Data Processing Agreement
Level Up Classroom Inc. — Last updated April 2026
1. Parties & Scope
This Data Processing Agreement ("DPA") is entered into between the educational institution or school board ("Data Controller") and Level Up Classroom Inc. ("Data Processor"), an Ontario corporation operating the platforms LevelUpClassroom.com and OSSLTPrep.com.
This agreement governs the processing of student personal information by the Data Processor on behalf of the Data Controller in connection with the educational services provided by both platforms.
2. Definitions
- "Student Data" means any personal information relating to an identified or identifiable student, including names, student numbers, grades, attendance records, assessment responses, and written work.
- "Processing" means any operation performed on Student Data, including collection, storage, retrieval, use, disclosure, or deletion.
- "Services" means the Level Up Classroom platform (classroom management, gradebook, attendance, timetabling, gamification, AI-assisted report generation) and OSSLTPrep platform (OSSLT practice tests, Literacy Dojo, AI essay grading).
3. Data Collected
Level Up Classroom collects:
- Student names (or pseudonymous nicknames in Privacy Mode), student numbers, email addresses (optional)
- Ontario Education Numbers (OENs) — optional, at school board/administrator discretion for SIS integration
- Parent/guardian contact information (optional — name, email, phone)
- Grades, assessment scores, learning skills evaluations, attendance records
- Assignment submissions (Google Drive links), class stream activity
- OSSLT practice test responses, scores, and AI-generated feedback
Level Up Classroom does NOT collect:
- Student home addresses or phone numbers
- Location data, browser history, or device identifiers — no analytics or tracking of any kind runs on student accounts
- Camera, microphone, biometric, or audio data
- Contact lists, personal files, or social media profiles
- Payment information from students (billing is teacher/board only via Stripe)
4. Purpose of Processing
Student Data is processed solely for providing the educational services described in Section 2, including:
- Delivering classroom management tools (gradebook, attendance, timetable)
- Enabling student access to grades, assignments, and class activities
- Generating AI-powered report card comments (student first names and aggregate grade data only)
- Delivering OSSLT practice tests with automated scoring and AI essay feedback
- Providing Literacy Dojo practice exercises with AI-generated feedback
- Generating progress reports and data exports for teachers and administrators
Student Data is never sold, used for advertising, used for profiling, shared with third parties for marketing purposes, or used to train AI models.
5. Sub-Processors
The Data Processor uses the following sub-processors:
| Provider | Purpose | Data Location | Student PII Processed |
|---|---|---|---|
| Google Firebase / Google Cloud | Database storage, authentication, file hosting | Toronto, Canada (northamerica-northeast2) | Yes — all stored student data |
| Anthropic (Claude AI) | AI report comments, essay grading, educational content generation (Level Up Classroom) | United States | First names only (report comments); no PII for other features. Anthropic does not retain API data or use it for training. |
| OpenAI | AI essay grading, writing feedback (OSSLTPrep) | United States | Student written responses only — no names or identifying information. OpenAI API data is not used for model training (API terms). |
| Stripe | Subscription billing for teachers/boards | United States | None — teacher/board billing only, no student data |
| Netlify | Web hosting, serverless functions | United States | Transient only — data passes through serverless functions but is not stored by Netlify |
| Resend | Transactional email (staff invitations, reporting-deadline reminders, onboarding and support replies) | United States | None — teacher/staff email addresses only. No student data is sent by email. |
| Google Analytics (GA4) | Website usage analytics — optional, and loaded only after the visitor gives consent | United States | None — never loaded on student accounts, and not loaded for anyone who has not consented. Where consent is given (teachers/visitors), GA4 sets a cookie and client identifier and IP is anonymized. |
The Data Processor will notify the Data Controller before adding any new sub-processor that handles Student Data.
5a. Retained academic records (exception to erasure)
When a student is removed from a class, Level Up Classroom erases their record from that class — roster entry, grades, released grades, grade-change history, submitted work and teacher feedback, attendance marks (including the school-wide attendance roll-up), gamification history, seating position, contact details, and any sign-in credential.
