C
classific.ai
EN FR ES
Iniciar sesión Registrarse

Classific — Privacy Policy

Effective date: 12-01-2025

Plain-language summary (non‑legal): Classific helps educators run and grade assessments, including AI‑assisted feedback. We only use student and educator data to provide the service, keep it secure, meet legal obligations, and (optionally) create fully de‑identified templates that reflect real‑world cases. We never sell personal data. Institutions control their data and can opt out of de‑identified use at any time. AI evaluations run in Classific’s AWS environment (including AWS Bedrock where applicable), and student data is not used to train third-party AI models.

1) Who we are

Company: Classific ("Classific", "we", "us", or "our")

Contact: contact@classific.ai

2) Scope

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use Classific (the "Service"), including educator dashboards, live monitoring, student testing interfaces, and AI‑assisted evaluation features.

3) Key definitions

  • Institution: A school, district, university, training provider, or company that administers assessments via the Service.

  • Educator: Instructor, proctor, or administrator acting on behalf of an Institution.

  • Student: An individual taking assessments through the Service.

  • Personal Data: Any information relating to an identified or identifiable person.

  • De‑identified / Aggregated Data: Data processed to remove personal identifiers so individuals cannot reasonably be re‑identified.

4) Our roles under privacy laws

Our role depends on context:

  • Processor/Service Provider (GDPR/CPRA): For most Student data processed on behalf of an Institution, we act under the Institution’s instructions (e.g., assessment responses, proctoring logs, grading outputs).

  • Controller/Business: For our own account, billing, support, security logs, product analytics, and website operations.

We will enter into a Data Processing Addendum (DPA) with Institutions upon request. For U.S. K‑12/Higher Ed, we act as a “school official” with a legitimate educational interest under FERPA.

5) Information we collect

Provided by Institutions/Educators:

  • Rosters and metadata (name, email or student ID, class, cohort).

  • Assessment configurations (instructions, rubrics, rubric weights, timing/proctoring settings).

Generated during use:

  • Student responses, submissions, attachments, and edits.

  • Live monitoring telemetry visible to Educators (e.g., keystroke streams or typed content during a session, timestamps, events like tab focus changes—exact features depend on Institution settings).

  • AI evaluation outputs, suggestions, and rubric scores.

  • Event logs for security and integrity (login events, IP/city‑level geolocation, device/browser data).

Support & communications:

  • Messages, tickets, and call notes, including contact details and content of your communications.

Website & analytics:

  • Cookies or similar technologies for authentication, preferences, and usage analytics. See Cookies below.

We do not intentionally collect sensitive biometric identifiers; we do not record audio/video unless your Institution enables proctoring tools that involve recordings (if offered), which will be clearly disclosed before use.

6) How we use information

  • Provide and secure the Service: account setup, authentication, live monitoring, grading, reporting, certificates, fraud/abuse detection, incident response.

  • AI‑assisted evaluation: generate feedback/scores aligned with Institution rubrics; surface anomalies to proctors.

  • Product improvement and analytics: feature performance, reliability, and usability—using de‑identified or aggregate data whenever possible. User data in the system may be used to improve the quality of our products and services.

  • Compliance: FERPA, COPPA (for under‑13 with verified consent), GDPR/CPRA, tax, audit, law enforcement requests (where legally required).

  • Communications: service notices, updates, and support.

We do not sell personal data and do not use Student Personal Data for targeted advertising.

7) De‑identified data & real‑world templates

We may create templates or exemplars of cases/questions/answers, derived from de‑identified Student or Educator data.

  • De‑identification removes direct and indirect identifiers reasonably likely to identify a person or Institution.

  • Templates are used to improve usability and showcase realistic scenarios without revealing personal data.

  • Institutions can opt out at any time by contacting us at contact@classific.ai. Opt‑out does not affect legally required processing or security logging.

  • We will not attempt to re‑identify de‑identified data and will contractually require the same from our subprocessors.

8) Legal bases (GDPR/UK GDPR)

  • Contract (Article 6(1)(b)) — providing the Service to an Institution or user.

  • Legitimate interests (6(1)(f)) — product security, fraud prevention, de‑identified analytics and service improvement.

