Articles in this section

How ClassDojo Complies with GDPR

Is ClassDojo General Data Protection Regulation (GDPR) Compliant?

Yes. We take our commitment to your privacy and data protection seriously; that's why every ClassDojo product is designed with privacy and security first. ClassDojo has complied with GDPR since it went into effect on May 25, 2018.

What is GDPR?

The European Union (EU) has established the General Data Protection Regulation (GDPR) to protect the processing of an individual’s personal data and the free movement of that personal data. At ClassDojo, we have created a strict set of privacy guidelines to support these changes. As part of this, we updated our Privacy Policy and Terms of Service. These updates provide more transparency and peace of mind over how ClassDojo protects your privacy, gives you security, and ensures you have control over your information. We hope you will read them in full, but here are highlights:

Privacy

  • This page breaks down in detailed categories exactly what information we collect for each type of user, the sources we use to collect that information, where it’s stored, and how it is used. 
  • This page shows a full list of third-party services we partner with to provide the ClassDojo Service and what information we share with each. You are protected by our third-party suppliers as well under our Privacy Policy. 

Security: 

  • We use security industry best practices to protect personal information, including using encryption and other security safeguards to protect personal information. 
  • We store all personal information on highly secure data centers that are access-controlled. The Service is hosted on servers at a third-party facility, with whom we have a contract providing for enhanced security measures. For example, personal information is stored on a server equipped with industry-standard firewalls. In addition, the hosting facility provides a 24x7 security system, video surveillance, intrusion detection systems, and locked cage areas.
  • ClassDojo’s databases where we store your personal information is encrypted at rest, which converts all personal information stored in the database to an unintelligible form.
  • We ensure passwords are stored and transferred securely using encryption and salted hashing.
  • When you enter any information anywhere on the Service, we encrypt the transmission of that information using secure socket layer technology (SSL/TLS) by default.
  • For more information, please see our Security Whitepaper.

Control: 

  • You control your information, and you can delete your teacher account, parent account, or student account at any time. We will not retain student personal information for any longer than is necessary for educational purposes and legal obligations or to provide the ClassDojo Service for which we receive or collect the student's personal information. We keep non-student personal information until your account is deleted or until it is no longer necessary to provide you with the ClassDojo Service. Please note that some content may be kept after the deleting of an account for school legal compliance reasons and will not be deleted until we receive direction from the school. This can include content uploaded by a student, teacher, school leader, or parent.  See our FAQ for more details. 

Transferring Personal Information to the United States:

Please see our Detailed FAQ for more information.

 

Frequently Asked Questions: 

What personal information does ClassDojo collect?

  • Personal information is information that can be used to identify or contact a particular individual or a particular device. We never collect sensitive personal information, as defined by GDPR standards.
  • Students: We ask for the minimum necessary information from students to register for the service: often just a name. We don’t ask for gender, email, address, or student ID. Anything else collected is restricted to information needed for educational and safety purposes or to provide and improve the service. 
  • School Leaders, Teachers, and Parents: We do ask for some information that is provided directly by teachers, school leaders, and parents. We also collect some information related to technology issues in order to provide you with the best possible experience.
  • The Information Transparency page breaks down what information is collected for each account type and how that information is collected.
  •  

Will ClassDojo ever sell my personal information?

  • No. ClassDojo will never sell or rent your personal information to a third party for any reason.

Does GDPR require that data is stored in E.U.?

  • No. As a US-based company, all user data is stored in the United States. As such, certain jurisdictions require that specific legal requirements are met in order to transfer this personal data from your location to the United States.   Please see our Detailed FAQ for more information. 

Is there someone at ClassDojo I can speak with if I have further concerns or wish to exercise my rights under GDPR?

  • Yes. Please contact us at privacy@classdojo.com, and a team member will happily address your questions or concerns.  
  • To exercise your rights, please see this form.

Additional Assistance:

  • If you are located in the European Union or the EEA, you have a right to lodge complaints about the data processing activities carried about by ClassDojo with the supervisory authority in your country.  Pursuant to Article 27 of the GDPR, ClassDojo, Inc. has appointed the European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by sending an email to privacy@edpo.brussels, using EDPO’s online request form, or writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.