Security & Data Privacy
EazyClassroom takes security and data privacy seriously. This page explains how we protect your information, secure recordings, and comply with global privacy standards.
1. Data Protection Overview
| Aspect | Our Approach |
|---|---|
| Data encryption | TLS 1.2+ for all data in transit. At rest, recordings are encrypted on storage. |
| Access control | Role‑based permissions (admin, teacher, parent). API keys with scoped access. |
| Authentication | Password hashing (bcrypt), optional two‑factor (coming soon). |
| Recording security | Automatic, unstoppable recordings with strict access controls. |
| Compliance | GDPR‑ready, CCPA‑ready (tools for data deletion/export available to admins). |
2. Data We Collect
EazyClassroom collects only the information necessary to provide the service:
| Data Type | Examples | Purpose |
|---|---|---|
| Account information | Name, email, username, password hash | User authentication and communication |
| School / institution data | School name, logo, website, timezone | White‑label branding and localization |
| Educational data | Grades, sections, teacher‑student assignments | Organising classes and generating reports |
| Classroom activity | Recordings, chat messages, join/leave times, screen shares | Lesson delivery, review, and analytics |
| AI processing data | Audio transcripts, slide text, screen share content (for Eazy AI) | Generating summaries, scores, and Q&A |
We do not sell your personal data to third parties.
3. Recording Security
All session recordings are:
- Automatically started – No teacher or student can stop or pause them.
- Encrypted at rest – Stored on secure servers with AES‑256 encryption.
- Access‑controlled – Only the admin, the teacher who conducted the class, and parents of participating students can view them.
- Retained according to plan – Automatically deleted after 3 days (free) or 6 months (paid).
Who Can Access a Recording?
| User Role | Access Scope |
|---|---|
| Admin | All recordings from their school |
| Teacher | Only recordings of classes they taught |
| Parent | Only recordings of classes their child attended |
| Student | No direct login; parent shares access |
| API client | Only recordings of rooms they created |
4. AI & Data Processing (Eazy AI)
When you enable the Eazy AI add‑on:
- Audio is transcribed and sent to Gemini API (Google) for processing.
- Slide text and screen share content may also be sent (configurable).
- No personally identifiable information (PII) is deliberately sent – only lesson content.
- Transcriptions and analysis results are stored in your EazyClassroom database.
- You own the AI outputs; we do not reuse them for model training.
For more information, refer to Google’s Gemini API data policy.
5. Data Retention & Deletion
| Data Type | Retention Period | Deletion Method |
|---|---|---|
| Account data | Until account deletion | Admin or user can delete account |
| Recordings | 3 days (free) / 6 months (paid) | Automatic daily cron job |
| Class events | Indefinite (for analytics) | Manual deletion via admin |
| AI results | Same as recording | Deleted when recording is deleted |
| API logs | 90 days | Automatic rotation |
How to Delete Your Account
- Admin: Go to Settings → Account → Delete Account. This removes all associated data (teachers, parents, students, recordings, rooms). Irreversible.
- Teacher/Parent: Contact your school admin. Self‑deletion is not available for sub‑accounts.
Data export: Admins can request a JSON export of all school data by contacting support.
6. GDPR Compliance
For users in the European Union, EazyClassroom provides:
- Right to access – Download all your personal data.
- Right to rectification – Update profile information via dashboard.
- Right to erasure – Delete account and associated data.
- Right to restrict processing – Not applicable (service requires data to function).
- Data portability – Export available on request.
Data Processing Agreement (DPA): Available upon request for enterprise customers.
7. CCPA Compliance (California)
California residents have the right to:
- Know what personal information is collected.
- Request deletion of personal information.
- Opt out of “sale” of personal information (we do not sell data).
- Non‑discrimination for exercising rights.
To exercise CCPA rights, contact privacy@eazyclassroom.net.
8. Security Best Practices for Users
For Admins
- Use a strong, unique password (at least 12 characters, mix of letters, numbers, symbols).
- Enable email verification for all new users.
- Regularly review teacher and parent accounts – suspend unused ones.
- Do not share your admin API key publicly. Regenerate it if compromised.
- Restrict API client IPs to your own servers (if possible).
For Teachers
- Never share your moderator password with students.
- Do not leave sessions unattended – end the class when finished.
- Report any suspicious activity to your admin.
For Parents
- Keep your login credentials private.
- Monitor your child’s activity (EazyClassroom provides logs).
- If you suspect unauthorised access, change your password immediately.
9. Infrastructure Security
- Hosting: Secure cloud provider with ISO 27001 certification.
- Network: Firewalls, DDoS protection, regular vulnerability scans.
- Backups: Daily encrypted backups stored offsite (retained for 30 days).
- Access logs: All admin actions and API calls are logged.
10. Reporting Security Issues
If you discover a security vulnerability in EazyClassroom:
- Do not disclose it publicly.
- Email
security@eazyclassroom.netwith details. - Allow us up to 72 hours to respond and 30 days to fix (depending on severity).
We have a responsible disclosure policy and will acknowledge your contribution.
11. Third‑Party Services
EazyClassroom uses the following third‑party services:
| Service | Purpose | Data Shared |
|---|---|---|
| Google Gemini API | AI processing (Eazy AI) | Audio transcripts, slide text (no PII) |
| PayPro Global | Payment processing | Billing information (name, email, card details – PCI compliant) |
| Firebase Cloud Messaging | Push notifications | Device tokens (no personal data) |
| BigBlueButton | Virtual classroom engine | Meeting metadata, recordings (self‑hosted, not shared) |
All third‑party services are GDPR‑compliant and have Data Processing Agreements in place.
12. Frequently Asked Questions (Security)
Are recordings stored on my own server?
No, recordings are stored on EazyClassroom’s secure cloud servers. Enterprise customers can request on‑premise deployment (contact sales).
Can students download recordings?
No. Only playback via the provided URL is possible. Download links are not exposed.
Does Eazy AI store my students’ voices?
Voice data is transcribed and sent to Gemini API for processing. Google’s retention policy applies; we do not store raw audio after transcription.
What happens if a teacher accidentally shares the moderator link?
The moderator link includes a password (?password=mp). If compromised, you can change the room’s moderator password from the dashboard (edit room → new password). The old password immediately stops working.
Can I get an audit log of who accessed recordings?
Currently, access logs are not exposed to users. Contact support for compliance audits.
Is EazyClassroom HIPAA compliant?
No. EazyClassroom is not designed for medical or health‑related data. Do not upload protected health information (PHI).
13. Compliance Certifications
EazyClassroom is actively working towards:
- SOC 2 Type II (expected Q4 2026)
- ISO 27001 (expected Q1 2027)
Current compliance: GDPR, CCPA, COPPA (Children’s Online Privacy Protection Act – parental consent required for students under 13).
14. Contact for Privacy Questions
- Data Protection Officer: dpo@eazyclassroom.net
- Privacy requests: privacy@eazyclassroom.net
- Security issues: security@eazyclassroom.net
Last updated: June 2026. This policy is reviewed quarterly.