Privacy Policy

Effective date: April 8, 2026

QuizTheClass ("we," "us," or "our") is a product of Gargasz Interactive LLC. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to all users of https://www.quiztheclass.com (the "Service"), including teachers (account holders) and students (participants who join classroom sessions).

If you are a school district reviewing this Service under a Student Data Privacy Agreement (SDPA), National Data Privacy Agreement (NDPA), or similar exhibit (including New York’s Model Data Security and Privacy Plan and related state supplements), please also see our Student Data & Privacy page and Section 9 below. For accessibility inquiries, VPAT requests, or barrier reports, see our Accessibility page.

1. Information we collect

1a. Teacher accounts

When a teacher creates an account we collect:

1b. Subscription & billing

Paid subscriptions are processed by Stripe, Inc. We never receive or store full credit card numbers. We store only:

Stripe's own privacy policy governs how they handle payment card data: stripe.com/privacy.

1c. Students (session participants)

Students do not create accounts. To join a session a student provides only:

We do not ask students for an email address, phone number, date of birth, school name, or any other personal identifier.

During a session we also store:

1d. Automatically collected technical data

Standard web-server logs (IP address, URL requested, HTTP referrer, browser type) may be recorded by our hosting provider. We do not embed third-party analytics, advertising trackers, or social-media pixels in the Service.

2. How we use information

3. Information sharing

We do not sell, rent, or lease personal information, including Student Data (information relating to students as defined in applicable education privacy laws). We share data only in these limited circumstances:

We do not share, sell, rent, lease, or provide Student Data to advertisers or data brokers.

4. Data retention

To request deletion of your teacher account or any associated data, contact us at support@quiztheclass.com.

5. Security

No system is perfectly secure. If we discover a breach affecting personal data we will notify affected users and, where applicable, the relevant school district, within a reasonable timeframe consistent with applicable law.

Educational agencies: Additional encryption and security-plan language for NDPA, SDPA, and multi-state reviews appears in Section 9.

6. Children's privacy

QuizTheClass is designed for use in a school classroom under teacher direction. Students join sessions without creating accounts and without providing an email address or other personally identifiable information beyond a display name. We rely on the school or teacher to obtain any necessary parental consent under applicable law (e.g., COPPA, FERPA) before directing students to use the Service.

We do not knowingly collect personal information from children under 13 outside of the school context. If you believe a child has provided personal information without appropriate consent, please contact us and we will delete it promptly.

7. Your rights

Depending on your jurisdiction you may have the right to access, correct, or delete personal data we hold about you. Teachers can manage their account and session data from their dashboard. For any request, contact support@quiztheclass.com.

8. Changes to this policy

We may update this Privacy Policy from time to time. The "Effective date" at the top reflects the most recent revision. If we make material changes, we will notify teachers by email or a prominent notice on the Service.

9. School district data privacy & security plan

The following commitments apply to educational agencies (including school districts, charter networks, and other institutions) that use the Service under a written agreement, data privacy addendum, NDPA, SDPA, or comparable terms. They are intended to support reviews aligned with the New York Model Data Security and Privacy Plan (and similar multi-state frameworks, including supplemental requirements in states such as Colorado and Illinois) and to provide clear, contractual-style assurances alongside the rest of this Policy.

9a. Educational agency / NDPA and multi-state compliance

Where an educational agency designates information as Student Data or personally identifiable information under the Family Educational Rights and Privacy Act (FERPA) or state student-privacy laws, we process that information solely to provide and support the Service as directed by the agency or its authorized users (teachers), except as required by law.

9b. Security practices and NIST alignment

We implement administrative, technical, and physical safeguards appropriate to the nature of the Service and the data we process. Our security practices materially align with the NIST Cybersecurity Framework, Version 1.1 (Identify, Protect, Detect, Respond, Recover), including access controls, secure development and configuration practices, monitoring of critical systems, and incident response procedures. Alignment is not a certification; we review and update controls as the Service and threat landscape evolve.

9c. Encryption

Student Data and other personal information are protected using industry-standard encryption and protocols. Data in transit between users and the Service is encrypted using TLS (HTTPS). Data at rest is stored using encryption at rest and protections consistent with our hosting and database environment (including industry-standard disk and infrastructure encryption where provided by our service providers).

9d. Secure destruction of data

Upon written request from an authorized representative of an educational agency, or upon termination or expiration of the agreement between the agency and us (or the subscribing teacher acting on behalf of the agency, as applicable), we will securely delete or destroy Student Data and associated session content in our possession within sixty (60) calendar days, unless a shorter period is specified in the parties’ agreement or applicable law requires a different timeline. Secure destruction means deletion from production systems and backups in accordance with our documented procedures (recognizing that residual copies in archival or disaster-recovery systems may persist for a limited technical retention period before overwrite). The agency may request confirmation of completion by contacting support@quiztheclass.com.

9e. Employee and subprocessor training

Personnel and subprocessors (such as hosting or payment providers) with access to Student Data or systems that store it are required to follow confidentiality obligations. Our employees and contractors with access to such data receive training on federal and state laws governing confidentiality of student and educational records, including FERPA and applicable state student-privacy requirements, as well as our internal security and acceptable-use policies. Subprocessors are bound by written terms that impose comparable confidentiality and security obligations to the extent applicable to their role.

9f. Artificial intelligence

Student Data will not be used to train artificial intelligence (AI) models or systems. We do not use student responses, names, session content, or other Student Data as training data for machine-learning or generative-AI models.

9g. No sale, rental, or lease of Student Data

We will not sell, rent, or lease Student Data. This commitment is in addition to the general sharing limitations in Section 3 of this Policy.

9h. Subprocessors and notices

Current categories of subprocessors (e.g., payment processing, email delivery, hosting) are described in this Policy and our Student Data & Privacy page. We will provide reasonable notice of material changes to subprocessors that process Student Data where our agreement with an educational agency requires it.

10. Contact

If you have questions about this Privacy Policy or our data practices, contact us: