EZclass Privacy Policy
Effective Date: June 1, 2025
1. Introduction:
EZClass OÜ (“EZclass”, “we”, “us”, or “our”) is committed to protecting your privacy and personal data. This Privacy Policy explains what personal data we collect from users of our Platform — including students, parents/legal guardians, and teachers — how we use and protect that data, and the rights you have in relation to your personal information.
EZClass OÜ is the Data Controller for personal data collected through ezclass.io and related Services, meaning we determine the purposes and means of processing that data. We process personal data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data privacy laws.
Our Services include ezclass.io and auxiliary tools such as eztime, ezinvoice, ezhours, ezdash, and ezcurriculum — all considered part of the EZclass Platform.
By using EZclass or providing personal information to us, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree with these practices, please do not use the Platform.
2. Information We Collect
We collect various types of information from and about you to provide, improve, and secure our Services. This includes:
2.1 Information You Provide Directly
Account Information:
When you register on EZclass, we collect your name, email address, and account login credentials. If you register as a student or parent, we may also collect your phone number or other contact details for account verification or support purposes.
Teachers using our Platform may provide personal data as part of their profile, during the onboarding process, or throughout their engagement with EZclass. This can include:
- educational background
- work history and experience
- professional biography
- profile photo(s) and intro video(s)
- teaching qualifications and certifications
- identification documents (for verification and compliance)
- postal address and contact details
- banking or payout information (for payments)
- signed digital agreements and acknowledgments (such as acceptance of training materials, code of conduct, data protection obligations, or other required policies, which are delivered and signed electronically within the Platform)
- additional media content such as short videos, demo lessons, or other materials required for teaching profile visibility
We handle all such information in accordance with this Privacy Policy and any applicable teacher agreements.
Some parts of a teacher’s profile (such as first name, profile photo, bio, languages spoken, qualifications, and intro video) may be visible to students to facilitate class selection. Sensitive personal data (such as legal name, full contact details, ID documents, banking info, or signed agreements) is securely stored and used solely for operational, contractual, or compliance purposes.
Payment Information:
When you make a purchase (such as booking classes or subscribing to a plan), our payment processor (Stripe) collects your payment card details and billing information. EZclass does not store your full credit/debit card number or CVV on our systems; this data is transmitted directly to Stripe in encrypted form for secure processing. However, we may retain limited payment metadata—such as the last four digits of your card, card type, expiration date, and transaction identifiers—to manage billing and support customer service.
Class Content and Communications:
When you participate in a class, any information you share (such as your voice, image, and chat messages or files) may be processed. EZclass uses its own integrated video classroom powered by the Zoom Video SDK, embedded directly within our Platform. This means your video and audio remain within the EZclass environment and are processed securely through the Zoom SDK—not via external Zoom links. Your video, audio, and chat content are made available only to the teacher and other participants in your class. To support quality assurance, teacher evaluation, internal training, service improvement, and safety monitoring, EZclass may record certain class sessions. Not all sessions are recorded, and students and teachers are not notified during the class whether a recording is active, as the recordings are intended strictly for internal operational purposes and not for external use or public distribution.
Recorded sessions may include:
- audio (spoken content)
- video (webcam feed)
- chat messages
- shared screens, digital whiteboards, or other visual content displayed during the session
All recordings are stored securely, with access strictly limited to authorized EZclass staff members who require access to perform their roles. Recordings are used solely for purposes such as quality control, resolving disputes, monitoring teacher performance, platform improvements, and ensuring compliance with EZclass policies.
We do not share recorded classes with the public or with external parties. If in the future EZclass offers playback features for students (for example, the ability to re-watch their own classes), this functionality will be clearly described and will be governed by additional user permissions and controls.
Additionally, if you contact us via email, chat, or a contact form, we will collect and store the information you provide for customer support, operational purposes, and service improvement.
Teacher-Provided Information:
Teachers may provide personal data as part of their profile or during the application process. This can include educational background, work history, copies of certifications, and banking or payout details (to enable payments). We handle this information in accordance with this Privacy Policy and relevant agreements with teachers. Certain aspects of teacher profiles (such as first name, last name, profile photo, qualifications, languages spoken, and biography) will be visible to students to facilitate class selection. Sensitive personal information (such as full legal name (can be different or the same as displayed in the platform publicly), contact information, or identification documents) is stored securely and used only for internal purposes, compliance, and payroll.
