Trust & Safety — EARN EDU

Our Commitment

At EARN, protecting student data is not an afterthought — it's foundational to everything we build. We collect only what is necessary to provide the platform, we never sell or share data for commercial purposes, and we operate fully in compliance with federal and Virginia education privacy law. If your school or district has a specific data privacy agreement, please send it to support@earnedu.com.

🔍

Transparency

We believe you should always know exactly what data EARN collects and why. Our full Privacy Policy and Terms of Use are written in plain language — no legal walls of text.

EARN collects the minimum data necessary: teacher name, email, school, and district at registration; and student first name, last name, student ID, and SOL performance levels uploaded by teachers from MasteryConnect tracker exports. All data is stored securely on Google Firebase infrastructure in the United States.

      Data collection is governed by the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and applicable Virginia state law.
    

🚫

We Never Sell Student Data

Student data belongs to students and their schools — full stop. EARN will never sell, rent, or share student data for any commercial purpose. We also do not display advertising of any kind on the platform.

Student data is never sold or rented to any third party
Student data is never used for advertising or marketing
No third-party behavioral tracking on EARN
No student profiles are created for commercial purposes
All student data is deleted at the end of each academic school year

🔒

Data Security

EARN is built on Google Firebase, which provides enterprise-grade security infrastructure. We take additional steps at the application level to ensure data is only accessible to the right people.

Google OAuth authentication — no passwords stored by EARN
Domain-based authentication limits access to approved school email addresses
Firebase security rules enforce strict per-user data access
Students can only see their own data — never another student's
School-level reports are emailed or provided directly to authorized administrators — administrators do not access the platform

In the event of a data breach affecting student information, we will notify affected schools and districts promptly and in accordance with applicable law.

Access to EARN is strictly controlled. Teachers must be approved and registered before accessing the platform, and student access is limited to approved school email domains. Students cannot access their data until a teacher has uploaded a MasteryConnect tracker — no tracker upload means no student access. This ensures that only authorized users within verified schools can ever access the platform.

Google Firebase Infrastructure — Independent Certifications

ISO 27001

ISO 27017

ISO 27018

SOC 1

SOC 2

SOC 3

All certifications are held by Google Firebase. EARNEDU LLC operates within this certified infrastructure as a Firebase customer. Full details at firebase.google.com/support/privacy.

📋

FERPA & COPPA Compliance

EARN is designed from the ground up for K–12 schools and takes its legal obligations seriously.

      FERPA: EARN operates as a "school official" under the Family Educational Rights and Privacy Act. Student education records are processed solely to provide academic growth tracking services. Schools and districts retain ownership and control of their student data at all times.
    

      COPPA: Students do not self-register for EARN — they are added to the platform when a teacher uploads a MasteryConnect tracker. When a student signs in, their school-issued Google account email address is captured via Google OAuth. All other student data is uploaded by teachers. Schools and districts act as the authorized agent providing consent on behalf of students under the Children's Online Privacy Protection Act.
    

Parents or guardians with questions about their child's data should contact their school or district directly, as schools retain FERPA rights over student education records.

📝

Data Processing Agreements

EARN processes student data only under a signed Data Processing Agreement (DPA) executed with the school district prior to any student data being handled. EARN is a member of the Student Data Privacy Consortium (SDPC) and supports the Virginia National Data Privacy Agreement (NDPA V2) — a standardized, legally vetted agreement already accepted by school districts across Virginia.

      What this means for districts: Rather than negotiating a custom agreement from scratch, Virginia districts can execute the standard Virginia NDPA with EARN in a fraction of the time. Once signed with one district, other Virginia SDPC member districts can subscribe to the same agreement with one click — no new negotiation required.
    

Hampton Roads districts already participating in SDPC include Virginia Beach City Public Schools, Norfolk, Chesapeake, Portsmouth, Hampton, Newport News, Suffolk, York County, Poquoson, and Isle of Wight. If your district is ready to execute a DPA, contact us at support@earnedu.com.

Certifications & Compliance

Infrastructure certifications are active. Third-party privacy certifications are actively being pursued.

✅ ISO 27001

✅ SOC 2

🤝 SDPC Member

Green badges are active. Grey badges are pending.

Have a Privacy Question?

We're happy to answer questions from schools, districts, or parents.

Contact EARN