Privacy Policy for Simpleclass
Last updated: December 10, 2025
π§Ύ TL;DR β Our Privacy Promise
We keep it simple:
- β’ We only collect what's needed for your educational platform to work
- β’ We don't track you across the internet
- β’ We don't sell or rent your personal data, and we never share it for advertising
- β’ You can delete your account anytime β your data is removed without undue delay
- β’ Everything runs on European servers πͺπΊ β made in Europe, for Europe
- β’ Your data is encrypted and protected with industry-standard security
- β’ We use only strictly necessary cookies to keep you logged in
- β’ Institution admins manage their own teachers and students
(If you want the full legal version, keep reading π)
1. Who We Are
Simpleclass ("we", "our", "us") operates the educational platform at simpleclass.eu and related subdomains. We provide online classroom management software for educational institutions, teachers, and students.
Identity & Contact (Data Controller):
Simpleclass B.V.
Email: [email protected]
Address: Lichttoren 32, 5611 BJ Eindhoven, Netherlands
Dutch Chamber of Commerce (KvK): 97998303
Roles. For institution-managed workspaces, Simpleclass acts as a data processor for student/teacher content and live-session media, under a Data Processing Agreement (DPA) with the institution (the data controller). We act as an independent data controller for: (i) admin/owner account & billing data, (ii) platform security and abuse prevention, (iii) service communications, and (iv) limited operations metadata needed to run the service.
2. What Information We Collect
2.1 Information You Provide
For Institution Administrators
- Institution details and account credentials
- Organization type and business information (where applicable)
- Contact and billing information
- Language preferences
For Teachers and Students
- Account credentials
- Institution affiliation
- Course-related data
- Language preferences
2.2 Information Automatically Collected
During Platform Use
- Session participation data
- Calendar and scheduling information
- Chat messages within the platform
- File attachments
- IP address (for security and session management)
- Approximate location inferred from IP (to enforce EU/EEA geo-restrictions and prevent fraud)
- Browser type and language
- Authentication/session tokens (to keep you signed in securely)
During Live Sessions
- Video/audio streams (ephemeral unless recording is enabled)
- Screen shares (when actively sharing)
- Session recordings (only when explicitly enabled)
- Virtual room assignments
- Attendance and participation metrics
- Session chat logs
- Teacher media control (teachers may keep student cameras/microphones enabled; students retain browser-level control)
2.3 What We DON'T Collect
- Tracking cookies or advertising identifiers
- Cross-site analytics
- Browsing history outside our platform
- Location/GPS data
- Personal files unless explicitly uploaded
- Payment card details (handled by payment provider when activated)
- Third-party account passwords/credentials
3. How We Use Your Information
We use your data exclusively to:
Provide Educational Services
- Create and manage accounts
- Authenticate users and maintain sessions
- Enable course creation and management
- Schedule and conduct live sessions
- Track attendance and progress
- Send service emails (invitations, password resets, notifications)
- Enable file sharing
- Manage virtual breakout rooms
Platform Operations
- Generate usage statistics for administrators
- Ensure account limits match subscription plans
- Monitor account usage
- Manage multi-language communications
- Provide customer support when requested
- Maintain platform security and prevent abuse
- Collect minimal technical telemetry for reliability and security
Billing (Administrators only)
- Manage subscriptions and invoices
- Verify business information where required
- Process payments through payment provider (once integrated)
4. Who Can Access Your Data
4.1 Within Your Institution
Institution Administrators can
- Manage teachers and students in their institution
- Access usage statistics and attendance data
- Control institution-wide settings
- View courses created by teachers
- Remove users from the institution
Teachers can
- Create and manage their own courses
- View information about students in their courses
- Access enrollment and attendance records for their courses
- Schedule and manage sessions
- View chat logs and recordings of their sessions
- Share files with students
Students can
- View their enrolled courses
- Access their attendance records and shared materials
- Communicate within their courses
- Join live sessions
- Upload and share files
4.2 Simpleclass Staff
We don't access institution content except to provide support, ensure security, or comply with law.
4.3 Third-Party Services
We use a small number of GDPR-compliant processors under DPAs:
- Email delivery provider β sends service emails (name & email only)
- Real-time media infrastructure β processes live sessions
- Payment processor (to be activated) β handles subscriptions and invoicing
We never sell, rent, or share personal data for advertising. See our live sub-processor list at simpleclass.eu/en/vendors. We notify Institution admins at least 30 days in advance before adding or replacing a sub-processor. If your Institution reasonably objects, it may terminate before the change takes effect and receive a pro-rated refund of prepaid fees.
5. Data Storage and Security
5.1 Where Your Data Lives
Data is hosted in the European Economic Area (EEA). If transfers outside the EEA become necessary, we'll use Standard Contractual Clauses or equivalent safeguards and inform affected users.
5.2 How We Protect Your Data
- Passwords hashed using industry-standard algorithms
- Encryption in transit (TLS/SRTP) and at rest
- Role-based access controls
- Authentication tokens that expire automatically after inactivity
- Rate-limiting, intrusion detection, and monitoring
- Regular security updates
Where available, we clearly indicate when a session uses end-to-end encryption.
5.3 Session Recordings
- Preset at scheduling by the Teacher; recordings exist only if enabled in advance
- Pre-join banner + extra consent checkbox is shown; without opt-in, joining isnβt possible
- Owner-only access: the recording link is visible only to the Course Owner (Teacher) unless they share it per institution policy
- Stored securely with access control in the EU; deletable by authorized users per policy
6. Real-time Data Processing
Real-time session data (e.g., participant status, media routing) is ephemeral for delivery. Limited technical logs are retained briefly for reliability and security.
