Classroom Token Hub Data Handling and Privacy Policy
Last Updated: December 12, 2025
Purpose
This document explains the type of data you will provide in order to use this application, ways we handle and process the data you have provided, and steps we have taken to protect your data and privacy. The information contained in this document represents the most up-to-date version of this application and supercedes all previous versions unless otherwise noted.
If you are a student, your teacher has chosen this application on behalf of your class to facilitate classroom activities. If you and/or your families have any questions or concerns, please talk to your teacher.
What you must provide to use this application
If you are a teacher user
- Date of Birth: Used for identity verification in account recovery.
- Personalized Display Name: For friendly identification in the user interface.
- Class Block: To group students by class period and apply block-specific configurations.
- Class Identifier: Friendly name for the class you are managing.
If you are a student user
Your teacher has provided these information on your behalf to create your account:
- Date of Birth: Used for identity verification in account recovery.
- First Name: For account claim and friendly greetings
- Last Name: For account claim and recovery
- Class Block: To place you in the correct class
- Class Identifier: A easy to understand name for your class
In addition, you will need to provide
- Theme Word: A unique word that you associate with yourself; used to generate your login username.
- PIN: A four- to six-digit code for logging into your account.
- Passphrase: A secret phrase used for multi-factor authentication and high-stakes actions.
How We Use Your Data
- Support the simulation of real-world banking, employment, and budgeting to teach financial literacy.
- Track attendance, transactions, and account balances to power classroom activities.
- Generate reports to help teachers monitor student progress and improve educational outcomes.
- Authenticate users and protect accounts from unauthorized access.
Educational Activity Data
These data are generated, collected, and stored to facilitate the functioning of the classroom economy simulation and contains no personally identifiable information.
- Attendance Records: Tap-in/out timestamps and calculated active/inactive minutes; necessary to compute base pay and track participation.
- Account Balances: Checking and savings balances, updated dynamically from transaction history.
- Transaction History: Detailed records of bonuses, payroll, rent, property tax, insurance premiums, non-sufficient funds fees, and store purchases; required to maintain accurate account states and enforce rules.
- Monthly Billing Settings: Configured recurring charges (rent, taxes, insurance) for each student; used to automate billing processes.
Data Minimization & Retention
We collect only the data necessary to support classroom activities and educational objectives. All personally identifiable information (PII) is either hashed or stored minimalistically. Data is retained only for as long as required by educational standards and district policies, then securely deleted.
Security Measures
- Encryption at Rest: All sensitive data is encrypted at rest to protect it from unauthorized access.
- State-of-the-Art Hashing: We use industry-leading algorithms to protect your credentials. Passwords and PINs are hashed using Argon2, a key derivation function that is highly resistant to brute-force and rainbow table attacks. Other sensitive identifiers are hashed using HMAC-SHA256 with a per-record salt and a global pepper, ensuring that each hash is unique and secure.
- Encrypted Transit: All data transmitted between your device and our servers is protected using HTTPS/TLS, preventing eavesdropping or tampering.
- Secure Session Management: The application enforces idle timeouts and avoids persistent cookies to minimize the risk of unauthorized access from unattended devices.
- Irreversible Hashes: All hashing is one-way, meaning that original values cannot be recovered from the stored hashes by anyone, including administrators. Any lost username, PIN, passphrases, and TOTP are not recoverable.
- Limited System Administrator Scope: System Administrators do not have access to any information about students except teacher username, class section labels, and total number of students enrolled.
Error Logging & Monitoring
To maintain system reliability and quickly resolve technical issues, our application automatically logs errors and technical failures. This logging helps us identify and fix problems to ensure a smooth experience for all users.
What We Log
- Error Type: The classification of the error (e.g., 404 Not Found, 500 Internal Server Error).
- Timestamp: When the error occurred.
- Request Details: The URL path and HTTP method that triggered the error.
- Technical Context: IP address, user agent (browser information), stack trace, and the last 50 lines of application logs.
Access & Retention
- Error logs are accessible only to system administrators for debugging and system improvement purposes.
- Error logs do not contain student PII such as names, balances, or transaction details—only technical diagnostic information.
- Logs are retained for a reasonable period to support troubleshooting and are periodically purged in accordance with data retention policies.
Student Rights & Access
Students have the right to view their own data. If any information is incorrect, please contact your teacher to have it corrected. Account access and credential resets must be handled by an administrator.
Data Breach Notification
In the event of a data breach, we will notify affected users and authorities within 72 hours and provide guidance on mitigation steps.
Compliance
This application adheres to FERPA (Family Educational Rights and Privacy Act), COPPA (Children's Online Privacy Protection Act), and relevant data privacy policies.
Contact Information
For questions or concerns, you may use the help and support page to open a support ticket.
← Back to Login