  • Consent (6(1)(a)) — where required (e.g., cookies beyond strictly necessary, certain research, or if an Institution requests parental/guardian consent for minors).

  • Legal obligation (6(1)(c)) — compliance with applicable laws.

9) Sharing & subprocessors

We share information only as described here:

  • Hosting & infrastructure: We operate the Service within Classific-managed Amazon Web Services (AWS) accounts. AWS acts as our subprocessor for compute, storage, databases, networking, and AI execution services (including AWS Bedrock where applicable). Regions: us-west-2.

  • AI processing: Customer Content is processed under Classific’s control within our AWS environment. Customer Content is not used to train third-party foundation models and is not made available for reuse by AWS or other vendors.

  • Institution‑designated platforms (when configured): e.g., LMS or SSO providers selected by the Institution.

  • Legal/Compliance: to comply with law, enforce agreements, or protect rights, safety, or service integrity.

  • Business transfers: in mergers, acquisitions, or asset sales, consistent with this Policy and applicable law.

We do not share user data with other third parties beyond the limited exceptions described above. We do not sell Personal Data and do not share Student Personal Data for targeted advertising

10) AI processing on Classific infrastructure

AI evaluations are executed on infrastructure managed by Classific on AWS. Classific may use AWS-provided AI services (such as AWS Bedrock) under its account to perform these evaluations. We apply data‑minimization, isolation of customer data, encryption in transit, and no third‑party model training on Customer Content. We may use de‑identified or aggregate data to improve model quality, safety, and reliability.

11) Proctoring & live monitoring

Institutions may enable features that allow Educators to view what Students type in real time and see session events (e.g., tab activity). We will clearly indicate when a session is monitored. Institutions are responsible for providing lawful notice to Students and, where required, obtaining consent or ensuring a valid legal basis.

12) Students and children’s privacy (FERPA/COPPA)

  • For U.S. educational records, we act as a school official under FERPA and only disclose Student Personal Data as permitted by the Institution or law.

  • For children under 13 using the Service, we require verifiable parental consent or consent from an authorized school representative under COPPA.

13) International data transfers

Where we transfer Personal Data internationally, we rely on appropriate safeguards (e.g., SCCs, UK IDTA), and implement supplementary measures where required.

14) Security

We employ administrative, technical, and physical safeguards, including role‑based access controls, encryption in transit and at rest (where supported by our infrastructure), least‑privilege access, audit logging, and vulnerability management. No system is 100% secure; we encourage responsible disclosure of vulnerabilities to contact@classific.ai.

15) Retention and deletion

We retain Personal Data for as long as necessary to provide the Service and meet legal obligations. Institutions may configure retention periods. Upon contract termination or at the Institution’s request, we will delete or return Customer Content within a reasonable period unless law requires retention. Backups are purged on a rolling schedule.

16) Your rights

Depending on your location, you may have rights to access, correct, delete, or port your Personal Data, and to object or restrict certain processing.

  • EU/UK: GDPR rights including the right to lodge a complaint with a supervisory authority.

  • California: CPRA rights including the right to know, delete, correct, and opt out of certain sharing.

Requests should be sent to contact@classific.ai. If you are a Student, please contact your Institution first; we support the Institution in responding.

17) Cookies & similar technologies

We use: (i) strictly necessary cookies (auth, security), (ii) functional cookies (preferences), and (iii) analytics/performance cookies. Analytics cookies are only set if you opt in through the cookie banner, and you can configure or withdraw consent at any time via the banner or by clearing cookies. We use Google Analytics to understand site usage and performance; where permitted, we send a non‑PII user identifier that is HMAC‑hashed before transmission. For EU/UK visitors, analytics cookies are opt‑in. For US/California visitors, you can opt out of analytics at any time through cookie settings. A detailed Cookie Policy is available at /cookie‑policy.

18) Third‑party links

The Service may link to third‑party sites; we are not responsible for their privacy practices.

19) Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new Effective date and, where required, provide advance notice.

20) Contact

Questions or requests: contact@classific.ai

Disclaimer: This Policy is a general form and not legal advice. Please have counsel review for your jurisdictions, audiences, and use cases before publication.

Política de Privacidad Términos del servicio