7. Your Rights and Controls
You can always:
- Access your personal information
- Update your profile and password
- Delete your account (removed without undue delay)
- Request information about what data we hold
- Opt out of non-essential communications
- Delete files you've uploaded
Institution administrators can
- Delete their institution (data removed without undue delay)
- Manage teachers and students
- Configure institution settings
- View usage statistics
Teachers can
- Manage courses they've created
- Delete recordings they've created (subject to institution policy)
- Manage content within their courses
GDPR Rights (EU users)
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability (where technically feasible)
- Right to object to processing
- Right to withdraw consent
π© To exercise your rights: contact [email protected] β we aim to respond promptly and in any case within one month under GDPR. You can also reach us via simpleclass.eu/en/contact.
Identity confirmation, kept minimal. We prefer to handle requests via your logged-in dashboard or by sending a confirmation link to your account email. Only if thereβs reasonable doubt about identity (e.g., request from a different email or a full data export) may we ask for a lightweight confirmation (e.g., verification link). We avoid ID documents; if absolutely necessary, we accept redacted copies and delete them immediately after verification.
Institution-controlled data: For data where your institution is the controller (e.g., course content, attendance records), we act on the institution's instructions. Deleting your personal account does not automatically remove records the institution is legally entitled or required to keep. We will assist your institution in fulfilling your request where we act as their processor.
8. Cookies and Tracking
8.1 Essential Cookies Only
We use only strictly-necessary cookies to keep you signed in and secure; no advertising or cross-site tracking.
8.2 No Tracking
We do not use advertising cookies or analytics trackers.
9. Data Retention
When you delete content or your account, we remove it without undue delay from active systems. Residual copies in backups are typically retained for up to ~90 days before being overwritten.
| Type of Data | Retention Period | Notes |
|---|---|---|
| Account data | Until deletion requested | Subject to institution policy where applicable |
| Course content | Until deleted | Subject to institution policy |
| Session data | Until deleted | Subject to institution policy |
| Chat messages | Until deleted | Subject to institution policy |
| File attachments | Until deleted | Subject to institution policy |
| Recordings | Until deleted | Subject to institution policy |
| Attendance records | Per institution policy/legal requirements | May be retained for academic records |
| System logs | No longer than necessary (typically up to 180 days) | For security and reliability |
| Session tokens | Duration of session | Expire on logout or inactivity |
10. Children's Privacy
Simpleclass may be used by minors under institutional supervision.
- Institutions are responsible for obtaining parental consent where required by law
- We do not knowingly collect data directly from children below the age required by local law (13β16 in the EU; 16 in the Netherlands) without institutional oversight
- Parents can contact the institution or us regarding their child's data
- Institutions act as the data controller for minor students
11. International Transfers
Data is hosted in the EEA. If a transfer outside the EEA becomes necessary, we'll use Standard Contractual Clauses or equivalent safeguards and inform affected users.
12. Legal Basis for Processing (GDPR)
A) When Simpleclass is the Data Controller
| Purpose | Legal Basis | Notes |
|---|---|---|
| Admin/teacher account creation & operation | Contract (Art. 6(1)(b)) | Registering accounts, login, core features |
| Service communications (non-marketing) | Legitimate interests (Art. 6(1)(f)) and/or Contract | Password resets, incidents, availability notices |
| Platform security, fraud/abuse prevention, reliability logs | Legitimate interests (Art. 6(1)(f)) | Access control, rate limiting, auditing |
| Billing & invoicing (admins) | Contract + Legal obligation (Art. 6(1)(c)) | VAT, tax records retention |
| Customer support | Legitimate interests (Art. 6(1)(f)) | Access to content only if needed for support/security or by law |
B) When Simpleclass is the Data Processor
| Data/Activity | Controller's Legal Basis | Notes |
|---|---|---|
| Course content, attendance, session chat, files | Determined by the institution (e.g., public task for public schools; legitimate interests/contract for private orgs) | We process on written instructions in the DPA |
| Live session recordings | Consent (Art. 6(1)(a)) or other basis set by the institution | In-app indicator when recording is enabled |
| Minors' data | Controller's basis; parental consent at age <16 in NL where required | Institution manages consent & notices |
13. External Integrations
Optional third-party embeds (e.g., documents) are authenticated directly with the provider. We don't receive third-party passwords unless you explicitly grant access for a feature, in which case we'll show the scope and purpose before consent.
14. Changes to This Policy
We may update this policy from time to time. We'll notify admins and display an in-app banner before material changes take effect.
15. Contact Us
Privacy Contact
π§ [email protected]
π Lichttoren 32, 5611 BJ Eindhoven, Netherlands
Full company details (incl. VAT ID): simpleclass.eu/en/contact
Supervisory Authority
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Website: autoriteitpersoonsgegevens.nl
You may also contact your local EU supervisory authority.
Compliance Statement
This policy is designed to comply with:
- The EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
- The Dutch GDPR Implementation Act (Uitvoeringswet AVG / UAVG)
- The national laws implementing the ePrivacy Directive (2002/58/EC) in the EU/EEA countries where we operate (including the Dutch Telecommunications Act β Telecommunicatiewet, art. 11.7a)
Effective as of December 10, 2025. Applies to all users of the Simpleclass platform at simpleclass.eu and all institution subdomains.
Version 1.1