Instructional Products Privacy Policy
Modern Classrooms Project
Effective March 17, 2026
Overview and Scope
This Privacy Policy describes how the Modern Classrooms Project (“MCP”) collects, uses, stores, and protects Student Data and Educator Data in connection with its instructional products, including MCP’s Resource Hub, Digital Progress Tracker, and Next Step Math.
These products are provided to schools and local education agencies (“LEAs”) pursuant to written agreements, including Student Data Privacy Agreements where applicable. MCP processes Student Data as a service provider to LEAs and under the direct control of the LEA, consistent with applicable federal and state student privacy laws.
This Privacy Policy applies only to MCP’s instructional products and does not apply to MCP’s general marketing website, donation platform, or internal administrative systems.
Applicable Legal Framework
MCP processes Student Data as a school official or service provider acting under the direction and control of the LEA, consistent with the requirements of applicable federal and state student privacy laws, including:
Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g — MCP processes Student Data only as authorized by the LEA, consistent with the school official exception under FERPA. Student Data constitutes education records subject to LEA control.
Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506 — Where MCP's instructional products are used with students under the age of 13, MCP relies on the LEA to provide appropriate authorization on behalf of parents, consistent with the school consent exception under COPPA. MCP does not collect personal information from children for commercial purposes.
Applicable State Student Privacy Laws — MCP complies with applicable state student data privacy statutes in jurisdictions where its products are in use. Specific state law compliance obligations may be addressed in applicable Student Data Privacy Agreements or LEA-specific addenda.
Where a Student Data Privacy Agreement or LEA-specific addendum is in place, the terms of that agreement govern to the extent they are more protective of Student Data than this Privacy Policy.
Data We Process
Consistent with applicable district agreements, MCP may process the following types of Student and Educator Data as authorized by the LEA. The list below is for illustrative purposes; the exact data processed is determined as part of MCP’s agreements with LEAs.
Student Account Information: Student name, district or system-assigned student ID, grade level, class enrollment information .
Educator Account Information: Name, school affiliation, role, curriculum used.
Student-Generated Instructional Content: Written responses, audio recordings of mathematical explanations, images of handwritten work, other instructional submissions assigned by educators.
Instructional and System Data: mastery progress indicators, teacher-facing instructional insights, application usage data, authentication information provided through district rostering systems (e.g., Clever), system logs and technical metadata
MCP processes only the types of data authorized by the LEA and necessary to provide the services described in the applicable Service Agreement.
Purpose of Processing
Student and Educator Data are used solely to:
Provide instructional functionality
Support classroom workflows
Generate teacher-facing instructional insights
Maintain and improve system reliability and performance
Provide customer and technical support
Comply with legal obligations
MCP does not:
Sell Student or Educator Data
Use Student or Educator Data for targeted advertising or commercial marketing purposes
Create non-instructional student profiles
De-Identified Data
MCP may create and use de-identified data derived from Student Data in accordance with FERPA and applicable law.
De-Identified Data means information from which all personally identifiable information has been removed such that the data cannot reasonably be used to identify an individual student.
De-Identified Data may be used for purposes permitted under applicable law and district agreements, including but not limited to:
Research and development of MCP’s educational services
Demonstrating the effectiveness of instructional services
Supporting adaptive or customized learning functionality
MCP does not attempt to re-identify De-Identified Data and does not transfer De-Identified Data except as permitted under applicable agreements.
Use of De-Identified Data may continue after termination of a district agreement, consistent with applicable law and written agreements.
AI Processing
Certain MCP instructional products, including Next Step Math, use artificial intelligence (“AI”) to support instructional insight generation.
When AI services are used:
Student submissions (text, audio, image) may be transmitted to a third-party AI service provider for real-time inference.
AI-generated outputs are advisory and subject to educator review and discretion.
MCP may retain AI prompts and related system logs for debugging, performance monitoring, and service reliability purposes. Such logs are encrypted, access-restricted, and retained only for a period consistent with MCP’s data retention practices and applicable agreements.
Subprocessors
MCP engages limited third-party service providers (“Subprocessors”) to support core functionality, including:
Cloud hosting and infrastructure
Authentication and rostering
AI inference services
Analytics and system monitoring
All Subprocessors:
Act solely as service providers
Are contractually required to protect Student Data
Must comply with obligations no less stringent than applicable district agreements
May not sell Student Data
May not use Student Data for advertising
Must delete or return Student Data upon termination of services.
A current list of Subprocessors is available upon request.
