention, service improvement, and analytics
  • Consent — for optional AI features and optional email notifications where consent is the applicable basis
  • Legal obligation — for tax records and responding to lawful requests

Who We Share Data With

Classentra uses the following subprocessors. Data is shared with them only as needed to provide the service.

  • Vercel — application hosting, Speed Insights, and Web Analytics (US / global)
  • Neon — PostgreSQL database hosting (US)
  • Cloudflare R2 — file storage for materials, submissions, and assets (global)
  • Stripe — payment processing, invoicing, and billing management (US / global)
  • OpenAI — AI generation, teacher-routed and course-grounded (US)
  • Daily — native live class video infrastructure (US / global)
  • Resend, Postmark, or SES — transactional email delivery (US / EU)
  • GitHub — OAuth sign-in, only if you choose to sign up with GitHub (US)
  • Google — OAuth sign-in, only if you choose to sign up with Google (US)

We do not share personal data with advertisers, data brokers, or any third party not listed above.

International Data Transfers

Most of our subprocessors are based in the United States. For users in the EU, UK, or Canada, these transfers are covered by the providers' own Standard Contractual Clauses and compliance frameworks. By using Classentra you acknowledge that your data may be processed in jurisdictions outside your own.

Data Retention

  • Account data — retained while your account is active. Deleted within 30 days of an account deletion request, except where we are legally required to keep financial records.
  • Course content — retained while the owning teacher's account is active. Deleting a course permanently removes its items, materials, and messages.
  • Messages — retained while the course or conversation exists. Deleted when the course or a participant is fully removed.
  • Billing records — retained as long as required by tax law (typically seven years).
  • Rate-limit logs — purged automatically after the window expires.
  • Telemetry and analytics — subject to Vercel's default retention windows.

Your Rights

Depending on your jurisdiction you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (the right to be forgotten)
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent for consent-based processing
  • Lodge a complaint with your local data protection authority

To export your data in a portable format, sign in and use the "Download my data" button in Settings — we email you a signed download link within a few minutes. To delete your account and associated data, use the "Delete Account" button in Settings. To exercise any other right, email privacy@classentra.com. We will respond within 30 days.

Security

  • Passwords are hashed and never stored in plain text
  • Sessions are stored server-side with automatic expiry
  • Disposable email addresses are blocked at sign-up
  • Rate limiting protects against brute force and abuse
  • All traffic to classentra.com is served over HTTPS
  • Card data never touches Classentra servers — Stripe Elements handles card entry directly (PCI SAQ-A)

Children

Classentra is not directed at children under 13 (or 16 in the EEA). Teachers who use Classentra with minors are responsible for obtaining parental or guardian consent and for ensuring compliance with local child-protection law, including COPPA in the United States.

Changes to This Policy

We will post updates to this policy on this page and bump the "Last updated" date at the top. Material changes will be communicated via email or an in-product notification before they take effect.

Contact

For privacy questions, data requests, or concerns about how Classentra handles your information, email privacy@classentra.com.