Start with context

School use and family use are different

School-Authorized Use

The school controls its education records. The Scholar's Ascent processes only the information needed to deliver the school-authorized service and follows the applicable school agreement. A parent or eligible student should normally begin an education-record request with the school so the school can verify identity and direct the response.

Direct-to-Family Use

The parent, guardian, or adult account holder controls the account relationship. For a child under 13, the account must remain restricted until the adult receives the required direct notice and provides legally sufficient consent, unless a properly authorized school is acting as the parent's agent for a school-only educational purpose. The direct-family under-13 production flow remains gated while its parent-verification steps are finalized.

A teacher clicking “Sign in with Clever” is not, by itself, our evidence that a school authorized under-13 data collection. Production classroom activation requires the authority and notices applicable to that school context.
Data map

What the Assessment Center may process

Identity & Classroom

  • Clever role and provider identifiers are received during authorization; the current integration converts provider IDs to keyed opaque mappings instead of persisting the raw IDs or OAuth token
  • Selected-section label, subject/grade when supplied, roster count, membership links, and synchronization state
  • The current Clever integration does not persist teacher or student names, emails, profile photos, or demographic fields
  • Scholar alias and tenant-scoped classroom links

Learning Evidence

  • Answers, scores, attempts, mastery, misconceptions, feedback, retakes, and regrades
  • Uploaded or photographed work, including handwriting or names a user puts into an image
  • Teacher comments and notifications

Supports

  • Educator-selected functional settings such as extended time, reduced question count, text or speech support, bilingual support, or alternate setting
  • Google generative-AI grading is not enabled in the company Assessment Center
  • We do not request Clever API v3.1 disability, Section 504, IEP, gifted, FRL, home-language, or attendance fields for the Library integration

Integrity & Family Links

  • Tab/fullscreen events, paste events, response length, aggregate typing cadence, keystroke counts/bursts, network-address hashes, and generated risk indicators during applicable assessments
  • Guardian name, email, account link, consent record, and related security metadata where family features are used

Application Security

  • Company-hosted teacher and student assessment routes use Firebase App Check with reCAPTCHA Enterprise to confirm requests come from the registered application
  • Google may process browser/device, interaction, network, necessary-cookie, and security-risk signals for abuse prevention; these signals are not used for grading, discipline, advertising, or student evaluation

Aliases reduce exposure, but they do not make every record anonymous. A school can connect an alias to a student, and provider identifiers, guardian links, uploads, or user-entered text may identify a person. We therefore treat these records as protected student information.

Disabled in minor-accessible workflows

Where generative AI is—and is not—used

Google generative AI is disabled in student-facing, student-triggered, and other minor-accessible company Assessment Center workflows. Clever data, student responses, student work images, accommodations, integrity evidence, and teacher classroom data are not sent from the application to Google generative AI. Assessment delivery and supported auto-scoring use deterministic rules.

  • Some static educational or marketing content may have been developed with AI assistance and is reviewed by a person before publication.
  • A separate adult-only teacher authoring service is not active.
  • Any future adult-only authoring service must accept no student personal information and pass written provider, counsel, security, and notice review.
  • An integrity event is not proof of cheating or misconduct; an authorized educator makes the final instructional, grading, and discipline decision.
Google Cloud's current Generative AI Service terms prohibit using those services in a website or customer application directed toward or likely to be accessed by people under 18. Moving to Vertex AI does not remove that restriction.
Delete with purpose

Product-specific retention

RecordOrdinary Schedule
Assessment responses, scores, feedback, accommodations, uploads, and integrity recordsThe applicable July–June school year, then deleted or de-identified unless the controlling school directs a shorter or otherwise lawful schedule.
Verified individual deletion requestCompleted within 30 days after verification and school coordination when the school controls the record, unless a shorter period applies.
School service terminationReturned or deleted within 60 days unless the agreement requires a shorter period.
Clever identity and roster linksWhile the authorized integration is active, then through the applicable deletion window.
Child and parent contact collected only to seek consentDeleted if legally sufficient parental consent is not completed within a reasonable time.
Billing, contract, and security evidenceOnly as needed for accounting, dispute, fraud-prevention, audit, or legal obligations; student content is not retained merely for billing.
BackupsRemoved from ordinary access when source data is deleted and permitted to age out only under a verified backup lifecycle. A numeric maximum has not yet been verified and external school student-data processing remains gated on that verification.
Requests & controls

Review, correct, delete, or appeal

For a school account, contact the school first for access, correction, deletion, or a challenge to AI/integrity evidence. We will support the school's verified instruction. For a direct-family or adult account, email info@thescholarsascent.org with the subject “Privacy request.” Do not email student records, passwords, PINs, or access tokens.

Texas residents may also appeal a decision by replying with the subject “Texas privacy appeal.” If an appeal is denied, we will explain how to contact the Texas Attorney General. We do not discriminate against anyone for exercising a privacy right.

Optional Public-Site Analytics

Firebase Analytics is off unless you choose to allow it. It is not enabled for authenticated dashboards, the Assessment Center application, or student assessment routes. Your choice is stored in this browser and can be changed here.