Privacy Policy

Sparkfield (“we,” “us,” or “our”) is an educational platform that helps teachers create personalized science learning experiences for K–8 students. We are committed to protecting the privacy of students, teachers, and parents who use our service.

This policy explains what data we collect, how we use it, and how we keep it safe. If you have questions, email us at hello@sparkfield.app.

Sparkfield is designed for use in K–8 classrooms and takes its obligations under the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA) seriously.

• Student accounts are created by teachers — students do not independently sign up. Teachers provide the student's name and grade; the system generates a username and password that the teacher distributes. Teachers act as the school official who controls access to student education records.
• We do not collect personal information directly from children under 13. Student accounts require only a display name and grade level — no email address is collected from students. Only a system-generated username and password are issued, via the teacher.
• We do not sell, rent, or share student data with advertisers or any third party for commercial purposes.
• We use student data only to provide and improve the educational service.

For Teachers:

• Name and email address (used for login and account identification)
• Encrypted password (we never store passwords in plain text)
• Subscription/billing status (payment is processed by Stripe — we do not store card numbers)
• Challenges and classes created

For Students:

• Display name and grade level (provided by teacher at account creation — no email required)
• Academic progress: quiz answers, essay responses, sparks earned, levels, biome completions
• Pixel character customization choices
• Login credentials: system-generated username and encrypted password (passwords are never stored in plain text)

For Parents:

• Email address (used to receive progress updates)
• Read-only access to their child's progress data

• To provide the core educational experience (challenges, progress tracking, gamification)
• To grade student essays and short-answer responses using AI (see “Third-Party Services” below)
• To allow teachers to monitor class progress and identify students who need support
• To allow parents to view their child's academic progress
• To improve the platform and fix bugs (we may review aggregated, de-identified usage patterns)
• We do not use student data for advertising, profiling, or any purpose outside of educational services

We use a limited set of trusted third-party services to operate Sparkfield:

We do not use Google Analytics, advertising networks, social media trackers, or any data broker services.

Teacher accounts and associated class data are retained while the account is active. Student accounts are retained as long as they are enrolled in an active class.

To delete a student account, teachers can remove the student from their class. To delete a teacher account or request full data deletion, email hello@sparkfield.app. We will process deletion requests within 30 days. Following deletion, data may persist in encrypted system backups for up to 90 days before being purged.

• All connections use HTTPS/TLS encryption
• Passwords are hashed using bcrypt (never stored in plain text)
• Database access is restricted to application servers only
• We do not share credentials or API keys externally

Security Incident Notification: In the event of a security breach that compromises student personally identifiable information, we will notify affected schools and districts within 5 business days of discovering the incident. Notification will include the nature of the breach, data affected, steps taken to contain it, and recommended actions for affected parties.

Parents of students under 13 may:

• Request to review the personal information we have collected about their child
• Request deletion of their child's account and data
• Refuse to permit further collection or use of their child's information

To exercise these rights, contact your child's teacher or email us at hello@sparkfield.app.

For schools and districts in New York State, Sparkfield complies with New York Education Law § 2-d and its implementing regulations. Specifically:

• Student data will not be sold or used for any commercial purpose unrelated to the provision of educational services.
• Student data will not be disclosed to third parties except as necessary to provide the contracted educational service, or as required by law.
• We implement reasonable administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of student data.
• We will notify the contracting educational agency of any breach or unauthorized release of student data in accordance with Education Law § 2-d and applicable breach notification laws.
• Upon termination of services, student data will be returned or securely deleted as directed by the educational agency.
• We will cooperate with the educational agency to ensure compliance with the Parents' Bill of Rights for Data Privacy and Security.

Schools and districts may request a signed Data Processing Agreement (DPA) by emailing hello@sparkfield.app or reviewing our standard DPA.

We may update this policy as the platform evolves. When we do, we will update the “Last updated” date at the top of this page and notify teachers via email if the changes are material.

Questions about privacy? We're happy to help.

Email: hello@sparkfield.app