Data Retention and Disposition
Student and Educator Data is retained while:
The LEA maintains an active agreement with MCP, and
User accounts remain provisioned through district-approved authentication or rostering systems
Upon termination of a district agreement:
MCP will delete or return Student Data upon written request from the LEA.
If deletion is requested, Student Data will be securely deleted from production systems within sixty (60) days and consistent with applicable agreements, except where retention is required by applicable law or district agreement.
If no written request is received, MCP will dispose of Student Data after providing reasonable prior notice to the LEA.
Deletion includes removal from production databases and application storage systems.
Encrypted backup data is retained only for disaster recovery purposes and is not accessible through product interfaces. Backup data is deleted in accordance with MCP’s documented backup retention schedule.
Parent and Student Rights
MCP processes Student Data on behalf of schools and districts acting as a service provider under the direction and control of the LEA. Schools and LEAs retain control over Student Data and education records under the Family Educational Rights and Privacy Act (FERPA).
Rights Under FERPA
Parents and eligible students have the right under FERPA to:
Inspect and review education records maintained by their school or district
Request correction of records they believe to be inaccurate or misleading
Request deletion of records, subject to applicable legal requirements and LEA policies
Because MCP holds Student Data on behalf of the LEA — not as an independent custodian — these rights are exercised through the school or district, not through MCP directly. Parents and eligible students should contact their school or LEA to submit any such request.
MCP's Role in Supporting Rights Requests
Upon receiving a written request from an LEA related to a parent or student rights request, MCP will:
Provide the LEA with access to the relevant Student Data within thirty (30) days
Correct or delete Student Data as directed by the LEA, consistent with applicable law and the applicable Service Agreement
Confirm in writing when the requested action has been completed
MCP will not condition access to its services on the waiver of any student privacy rights.
Rights Under COPPA
Where MCP's products are used with students under the age of 13, MCP relies on the LEA to provide authorization on behalf of parents consistent with the school consent exception under the Children's Online Privacy Protection Act (COPPA). Parents who wish to review, correct, or request deletion of personal information collected from a child under 13 should contact their school or district directly.
State-Specific Rights
Parents and eligible students in certain states may have additional rights under applicable state student privacy laws. MCP will support LEAs in honoring those rights as required by applicable law and written agreements. LEA-specific addenda or Student Data Privacy Agreements may address state-specific obligations in greater detail.
Data Security
MCP implements administrative, technical, and physical safeguards designed to protect Student Data and Educator Data from unauthorized access, disclosure, acquisition, destruction, use, or modification.
MCP maintains a cybersecurity framework consistent with recognized security standards and applicable contractual obligations.
Security Incident Notification
MCP maintains incident response procedures designed to detect, contain, and remediate unauthorized access to or disclosure of Student Data.
In the event of a confirmed security incident involving Student Data, MCP will:
Notify the affected LEA promptly and without unreasonable delay, and in no case later than seventy-two (72) hours after MCP confirms that a breach of Student Data has occurred
Provide written notification to the LEA's designated privacy or data contact
Include in the notification, to the extent known at the time:
A description of the nature of the incident
The categories and approximate number of students affected
The categories of Student Data involved
The likely consequences of the breach
Measures taken or proposed by MCP to address the incident and mitigate its effects
Where complete information is not available within the initial notification period, MCP will provide a preliminary notice followed by supplemental updates as additional information becomes available.
MCP will cooperate with the LEA in its response to the incident, including supporting any notifications to parents or eligible students that the LEA is required to provide under applicable law.
Nothing in this section limits the notification obligations of the LEA under applicable federal or state law, including FERPA, COPPA, or applicable state breach notification statutes. LEAs retain responsibility for any notifications to parents, students, or state agencies required under applicable law.
Changes to This Policy
MCP may update this Privacy Policy from time to time. Material changes will be posted publicly with an updated effective date.
Governing Law and Jurisdiction
This Privacy Policy and any disputes arising from or related to MCP's processing of Student Data under this Policy are governed by the laws of the District of Columbia, without regard to its conflict of law provisions.
Nothing in this section limits the rights of LEAs or parents under applicable federal or state student privacy laws, including FERPA, COPPA, or applicable state statutes, regardless of jurisdiction. Where an LEA's Student Data Privacy Agreement specifies a different governing law, the terms of that agreement control with respect to that LEA.
Any legal action or proceeding arising under this Policy, to the extent not governed by a separate written agreement, shall be brought exclusively in the courts of the District of Columbia, and the parties consent to personal jurisdiction in those courts.
Contact Information
Questions regarding this Privacy Policy may be directed to [email protected].