Privacy Policy & Cookie Policy

Last updated: February 7, 2026

1. Introduction

Classroom Notes ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you use our note-taking application for students and teachers.

Our service is hosted on Firebase (Google Cloud Platform) on European servers, ensuring compliance with GDPR and other European data protection regulations.

2. Data We Collect

2.1 Account Information

  • Email address: Used for authentication and account recovery
  • Display name: Shown to teachers and classmates
  • User role: Student, teacher, or admin
  • Authentication tokens: Managed by Firebase Authentication

2.2 Educational Content

  • Class notes: Notes created in classes (visible to assigned teachers)
  • Private notes: Personal notes in your private notebook (encrypted, only you can read)
  • Timestamps: Creation and modification dates
  • Class memberships: Which classes you belong to

2.3 Usage Information

  • Presence data: Whether you're currently editing a note (temporary, not stored long-term)
  • Last activity: When you last accessed the application
  • Browser information: For technical support and compatibility

3. Private Note Encryption

Your private notebook is end-to-end encrypted. This means:

  • Only you can read your private notes - not even we (the service administrators) can decrypt them
  • Encryption happens in your browser using AES-256-GCM
  • Encryption keys are derived from your user credentials and never stored on our servers
  • Even if our database is compromised, your private notes remain unreadable

Important: Class notes are not encrypted, as teachers need to be able to view and provide feedback on your class work.

4. How We Use Your Data

  • Provide the service: Enable note-taking, class management, and collaboration
  • Authentication: Verify your identity when you log in
  • Class assignment: Connect students with their teachers and classes
  • Communication: Send important service updates (account recovery, class invitations)
  • Technical support: Troubleshoot issues and improve the application

We do NOT:

  • Sell your data to third parties
  • Use your notes for advertising
  • Share your private information with anyone outside your assigned classes
  • Track you across other websites

5. Data Storage and Location

European Data Storage

Primary application data is stored on secure servers within Europe. Data is hosted within the European Economic Area where possible.

Firebase (Google Cloud Platform) complies with GDPR and has appropriate data processing agreements in place.

6. Data Sharing

We share your data only in the following limited circumstances:

  • With teachers: Your class notes are visible to teachers in classes you've joined
  • With classmates: Your display name is visible to other students in your classes
  • Service providers: Firebase/Google Cloud for hosting (subject to GDPR data processing agreements)
  • Legal requirements: If required by law or to protect rights and safety

We never share:

  • Your private encrypted notes (we can't - they're encrypted!)
  • Your email address with other users
  • Your data for marketing or advertising purposes

7. Cookies and Local Storage

We use cookies and browser local storage to provide essential functionality:

7.1 Essential Cookies (Required)

  • Authentication tokens: Keep you logged in
  • Session management: Remember your preferences during your session
  • Security tokens: Prevent cross-site request forgery (CSRF)

7.2 Functional Local Storage

  • Theme preference: Remember if you prefer dark or light mode
  • UI state: Remember which sidebar sections you've expanded/collapsed
  • Draft content: Temporarily save your notes before you explicitly save them

7.3 Analytics Cookies

We currently do NOT use any analytics or tracking cookies. If this changes in the future, we will:

  • Update this policy
  • Ask for your explicit consent
  • Provide an easy way to opt out

8. Your Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

  • Right to access: Request a copy of all data we hold about you
  • Right to rectification: Correct inaccurate personal data
  • Right to erasure ("right to be forgotten"): Request deletion of your account and data
  • Right to restriction: Limit how we process your data
  • Right to data portability: Export your notes in a common format (PDF, JSON)
  • Right to object: Object to processing of your data
  • Right to withdraw consent: Change your mind about data processing at any time

To exercise any of these rights, please contact us.

9. Data Retention

  • Active accounts: Data retained as long as your account is active
  • Deleted accounts: All personal data deleted within 30 days
  • Archived classes: Notes preserved but no longer editable
  • Backup retention: Backups deleted after 90 days
  • Legal holds: Data may be retained if required by law

10. Children's Privacy

Our service may be used by students under 16. We comply with GDPR requirements for children's data:

  • Accounts for users under 16 should be created with parental/school consent
  • We collect only the minimum data necessary for educational purposes
  • Private notes are encrypted for additional privacy protection
  • Teachers and schools are responsible for obtaining appropriate consent

11. Security Measures

We implement industry-standard security measures:

  • Encryption in transit: All data encrypted with HTTPS/TLS
  • Encryption at rest: Firebase encrypts all stored data
  • End-to-end encryption: Private notes encrypted in your browser
  • Authentication: Secure password hashing and session management
  • Access controls: Role-based permissions (student, teacher, admin)
  • Regular updates: Security patches applied promptly

12. Third-Party Services

We use the following third-party services:

  • Firebase (Google Cloud): Hosting, authentication, database (GDPR-compliant, EU servers)
  • Vercel (if applicable): Frontend hosting (GDPR-compliant)

All third-party services have appropriate data processing agreements and comply with GDPR.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • We'll update the "Last updated" date at the top
  • Significant changes will be announced via email
  • You'll be asked to review and accept major changes

14. Contact Us

If you have questions about this Privacy Policy or want to exercise your GDPR rights, please use our contact form.

  • Contact Form: /contact
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority

15. Cookie Consent

By using Classroom Notes, you consent to the use of essential cookies required for the service to function. We do not use optional analytics or marketing cookies at this time.