2.2 Information We Collect Automatically
Usage Data:
We automatically collect data about how users interact with the Platform. This includes pages viewed, time spent on the Platform, navigation patterns, buttons clicked, classes booked or attended, and other user actions.
This data helps us analyze engagement, optimize the user experience, and continuously improve our Services (for example, to understand which class topics are most popular or to identify features that require enhancement).
In addition, we use this data to track learning and teaching performance across the Platform. Performance data is analyzed and presented through live dashboards available to users (for example, teachers and students), offering personalized insights on progress, participation, consistency, and other key metrics. These dashboards are designed to help users visualize their advancement over time and to support continuous learning improvement.
Device and Connectivity Information:
We collect information about the device and internet connection you use to access our Services. This may include device type (e.g., desktop, tablet, mobile), operating system, browser type, IP address, device identifiers, and general geographic location (city or country level, inferred from your IP address). We use this information for security (such as preventing fraud), debugging, and optimizing the user experience.
Cookies and Similar Technologies:
We use cookies and similar tracking technologies (such as web beacons or pixels) to store user preferences, keep you logged in, and analyze Platform usage. For example, cookies help remember your language preference (English, Spanish, etc.). We also use cookies for aggregate analytics, such as tracking overall site traffic and performance.
One of our analytics providers is Google Analytics, which uses cookies to collect visitor data. The information (which may include your IP address or device ID) is transmitted to and stored by Google on servers that may be located outside the European Union. We configure Google Analytics to anonymize IP addresses where possible and honor “Do Not Track” settings where supported. For more details, see Section 7 (Cookies & Tracking).
Zoom SDK Usage Data:
Because we use the Zoom Video SDK (integrated directly into our Platform), we may receive technical data via the Zoom SDK API—for example, confirmation that you joined or left a class, your display name, session duration, and basic meeting quality metrics. This helps us manage attendance records and troubleshoot technical issues.
We do not receive or store the actual video or audio streams of your class participation unless a recording feature is explicitly introduced with prior notice and your consent.
Excalidraw Whiteboard Usage Data:
EZclass integrates an interactive digital whiteboard tool (powered by Excalidraw) into certain classes. When you use this whiteboard during a class, we collect and process the content you input —such as drawings, text annotations, diagrams, and any other contributions you make on the board.
This data is linked to the session and may also be associated with your user profile (for example, to display your contributions during or after the class).
We use this whiteboard data to:
- Support the live class experience
- Provide teachers and students with visual learning records
- Track participation and engagement (for performance and progress analysis shown in your live dashboard)
- Troubleshoot or improve the whiteboard functionality
Unless otherwise stated, whiteboard sessions are stored securely within our Platform for internal quality, educational, and performance purposes.
2.3 Information from Third Parties
We may receive personal data about you from third-party sources in specific contexts:
- If you log in via a third-party account (such as Google or Facebook, if offered), we receive basic profile information from that provider (such as your name and email address) to set up your account.
- If you are referred to EZclass through a referral program, we may receive your email address or name as part of that referral.
- We may receive limited information from marketing partners or social media platforms if you interact with our ads or posts (such as an identifier used to measure ad performance) or more.
- For teachers, we may receive background check results or certification verification from third-party verification services or prior employers or institutions (with your knowledge and consent).
If we combine information from different sources, we treat the combined information in accordance with this Privacy Policy.
3. How We Use Your Information
We use personal data for the following purposes, and we ensure that each processing activity is grounded in a valid legal basis (under GDPR, this may include performance of a contract, compliance with legal obligations, legitimate interests, or — in some cases — your consent).
