Our Commitment
At EARN, protecting student data is not an afterthought — it's foundational to everything we build. We collect only what is necessary to provide the platform, we never sell or share data for commercial purposes, and we operate fully in compliance with federal and Virginia education privacy law. If your school or district has a specific data privacy agreement, please send it to support@earnedu.com.
Transparency
We believe you should always know exactly what data EARN collects and why. Our full Privacy Policy and Terms of Use are written in plain language — no legal walls of text.
EARN collects the minimum data necessary: teacher name, email, school, and district at registration; and student first name, last name, student ID, and SOL performance levels uploaded by teachers from MasteryConnect tracker exports. All data is stored securely on Google Firebase infrastructure in the United States.
We Never Sell Student Data
Student data belongs to students and their schools — full stop. EARN will never sell, rent, or share student data for any commercial purpose. We also do not display advertising of any kind on the platform.
- Student data is never sold or rented to any third party
- Student data is never used for advertising or marketing
- No third-party behavioral tracking on EARN
- No student profiles are created for commercial purposes
- All student data is deleted at the end of each academic school year
Data Security
EARN is built on Google Firebase, which provides enterprise-grade security infrastructure. We take additional steps at the application level to ensure data is only accessible to the right people.
- Google OAuth authentication — no passwords stored by EARN
- Domain-based authentication limits access to approved school email addresses
- Firebase security rules enforce strict per-user data access
- Students can only see their own data — never another student's
- School-level reports are emailed or provided directly to authorized administrators — administrators do not access the platform
In the event of a data breach affecting student information, we will notify affected schools and districts promptly and in accordance with applicable law.
Access to EARN is strictly controlled. Teachers must be approved and registered before accessing the platform, and student access is limited to approved school email domains. Students cannot access their data until a teacher has uploaded a MasteryConnect tracker — no tracker upload means no student access. This ensures that only authorized users within verified schools can ever access the platform.
FERPA & COPPA Compliance
EARN is designed from the ground up for K–12 schools and takes its legal obligations seriously.
Parents or guardians with questions about their child's data should contact their school or district directly, as schools retain FERPA rights over student education records.
Data Processing Agreements
EARN processes student data only under a signed Data Processing Agreement (DPA) executed with the school or district before any student data is handled. The DPA governs how data is used, secured, retained, and returned or destroyed, and confirms that the district retains ownership and control of its student data throughout.
Certifications & Compliance
EARN's own certification status. Infrastructure certifications (ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3) are held by Google Firebase and listed in the Infrastructure section above.
Green badges are active. Grey badges are pending.
Have a Privacy Question?
We're happy to answer questions from schools, districts, or parents.