Privacy statement

This privacy statement explains how JunoClass (“we”, “us”) handles personal data when schools, teachers, and pupils use our homework and quiz platform.

We take data protection seriously, particularly where children’s data is involved. Schools using JunoClass should also provide their own privacy information to staff and pupils as required by law.

For most pupil and staff data processed in connection with school activities, the school is the data controller and JunoClass acts as a data processoron the school’s instructions.

For data we collect about school registration, billing, and operating the platform itself (for example, when you contact us as a prospective customer), we may act as a data controller.

Schools are responsible for having a lawful basis to use JunoClass with their pupils and for issuing appropriate privacy notices.

Depending on how you use the service, we may process:

• Account data— name, email address, school affiliation, role (teacher or pupil), and authentication identifiers from school sign-in;
• Educational data— class membership, quiz responses, scores, grades, teacher feedback, and analytics derived from that activity;
• School administration data— school name, email domains, staff registry entries, and settings chosen by school admins;
• Technical data— device/browser type, IP address, and logs needed to secure and operate the service;
• AI quiz generation (optional)— when a teacher uses Generate with AI, the prompt they enter, question-type choices, department name, and department topic labels. Pupil personal data is not sent for this feature.

We do not intentionally collect special category data unless a school chooses to include it in free-text quiz content — schools should avoid asking pupils for unnecessary sensitive information.

We use personal data to:

• provide sign-in, classes, quizzes, marking, and analytics;
• provide optional AI-assisted quiz drafting for teachers (teacher review required before publish);
• assign users to the correct school and role;
• support schools with administration and security;
• improve reliability and fix errors;
• comply with legal obligations.

We do not sell personal data. We do not use pupil data for advertising. Pupil personal data is not sent to AI providers.

Where we act as controller, we rely on:

• Contract— to register schools and provide the service;
• Legitimate interests— to secure the platform, prevent abuse, and improve the product, balanced against user rights;
• Legal obligation— where we must retain or disclose information by law.

Where we process on a school’s behalf, the school determines the lawful basis (often public task and/or legitimate interests in an educational context, or consent where appropriate).

JunoClass uses trusted providers to run the service, including:

• Google Firebase— authentication, database, and hosting of application data;
• Google— identity sign-in when you sign in to JunoClass;
• Stripe— subscription billing for school licences (school admin contact and payment metadata only; no pupil data);
• Vercel— website and application hosting.
• Google (Gemini API)— optional AI-assisted quiz question generation when a teacher chooses Generate with AI (teacher prompts and related context only; no pupil personal data).

A fuller sub-processor list and IT approval summary is in our School IT & data protection pack.

These providers process data under their own terms and privacy policies, as sub-processors acting on our instructions where applicable. Data may be processed in the UK, EEA, United States, or other countries with appropriate safeguards.

We retain data while a school account is active and as needed to provide the service. When a school stops using JunoClass, we will delete or anonymise data within a reasonable period unless we must retain it for legal, security, or dispute-resolution purposes.

Schools may request export of quiz results (for example via CSV) before closure where the feature is available.

We use industry-standard measures including encrypted connections (HTTPS), authenticated access, server-side validation of sensitive operations, and tenant isolation so schools cannot access each other’s data.

No online service is completely secure. Users should keep sign-in credentials safe and report suspected misuse promptly.

Some sub-processors may store or process data outside the UK. Where required, we rely on appropriate transfer mechanisms such as UK adequacy regulations, Standard Contractual Clauses, or equivalent safeguards.

Under UK GDPR, individuals may have rights to access, rectify, erase, restrict, object, and port their data, and to withdraw consent where processing is consent-based.

Pupils and staff should usually contact their school first, as the school is often the controller. We will assist schools in responding to valid requests.

You may complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

JunoClass is designed for use by schools with pupils under 18. Accounts are provisioned through school-controlled domains and policies. We do not knowingly offer public self-registration for children outside a registered school context.

We use essential cookies and local storage required for sign-in and session management. We do not use advertising cookies on the application. Analytics on public marketing pages, if added in future, will be described here.

We may update this statement from time to time. The “Last updated” date at the top will change when we do. Material changes may also be communicated to registered schools.

See also our School IT & data protection pack.

Privacy enquiries: hello@junoclass.com.

See also our terms of service.