Privacy Policy

Last Updated: January 25, 2026

At Bolt Education, we take student privacy seriously. This Privacy Policy explains how we collect, use, protect, and share information in accordance with the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), and the General Data Protection Regulation (GDPR).

We are committed to protecting the privacy of students, educators, and school administrators who use our SchoolBolts and ClassBolts platforms.

FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. Bolt Education acts as a "School Official" under FERPA when schools use our services.

School Official Status

When a school or district contracts with Bolt Education, we function as a school official with legitimate educational interests in student data. We:

  • Only access student data as necessary to provide our services
  • Do not share student data with third parties except as required to operate our services (e.g., cloud infrastructure providers)
  • Do not use student data for advertising or marketing purposes
  • Maintain appropriate security safeguards to protect student data

Parent Rights

Parents and eligible students have the right to access, review, and request corrections to education records. Schools maintain control over student data and can provide access, corrections, or deletion upon request.

COPPA Compliance

The Children's Online Privacy Protection Act (COPPA) applies to the collection of personal information from children under 13 years of age. Bolt Education complies with COPPA through the following practices:

School Consent

When schools use Bolt Education for educational purposes, they provide consent on behalf of parents under the "school official" exception. We rely on schools to obtain any necessary parental consent.

Minimal Data Collection

We collect only the minimum information necessary to provide our services:

  • SchoolBolts: Student names, email addresses (for Google account integration), grade levels, and class enrollment information
  • ClassBolts: Students can participate anonymously or with nicknames without providing any personal information

Privacy-First Design

Schools can configure privacy levels to minimize data collection. Our "minimal OAuth" mode stores only Google authentication tokens and anonymous student IDs, allowing students to set display names without storing email addresses or full names.

GDPR Compliance

The General Data Protection Regulation (GDPR) protects the privacy rights of individuals in the European Union. While Bolt Education primarily serves U.S. schools, we extend GDPR-level protections to all users.

Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract: Processing necessary to fulfill our service agreement with schools
  • Legitimate Interests: Improving our services, preventing fraud, and ensuring security
  • Legal Obligation: Complying with applicable laws and regulations

Data Subject Rights

Individuals have the right to:

  • Access: Request a copy of their personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of their data ("right to be forgotten")
  • Portability: Receive their data in a machine-readable format
  • Objection: Object to certain types of data processing
  • Restriction: Request limitation of data processing

Schools control student data and can exercise these rights on behalf of students. Contact your school administrator or email privacy@bolteducation.com to submit requests.

Information We Collect

From Schools and Educators

  • School information (name, district, address, NCES ID)
  • Educator accounts (name, email, Google Workspace domain)
  • Class rosters (via Google Classroom sync or manual entry)
  • Subscription and billing information

From Students

  • SchoolBolts: Name, email, grade level, class enrollment (configurable based on school privacy settings)
  • ClassBolts: Optional nickname or anonymous participation (no personal information required)
  • Student-created content (boards, poll responses, quiz submissions, media uploads)
  • Usage data (timestamps, feature usage, session information)

Technical Information

  • IP addresses (anonymized after 30 days)
  • Browser type and version
  • Device type (desktop, tablet, mobile)
  • Cookies and local storage for authentication and preferences

How We Use Information

We use collected information solely for educational purposes:

  • Providing and improving our SchoolBolts and ClassBolts services
  • Authenticating users via Google OAuth
  • Syncing class rosters from Google Classroom
  • Enabling real-time collaboration (boards, polls, discussions)
  • Storing and delivering student work and educator content
  • Providing usage analytics to school administrators
  • Communicating service updates and support
  • Preventing fraud and ensuring platform security

Data Sharing and Third Parties

We do not sell, rent, or share student data with third parties for advertising or marketing purposes. We only share data with service providers necessary to operate our platform:

  • Amazon Web Services (AWS): Cloud hosting and file storage (S3)
  • Bunny.net: Video transcoding and CDN streaming
  • Google Workspace: OAuth authentication and Classroom API integration
  • Stripe: Payment processing (schools only, no student data shared)

All service providers are contractually required to protect data and use it only for providing services to Bolt Education.

We may disclose information if required by law, court order, or government request, or to protect the safety and security of our users.

Data Security

We implement industry-standard security measures to protect data:

  • Encryption in transit (TLS/SSL) and at rest (AES-256)
  • Secure authentication via Google OAuth 2.0
  • Multi-tenant database architecture with tenant isolation
  • Regular security audits and penetration testing
  • Access controls and role-based permissions
  • Automated backups and disaster recovery procedures
  • Employee background checks and confidentiality agreements

Data Retention and Deletion

We retain data only as long as necessary to provide services:

  • Active Subscriptions: Data retained for the duration of the school's subscription
  • Expired Subscriptions: Data archived and access revoked; schools can request deletion or reactivation
  • Student Data: Deleted upon school request or within 90 days of subscription cancellation
  • Technical Logs: Anonymized after 30 days, deleted after 1 year

Schools can request immediate deletion of all student data by contacting privacy@bolteducation.com.

Student Privacy Protections

We go beyond compliance to prioritize student privacy:

  • No Advertising: We never show ads to students or use student data for advertising purposes
  • No Behavioral Tracking: We do not track students across websites or build behavioral profiles
  • Configurable Privacy Levels: Schools choose between minimal OAuth (anonymous IDs) or basic PII (names and emails)
  • Anonymous Participation: ClassBolts allows students to participate without accounts using nicknames
  • Parental Access: Parents can request access to their child's data through their school
  • Teacher Control: Educators control what content is shared and with whom

Cookies and Tracking

We use cookies and similar technologies for essential functionality only:

  • Authentication: Session cookies to keep users logged in
  • Preferences: Local storage for user settings and interface preferences
  • Security: Cookies to prevent cross-site request forgery (CSRF)

We do not use third-party advertising cookies or analytics trackers on student-facing pages.

Children's Privacy

Bolt Education is designed for use by K-12 schools under the supervision of educators. We:

  • Do not knowingly collect personal information from children under 13 without school consent
  • Require schools to provide consent on behalf of parents under COPPA
  • Provide age-appropriate privacy protections for students of all ages
  • Enable anonymous participation for young learners via ClassBolts

International Data Transfers

Bolt Education is based in the United States, and our servers are located in the U.S. By using our services, schools consent to the transfer and processing of data in the United States. We implement appropriate safeguards to protect data in accordance with GDPR and other international privacy laws.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify schools of material changes via email and update the "Last Updated" date at the top of this page. Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Bolt Education Privacy Team

Email: privacy@bolteducation.com

Address: [Your Company Address]

Phone: [Your Phone Number]