← Back to EARN
Trust & Safety

Trust & Safety

How EARN protects students, teachers, and their data

Our Commitment

At EARN, protecting student data is not an afterthought — it's foundational to everything we build. We collect only what is necessary to provide the platform, we never sell or share data for commercial purposes, and we operate fully in compliance with federal and Virginia education privacy law. If your school or district has a specific data privacy agreement, please send it to support@earnedu.com.

🔍

Transparency

We believe you should always know exactly what data EARN collects and why. Our full Privacy Policy and Terms of Use are written in plain language — no legal walls of text.

EARN collects the minimum data necessary: teacher name, email, school, and district at registration; and student first name, last name, student ID, and SOL performance levels uploaded by teachers from MasteryConnect tracker exports. All data is stored securely on Google Firebase infrastructure in the United States.

Data collection is governed by the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and applicable Virginia state law.
🚫

We Never Sell Student Data

Student data belongs to students and their schools — full stop. EARN will never sell, rent, or share student data for any commercial purpose. We also do not display advertising of any kind on the platform.

🔒

Data Security

EARN is built on Google Firebase, which provides enterprise-grade security infrastructure. We take additional steps at the application level to ensure data is only accessible to the right people.

In the event of a data breach affecting student information, we will notify affected schools and districts promptly and in accordance with applicable law.

Access to EARN is strictly controlled. Teachers must be approved and registered before accessing the platform, and student access is limited to approved school email domains. Students cannot access their data until a teacher has uploaded a MasteryConnect tracker — no tracker upload means no student access. This ensures that only authorized users within verified schools can ever access the platform.

Google Firebase Infrastructure — Independent Certifications
ISO 27001
ISO 27017
ISO 27018
SOC 1
SOC 2
SOC 3
All certifications are held by Google Firebase. EARNEDU LLC operates within this certified infrastructure as a Firebase customer. Full details at firebase.google.com/support/privacy.
📋

FERPA & COPPA Compliance

EARN is designed from the ground up for K–12 schools and takes its legal obligations seriously.

FERPA: EARN operates as a "school official" with a legitimate educational interest under the Family Educational Rights and Privacy Act. Student education records are processed solely to provide academic growth tracking services, under the direct control of the school or district, which retains ownership of its data at all times. EARN does not use student data for any other purpose and does not redisclose it without authorization. Upon request or contract termination, student data is returned or destroyed.
COPPA: Students do not self-register for EARN. They are added when a teacher uploads a MasteryConnect tracker, and a student's school-issued Google account email is captured via Google OAuth when they first sign in; all other student data is uploaded by teachers. For students under 13, the school or district acts as the authorized agent providing consent under the Children's Online Privacy Protection Act. This school-provided consent applies because EARN uses student data solely for educational purposes and never for any commercial purpose. Schools may review what data is collected and request deletion at any time. Students 13 and older are covered under FERPA and applicable Virginia student privacy law rather than COPPA.

Parents or guardians with questions about their child's data should contact their school or district directly, as schools retain FERPA rights over student education records.

📝

Data Processing Agreements

EARN processes student data only under a signed Data Processing Agreement (DPA) executed with the school or district before any student data is handled. The DPA governs how data is used, secured, retained, and returned or destroyed, and confirms that the district retains ownership and control of its student data throughout.

Certifications & Compliance

EARN's own certification status. Infrastructure certifications (ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3) are held by Google Firebase and listed in the Infrastructure section above.

🤝 1EdTech Trusted App (pending)

Green badges are active. Grey badges are pending.

Have a Privacy Question?

We're happy to answer questions from schools, districts, or parents.

Contact EARN