Introduction

Welcome to Classteam! We are committed to protecting the privacy and security of our users. This Privacy Policy outlines how we collect, use, store, and protect personal data in compliance with the General Data Protection Regulation (GDPR).

Who We Are

Classteam is an educational platform provided by Cta Classteam Private Limited, acting as a Data Processor for K-12 schools, higher education institutions, and companies (collectively referred to as 'Organizations'), which act as Data Controllers. Our platform enables Organizations to manage student and teacher interactions.

What Data We Collect

• Basic User Data: First Name, Last Name, Email Address, Phone Number (optional).
• Authentication Data: Passwords (encrypted), Device ID.
• Educational Data: Courses, Attendance, Grades (future implementation).
• User Activity Data: Comments, Posts, and Interaction Logs.
• Tracking Data: Google Analytics and Firebase event tracking.
• AI Interaction Data: Questions asked to AI agents, AI-generated responses, classroom context, and interaction timestamps.

How We Collect Your Data

• Organizations add students and teachers to the system.
• Users log in using credentials sent to their registered email.
• Platform usage is tracked through Google Analytics and Firebase.
• AI data is collected when users interact with AI agents through chat or scheduled tasks.

Why We Process Your Data (Legal Basis)

• Contractual Necessity: To provide learning services to Organizations.
• Legitimate Interest: To improve our platform and enhance user experience.

User Rights & GDPR Compliance

As per GDPR, users have the following rights regarding their personal data:

• Right to Access: Request a copy of personal data stored by Classteam.
• Right to Rectification: Correct inaccurate or incomplete information.
• Right to Erasure: Request data deletion (subject to the policies of the Organization managing the account).
• Right to Data Portability: Download a copy of personal data.
• Right to Restrict Processing: Limit how personal data is used.

Since Organizations act as Data Controllers, Classteam operates as a Data Processor. This means:

• When a user requests account deletion or data access, Classteam forwards the request to the respective Organization managing the user’s account.
• The final decision on access, correction, or deletion of data is made by the Organization.
• Classteam ensures all requests are securely processed and communicated to the appropriate Organization.

How to Submit a GDPR Request

Users can submit requests for:

• Access to Personal Data
• Correction of Personal Data
• Deletion of Personal Data
• Restricting Processing of Personal Data

To submit a request:

• Complete our Privacy Request Form Click here
• Or email us at [email protected]

Processing Time:
Classteam will acknowledge your request within 5 working days.
The final response time will be determined by the Organization managing your account, in compliance with GDPR regulations (typically within 30 days).

How We Handle Data Breaches

Classteam follows strict security protocols to detect, respond to, and mitigate data breaches. In the event of a security incident:

• Our IT security team will immediately investigate and contain the breach.
• Affected systems will be secured, and unauthorized access will be revoked.
• If required, we will notify the relevant GDPR Data Protection Authority (DPA) within 72 hours.
• Users will be informed if their personal data has been affected and will be provided with recommendations on how to protect their information.
• Additional security measures will be implemented to prevent future breaches.

If you suspect a security issue related to your account, please contact [email protected] immediately.

Data Security Measures

• Passwords are encrypted using bcrypt.
• Data encryption in transit (TLS) and at rest (AWS encryption).
• AI interaction logs and chat data are securely stored and access-controlled.
• Access control mechanisms ensure only authorized users can access sensitive data.

Data Retention Policy

• User data is managed by Organizations, and they determine retention periods.
• AI interaction logs may be retained to improve system performance unless requested otherwise.
• Inactive accounts are not automatically deleted unless requested by the Organization.

Third-Party Services

Classteam uses:

• AWS (Amazon Web Services) for hosting.
• Google Analytics & Firebase for tracking platform usage.
• OpenAI – for AI-generated language responses.
• Google Gemini – for advanced AI and multimodal assistance.

These third parties are GDPR-compliant, and we have signed Data Processing Agreements (DPA) with them.

Use of AI and Intelligent Agents

Classteam uses AI Agents to:

• Automate content generation and scheduling.
• Assist users with queries in real-time.
• Generate classroom reports, summaries, and posts.

AI interactions:

• Are tied to your user ID for accountability.
• May be stored and reviewed for improving service quality.
• Are not used for external AI model training.

Note: AI-generated content may contain inaccuracies. Users should verify before using.

Contact & Data Protection Officer (DPO)

For any GDPR-related queries or privacy requests, please contact us through one of the following methods:

Submit a Privacy Request:

• Privacy Request Form

Email

• General Privacy Inquiries: [email protected]
• Data Protection Officer: [email protected]

Updates to This Policy

We may update this policy periodically. Users will be notified of significant changes through in-app or email communication.