One category is deliberately retained: where a school has submitted marks for a completed reporting period, the frozen record of that period (student name, final mark, credit value and completion status) is kept as the school's academic record. A school that grants credits is legally required to retain evidence of what was awarded, and it cannot be reconstructed once the live gradebook moves on. This retention is limited to that record — it does not include submitted work, feedback, attendance or any contact information — and it exists only for schools using reporting periods.
The Data Controller (the school) remains responsible for its own retention schedule and may request deletion of these records where no legal obligation to retain them applies.
6. Security Measures
- Encryption at rest: AES-256 via Google Cloud KMS (always on, cannot be disabled)
- Encryption in transit: TLS 1.2+ enforced on all connections
- Access control: Firestore Security Rules enforce role-based access — teachers see only their classes, students see only their enrolled classes, administrators see only their school's data
- Authentication: Firebase Authentication with OAuth 2.0, short-lived tokens (1 hour) with automatic refresh
- API security: AI API keys stored server-side only, rate-limited (20 requests/hour/IP), restricted to authorized origins
- Audit logging: Administrative actions (staff changes, timetable operations, configuration) are logged with actor identity and timestamp
- Automated cleanup: Nightly scheduled process deletes expired archived data and stale invitations
7. Data Retention & Deletion
- Student Data is retained for the duration of the Data Controller's active account
- Archived classes are automatically deleted after the plan-based retention period by a nightly scheduled process
- Upon termination of the agreement, all Student Data associated with the Data Controller will be permanently deleted within 90 days, or returned in a standard format (CSV) upon written request
- The Data Controller or individual students/parents may request deletion of specific student records at any time by contacting reece@levelupclassroom.com
- Backup data is stored within the same Google Cloud Toronto region and follows the same deletion timeline
8. Data Subject Rights
The Data Processor will assist the Data Controller in fulfilling data subject requests including:
- Access: Provide copies of all personal data held for a specific student
- Correction: Correct inaccurate personal information
- Deletion: Permanently delete a student's data upon request
- Export: Provide student data in standard formats (CSV)
- AI Opt-out: Disable AI features for specific students upon request. Teachers can toggle AI opt-out per student in the platform, which blocks AI-generated report comments and feedback for that student.
Requests will be fulfilled within 30 days of receipt.
9. Breach Notification
In the event of a confirmed data breach affecting Student Data, the Data Processor will:
- Notify the Data Controller within 72 hours of confirming the breach
- Provide details of the scope, affected data, and remediation steps taken
- Notify the Office of the Privacy Commissioner of Canada if required under PIPEDA
- Cooperate fully with the Data Controller's incident response procedures
- Maintain breach records for a minimum of 24 months
See our full Breach Response Protocol for detailed procedures.
10. Data Ownership
The Data Controller retains full ownership of all Student Data at all times. The Data Processor does not claim any ownership rights over student records, grades, attendance data, or any other educational information. Students retain ownership of all content they create (assignments, essays, written responses).
11. Compliance
This DPA is designed to comply with:
- The Personal Information Protection and Electronic Documents Act (PIPEDA)
- The Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
- Applicable Ontario education privacy standards
12. Term & Termination
This DPA is effective for the duration of the Data Controller's use of the Services. Either party may terminate this agreement with 30 days written notice. Upon termination, the Data Processor will delete or return all Student Data as described in Section 7.
13. Contact
Privacy Officer: Reece Cantelon
Email: reece@levelupclassroom.com
Entity: Level Up Classroom Inc., Ontario, Canada
Signatures
Data Controller (School Board / Institution)
Name & Title
Organization
Signature & Date
Data Processor (Level Up Classroom Inc.)
Reece Cantelon, Privacy Officer
Level Up Classroom Inc.
Signature & Date
Level Up Classroom Inc. — levelupclassroom.com — reece@levelupclassroom.com
This document applies to all products operated by Level Up Classroom Inc.