Privacy Policy

1. Purpose of This Policy

Classroom2Career (C2C) is committed to protecting the privacy, confidentiality, and security of student data. This Privacy Policy outlines how we collect, use, store, and protect student information in compliance with:

• The Family Educational Rights and Privacy Act (FERPA)
• The Student Online Personal Protection Act (SOPPA)
• Chicago Public Schools (CPS) Student Data Addendum requirements (RFQ Specification No. 26-1224)

This policy applies to all C2C programs, including in-school, after-school (OST), summer programming, and digital.

2. Student Data We Collect

C2C limits data collection to only what is necessary to deliver educational services. The types of data we may collect include:

Basic Identifiers

• Name — for rostering, tracking, and reporting
• Email Address — for authentication, unique identification, email notifications, and rostering
• Student ID — for rostering and reporting to CPS teachers and staff
• Username — for platform login and student identification

Academic Information

• Grade Level — for delivery of grade-level content, curriculum matching, rostering, and staff reporting
• Classroom — for curriculum matching, rostering, and staff reporting
• Teacher — for curriculum matching, rostering, and staff reporting
• School — for curriculum matching, rostering, and staff reporting

Program Data

• Attendance, participation, student-generated content (projects, business plans)
• Student Generated Content — for storing assessment responses, student projects, and grades/subject progress

Performance Data

• Student Grades — for benchmarking progress and matching students with college/scholarship opportunities
• Student Test Scores — for benchmarking progress (if applicable)

Technical Data

• IP Address — for logging, auditing, and security purposes
• Password — for platform login only

Demographic Data (limited use only)

• Language — for use of platform in student's primary language and staff reporting
• Age (not full date of birth, absent exigent circumstances) — for rostering, age-appropriate content, college/scholarship matching, and SEL counseling
• Gender — only for SEL counseling, college/scholarship matching, and bias-free assessment experiences
• Race/Ethnicity — only for SEL counseling, college/scholarship matching, bias-free assessments, and CPS staff reporting

Survey Responses (non-PII only)

For benchmarking student progress and CPS-created reporting purposes. Cannot be used for marketing purposes (SOPPA-prohibited).

All data collected aligns strictly with CPS-approved categories and purposes as outlined in Attachment K of RFQ Specification No. 26-1224.

3. How We Use Student Data

C2C uses student data solely to support educational outcomes, including:

• Delivering curriculum and matching students to appropriate content
• Tracking student progress and program effectiveness
• Supporting career exploration and entrepreneurship development
• Providing reports to CPS, educators, and authorized staff
• Supporting social-emotional learning where applicable

We do NOT use student data for:

• Advertising or marketing
• Selling or renting data to any party
• Profiling unrelated to education
• Any purpose not expressly authorized under this Policy or the CPS Agreement

4. Data Security & Integrations

C2C implements industry-standard safeguards and complies with CPS integration requirements, including:

• Integration with CPS-approved identity providers and rostering solutions: Clever, One Roster, and ClassLink
• CPS Single Sign-On (SSO) compatibility
• Secure data exchange via s-FTP, API, and/or web services (where applicable)
• Authentication mechanisms compatible with SAML, Google SSO, OAuth, OpenID Connect, WS-Federation, and CAS
• Encrypted data transfer — student data is never transmitted via unsecured email
• Role-based, restricted access permissions
• Regular monitoring and auditing of systems

5. Disclosure of Student Data to Third Parties

C2C does not sell student data. We may share student data only under the following conditions:

• With Chicago Public Schools (CPS) and authorized school personnel
• With approved third-party service providers (subprocessors) necessary to deliver services
• When required by law or legal process

All third-party partners are contractually bound to data protection standards, limited to specific approved uses, and cannot reuse or sell student data. Any subprocessor with access to student data will be disclosed and approved in accordance with CPS requirements. A complete list of authorized subprocessors is maintained and available upon request.

6. Data Retention

C2C retains student data only for as long as necessary to:

• Fulfill program requirements
• Meet reporting obligations
• Comply with legal and contractual requirements

After that period, data is securely deleted or anonymized in accordance with applicable law and CPS guidelines.

7. Student & Parent Rights

In alignment with FERPA, students and parents/guardians have the right to:

• Access student records
• Request corrections to inaccurate data
• Request deletion of data where applicable
• Understand how data is being used

Requests should be directed to C2C using the contact information in Section 10 below.

8. Data Minimization Commitment

C2C follows a strict "minimum necessary" standard. If we don't need it to teach, track, or support the student — we don't collect it. Any student data not listed in this Policy cannot be collected by C2C, and any third party not expressly listed will be unauthorized to utilize or access student data in providing services.

9. Updates to This Policy

This Privacy Policy may be updated periodically to reflect changes in law or CPS requirements, or updates to C2C programming or technology. All updates will be communicated and reflected with a revised effective date.

10. Contact Information

For questions or concerns regarding this Privacy Policy: