Privacy
Policy

Last updated: February 27, 2026

This Privacy Policy describes how Class Compass collects, uses, and protects your personal information when you use our website and services. Class Compass is a personal school dashboard that integrates with Canvas LMS — it is not a school-administered service. By using Class Compass, you consent to the data practices described in this policy.

1. Information We Collect

We collect only the information necessary to provide and operate Class Compass. The categories of information we collect are described below.

Account Information

When you sign in with Google OAuth, we receive and store the following information from your Google account:

  • Name: Your display name as provided by Google.
  • Email Address: Used to identify your account and for communication purposes.
  • Profile Picture: Your Google profile image, displayed within the application.

Canvas Credentials

If you choose to connect your Canvas LMS account, we collect and store the following:

  • Canvas API Token: Whether you connect via OAuth or provide a personal access token manually, your token is encrypted using AES-256-GCM encryption before being stored in our database. Your token is never stored in plaintext and is never exposed to the client.
  • OAuth Credentials: If you connect via Canvas OAuth, we also store an encrypted refresh token and a token expiration timestamp, which are used to maintain your connection without requiring you to re-authorize.
  • Canvas Instance URL: The URL of your educational institution's Canvas instance, used to direct API requests to the correct server.

Payment Information

If you subscribe to a paid tier, payment processing is handled entirely by Stripe. We store only:

  • Stripe Customer ID: A unique identifier assigned by Stripe to manage your subscription.
  • Subscription Tier: Your current plan level (Free, Pro, or Lifetime).

We do not receive, process, or store your payment card details, billing address, or other financial information. All payment data is handled directly by Stripe in accordance with their security standards.

Usage Data

We may collect basic usage data such as page visits and feature interactions to help us understand how the service is used and to improve performance. This data is not tied to your personal identity and is not shared with third parties.

2. Information We Do Not Collect

We want to be clear about the data we intentionally do not collect or store on our servers:

  • Canvas Course Data: Your courses, grades, assignments, announcements, and other educational data are fetched on-demand from Canvas when you use the dashboard. This data passes through our service but is not stored, cached, or retained on our servers.
  • Browser-Only Data: Certain features — including todo lists, quick links, and AI-generated summary caches — store data exclusively in your browser's localStorage. This data never leaves your device and is not accessible to us. If you clear your browser data or switch devices, this data will be lost.
  • Payment Card Details: We never have access to your credit card number, expiration date, or CVV. Stripe handles all payment card processing.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Authentication: Your Google account information is used to create and maintain your Class Compass account and to verify your identity when you sign in.
  • Providing the Service: Your Canvas credentials are used to fetch your educational data from Canvas LMS on your behalf, enabling course tracking, grade monitoring, and announcement viewing.
  • Processing Payments: Your Stripe customer ID and subscription tier are used to manage your subscription, process payments, and control access to paid features.
  • AI Features: When you use AI-powered summarization (available on paid tiers), announcement text from your Canvas account is sent to OpenAI for processing. The resulting summaries are cached locally in your browser, not on our servers.
  • Improving the Service: Aggregated, non-identifying usage data may be used to understand how features are used and to improve the overall experience.
  • Communication: Your email address may be used to respond to support requests or to notify you of important changes to the service or these policies.

We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.

4. Third-Party Services

Class Compass relies on several third-party services to operate. Each service receives only the data necessary for its function. These services operate under their own privacy policies, which we encourage you to review.

Google

Google provides authentication for Class Compass via OAuth. When you sign in, Google shares your name, email address, and profile picture with us. No other Google account data is accessed. Google's privacy policy governs their handling of your data during the authentication process.

Canvas LMS

Class Compass accesses your Canvas LMS data using an API token that you authorize — either by connecting via Canvas OAuth or by providing a personal access token manually. We use this token to fetch your courses, grades, assignments, and announcements on your behalf. This data is retrieved on-demand and is not stored on our servers. Your institution's Canvas privacy policy governs the data within Canvas itself.

Stripe

Stripe processes all payments for Class Compass subscriptions. When you subscribe to a paid tier, Stripe receives your email address and billing information directly. We do not have access to your payment card details. Stripe's privacy policy and PCI-DSS compliance standards govern their handling of your payment data.

OpenAI

AI-powered announcement summarization is available on paid tiers. When you use this feature, announcement text from your Canvas account is sent to OpenAI's API for processing. Per OpenAI's API data usage policy, data submitted through the API is not used to train their models. OpenAI's privacy policy governs their handling of data received through the API.

YouTube

Class Compass includes an embedded YouTube music player available on paid tiers. When you use this feature, YouTube may collect data in accordance with their own privacy policy. Class Compass does not share any of your personal data with YouTube directly.

5. Data Security

We take the security of your data seriously and implement appropriate technical measures to protect it:

  • Encryption: Canvas API tokens and refresh tokens are encrypted at rest using AES-256-GCM, an industry-standard encryption algorithm. Tokens are decrypted only on-demand within our server-side API routes and are never exposed to the client or stored in plaintext.
  • Pass-Through Architecture: Canvas educational data (courses, grades, assignments, announcements) passes through our service without being stored. This minimizes the amount of sensitive data held on our servers.
  • Secure Authentication: We use Google OAuth for authentication, which means we never handle or store passwords.
  • Payment Security: All payment processing is delegated to Stripe, which maintains PCI-DSS compliance. We never handle payment card data.

While we implement reasonable security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data, but we are committed to protecting it using industry-standard practices.

6. Data Retention

  • Account Data: Your account information (name, email, profile picture, Canvas credentials, Stripe customer ID, and subscription tier) is retained for as long as your account remains active.
  • Account Deletion: If you request deletion of your account, all associated data will be permanently removed from our servers within 30 days of the request.
  • Browser Data: Data stored in your browser's localStorage (todo lists, quick links, AI summary caches) is controlled entirely by you. This data persists until you clear it through your browser settings or clear your browser data.
  • Canvas Data: Educational data from Canvas is not retained. It is fetched on-demand and exists only temporarily during the course of your active session.

7. Your Rights and Choices

You have control over your data and how it is used within Class Compass:

  • Canvas Credentials: You can update or disconnect your Canvas account at any time through your account settings. Disconnecting removes your access token, refresh token, and token expiration data from our servers.
  • Browser Data: You can clear locally stored data (todo lists, quick links, AI summary caches) at any time through your browser's settings or developer tools.
  • Account Deletion: You may request complete deletion of your account and all associated data by contacting us at bp08262004@gmail.com. All server-stored data will be permanently removed within 30 days of your request.
  • AI Features: AI-powered summarization is entirely optional. You can opt out by simply not using the feature, or by downgrading to the Free tier.
  • Subscription Management: You can manage, upgrade, downgrade, or cancel your subscription at any time through the Stripe billing portal accessible from your account settings.

8. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). Class Compass does not sell your personal information to third parties. If you wish to exercise any rights under the CCPA, including the right to know what personal information we hold about you or to request its deletion, please contact us at bp08262004@gmail.com.

9. Children's Privacy

Class Compass is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

Users between the ages of 13 and 18 may use Class Compass with the consent of a parent or legal guardian. Parents or guardians may contact us at bp08262004@gmail.com to review, modify, or request deletion of their child's account and personal information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or legal requirements. When we make changes, we will update the "Last updated" date at the top of this page. Your continued use of Class Compass after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

11. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Georgia, United States, without regard to its conflict of law provisions.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, your personal data, or if you wish to request account deletion, please contact us at bp08262004@gmail.com.