3.1 To Provide and Maintain the Services
We process your personal data to operate and deliver the core EZclass Services. This includes:
- Creating and managing user accounts
- Enabling class scheduling and attendance (including generating and managing live class links via Zoom SDK)
- Matching students with appropriate teachers and displaying teacher profiles
- Enabling participation in classes and facilitating classroom communications (including messages, shared files, and whiteboard interactions)
- Processing teacher data (such as profiles, contracts, and performance tracking)
- Handling teacher documentation (such as training agreements, uploaded bank details, intro videos, and signed documents required by our platform)
- Enabling chat interactions and communications (including human support chat and AI-powered chatbot conversations) — we process chat message content, timestamps, and technical metadata to facilitate support communications, deliver chatbot responses, maintain conversation history, and improve the performance of our AI chatbot and support services.
This processing is necessary to perform our contract with you (under the Terms & Conditions) and, for teachers, to manage the contractual teaching relationship.
3.2 To Process Payments
We use payment information to process class bookings and subscription fees through our third-party payment processor (Stripe). We maintain relevant payment metadata (such as transaction records and limited card metadata) for accounting, support, and fraud prevention. This processing is necessary to perform the contract (billing) and to comply with financial and legal obligations.
3.3 To Communicate with You
We use your contact details (email, and where applicable, phone) to send:
- Transactional messages (booking confirmations, class reminders, receipts, etc.)
- Account notifications (subscription renewals, account changes, policy updates, etc.)
- Responses to your inquiries or support requests
In addition, if you opt in, we may send occasional marketing communications (such as new course offerings, promotions, or newsletters).
You may unsubscribe from marketing emails at any time. Service-related transactional emails will still be sent where necessary.
3.4 To Personalize and Improve the User Experience
We use usage data (including class history, content viewed, engagement patterns, and performance) to:
- Recommend relevant classes or content
- Personalize the Platform (language settings, content display, dashboard analytics)
- Provide live progress and performance insights on your personal dashboard (this includes learning advancement tracking for students and teaching quality metrics for teachers)
This processing is based on our legitimate interests in continuously improving the Platform and optimizing the user experience.
3.5 For Analytics and Service Improvement
We analyze platform usage (including via tools such as Google Analytics and internal tools) to:
- Monitor platform performance
- Identify and resolve technical issues
- Understand which features or content are most valuable to users
- Guide product development and UX improvements
- Track learning trends and class effectiveness across the platform
Where required by law (for example, placing non-essential cookies), we obtain user consent before processing this data.
3.6 For Quality Assurance and Performance Monitoring
We process class recordings (where enabled), whiteboard data (Excalidraw), and interaction data (such as chat, attendance, and participation) for:
- Teacher quality monitoring and training
- Student performance tracking
- Internal review and QA to maintain high teaching standards
- Supporting progress and advancement analytics (visible on user dashboards)
Class recordings and classroom interaction data are processed under our legitimate interests (providing high-quality education and ensuring platform standards) and as part of our contractual service to students and teachers.
3.7 To Ensure Security and Prevent Fraud
We process personal data such as:
- IP addresses
- Device identifiers
- Login activity
- Account usage patterns to detect and prevent:
- Fraudulent behavior
- Unauthorized access
- Cheating or misconduct in classes
- Platform misuse or circumvention
This processing is necessary to protect both users and EZclass’s legitimate business interests and is also required to comply with applicable legal obligations.
3.8 To Comply with Legal Obligations
We may process or retain personal data where required by law, such as:
- Retaining purchase records for tax or accounting compliance
- Responding to lawful data access requests from public authorities
- Managing legal claims or disputes
- Fulfilling GDPR-related obligations (such as responding to data subject rights requests)
3.9 Other Purposes (with Consent)
If we wish to use your data for a purpose substantially different from the above, we will first obtain your explicit consent. Example: using a class video clip or student testimonial for marketing purposes (which requires consent, especially for minors).
You have the right to withdraw consent at any time for such uses.
4. Data Sharing and Disclosure
EZclass will not sell or rent your personal information to third parties for their own marketing purposes. We share your data only in the following circumstances:
4.1 Service Providers (Processors)
We engage trusted third-party service providers who process data on our behalf to help us deliver, maintain, and improve our Services. These providers act as data processors under strict contractual agreements and may only process your personal data in accordance with our instructions and applicable privacy laws (such as GDPR). These include:
- Payment Processor: Stripe processes payments and handles payment data for transactions (see “Payments” section). Stripe is PCI-DSS compliant and contractually obligated to use this data solely for processing transactions and complying with financial regulations.
