Student Data Protection
How Lit-Levels protects student data — plain language, no surprises.
Our Core Promise
Student data exists for one reason on Lit-Levels: to support learning. It is not for sale, not for advertising, not for profiling, and not for anything that would surprise a parent, teacher, or student.
What We Collect and Why
Every piece of student data we collect has a clear educational purpose. Here is exactly what we store, why, and who can access it.
First Name & Username
Grade Level
Reading Level (Lexile)
Quiz Scores & Answers
Time on Task
Parent/Guardian Email (optional)
Avatar & Preferences
What We Do NOT Collect
How We Protect Student Data
Encrypted in Transit & at Rest
All data is transmitted over HTTPS (TLS 1.2+) and stored in encrypted databases. Student passwords are hashed with bcrypt and never stored in readable form.
Role-Based Access Control
Students see only their own data. Teachers see only their assigned students. School admins see only their school. No one sees more than they need.
Session Authentication on Every Request
Every API request verifies the user's identity and permissions server-side. There are no client-side permission shortcuts.
Data Minimization
We collect only what is needed for instruction and reporting. We do not store unnecessary personal information or behavioral data beyond educational purposes.
Right to Delete
Schools and families can request deletion of student data at any time. When a student account is deactivated, their personal information can be removed.
No Third-Party Data Sharing
Student data is never shared with advertisers, data brokers, or any third party for commercial purposes. Our only external service is secure cloud infrastructure.
Who Can See What
| Data Type | Student | Teacher | School Admin | Parent |
|---|---|---|---|---|
| Own reading progress | ✅ | ✅ | ✅ | ✅ |
| Own quiz scores | ✅ | ✅ | ✅ | ✅ |
| Own avatar & preferences | ✅ | — | — | — |
| Class-level analytics | — | ✅ | ✅ | — |
| Individual student detail | — | ✅ | ✅ | — |
| Other students' data | — | — | — | — |
| Teacher account info | — | — | ✅ | — |
| Platform-wide metrics | — | — | ✅ | — |
Third-Party Services
Lit-Levels uses a minimal set of third-party services, all of which are required for core platform operation:
Secure, encrypted database and file storage. SOC 2, ISO 27001 certified. Data stored in US regions.
Used to generate reading content, provide hints, and create personalized stories. No student data is retained by the AI provider beyond the request.
What we do NOT use: No third-party analytics trackers, no advertising networks, no social media pixels, no data brokers, no behavioral tracking services.
Compliance Framework
Student data treated as education records under school control. Parents have right to access and request deletion.
Accounts created by schools/teachers under school consent. No direct marketing to children. Parental consent for photos.
Designed to meet Georgia, North Carolina, and other state student privacy requirements. Data stays in the US.
For Schools & Families
If you are a school administrator evaluating Lit-Levels, or a parent who wants to know more about how your child's data is handled, we are happy to answer questions.
Schools can request a copy of our Data Privacy Agreement (DPA) or a Student Privacy Pledge review at any time.
Parents can request to see what data we hold about their child, request corrections, or request deletion by contacting their child's teacher or school administrator.