Data & Security for Schools

LevelUp is designed for students first, but we know schools, counselors, and districts care deeply about data protection and compliance. This page summarizes how LevelUp approaches data, security, and student privacy.

1. What LevelUp stores

• Student account info: email, display name or nickname, and a securely hashed password (never the raw password).
• Study activity: focus sessions, XP, streaks, quests, and related progress metrics.
• Optional academic data: GPA entries, course names, and transcript-derived data that students or schools choose to enter.
• Device/usage logs: IP address, browser type, and basic request logs used for security, performance monitoring, and abuse detection.
• Payment metadata (for Pro users): handled by Stripe; LevelUp never stores full card numbers.

2. Security practices

• Encryption in transit using HTTPS for all traffic.
• Use of reputable hosting and database providers (e.g., modern cloud infrastructure with built-in security features).
• Limited internal access to production data, restricted to operations and maintenance needs.
• Server-side checks to prevent obvious abuse, cheating, or automated exploitation.
• Logging and monitoring to detect unusual patterns (e.g., sign-in abuse or mass account creation).

3. Student privacy & school use

LevelUp aims to support school use without requiring unnecessary personal data. Students can create accounts individually, or schools can introduce LevelUp as a voluntary tool.

• Students control what academic information (like GPA or course names) they enter.
• When teachers or coaches use LevelUp with classes, they can see only the performance and activity data relevant to their class context.
• We do not use student data for targeted advertising.

4. COPPA & minors (COPPA-lite explanation)

LevelUp is not primarily marketed to children under 13, and we do not knowingly collect personal information from children under 13 without appropriate consent.

• If a district or school chooses to use LevelUp with younger students, they are responsible for obtaining any required parental or guardian consent under applicable laws (including COPPA where it applies).
• If we become aware that a child’s account violates applicable consent requirements, we may limit, anonymize, or delete that account’s data.

Nothing on this page is legal advice; schools should consult their own counsel for specific COPPA obligations.

5. FERPA-style respect for education records (FERPA-lite)

LevelUp is not an official student information system, but we treat certain academic data (like GPA entries and course records entered into LevelUp) with similar care to education records.

• We use academic data only to provide app features (GPA tools, progress views, proof-of-grind reports).
• We do not sell student academic records or share them with third parties for advertising.
• At a school’s request, we can work with them to remove or anonymize student data associated with that school.

Schools remain responsible for determining whether and how LevelUp fits within their FERPA compliance strategy.

6. Data deletion & student rights

• Students can request account deletion by contacting support or using tools provided in the app (where available).
• Upon deletion, active account data is removed or anonymized; some backup or aggregated data may remain for operational and security reasons.
• Schools or districts piloting LevelUp can request bulk removal of associated student accounts if needed.