- Video/Communication Provider (Zoom SDK): EZclass delivers live classes through an integrated video solution built on the Zoom SDK. Live audio/video content is processed through Zoom’s underlying infrastructure but remains embedded within the EZclass Platform — users do not join an external Zoom meeting. EZclass retains control of recordings (if enabled) and storage. Zoom acts strictly as a sub-processor.
- Analytics and Tracking Partners: We use tools such as Google Analytics to understand user interaction with our Platform. Analytics data is pseudonymized where possible (such as IP anonymization). Usage data from features such as our AI-powered chatbot and collaborative whiteboard (Excalidraw) is also collected to monitor service quality, track performance, and inform improvements.
- Cloud Hosting and IT Infrastructure: EZclass services and core application databases are hosted on secure cloud infrastructure provided by DigitalOcean, with our primary servers located in San Francisco, United States. While we aim to store user data within the EEA where feasible, some infrastructure components are operated outside the EEA for performance and scalability. In such cases, we apply GDPR-compliant safeguards including
Standard Contractual Clauses (SCCs) and encryption protocols.
- Email and Chat Communication Tools: We use third-party email services to send transactional messages (e.g., class reminders, receipts, system updates). In addition, users can interact with human support agents and/or an AI-powered chatbot through our Platform’s integrated chat features. Chat data (messages, timestamps, metadata) is processed to enable support, maintain conversation history, and enhance chatbot performance.
- Notifications (ntfy): EZclass uses ntfy, a self-hosted notification tool, to send certain internal and transactional notifications (such as email responses from teachers, progress alerts, or system messages). In some cases, the user’s display name may be processed to personalize these notifications (for example: “Dear [name]”). No sensitive personal data is shared externally, and ntfy is hosted entirely within EZclass’s own secure infrastructure. No third-party has access to this data.
- Email Delivery Services (Brevo, Hostinger): We use trusted third-party services to deliver transactional and operational emails to our users. Currently, we use Brevo (Sendinblue SAS) for sending class confirmations, reminders, billing notifications, and other automated communications. In addition, our email infrastructure is hosted through Hostinger International Ltd to support domain-based email (e.g. [email protected]). These providers process email delivery metadata (such as your email address, timestamps, and technical delivery information) strictly on our behalf and under appropriate data processing agreements.
- Collaborative Whiteboard Tools: EZclass includes a collaborative whiteboard powered by Excalidraw. Content created on the whiteboard (drawings, text, annotations) is processed and stored to support real-time collaboration, post-class review, and educational tracking.
- Other Vendors: We may use additional tools for specific operational purposes — for example, identity verification for teachers, customer support platforms, or tools for managing teacher onboarding and performance tracking. In all cases, vendors are selected carefully and bound by appropriate data processing agreements.
- Teacher Payments (Wise): For payment of teacher earnings, EZclass uses Wise (Wise Payments Limited) as an independent payment provider. Wise acts as a separate data controller for personal data it processes to comply with financial regulations, such as anti-money laundering (AML), know-your-customer (KYC), and tax reporting obligations. When initiating a payout, EZclass shares necessary teacher data (such as name, payout account details, and in some cases identification documents) with Wise. Wise’s processing of this data is governed by its own Privacy Policy.
- Advertising and Marketing Platforms:
We may use third-party advertising and analytics platforms to measure the performance of our campaigns, retarget visitors, and optimize user acquisition. This may include services such as:
- Google Ads (including DoubleClick, Conversion Linker)
- Facebook Pixel / Facebook Social Plugins (Meta Platforms)
- Microsoft Advertising (including Microsoft Clarity)
These platforms may process identifiers (such as IP address, cookies, device IDs), browser activity, and interactions with our website or ads. We only activate these services with your consent (via our cookie banner). You can withdraw consent at any time.
Security Tools:
We use Google reCAPTCHA to protect our forms and prevent abuse. reCAPTCHA processes IP address and device/browser metadata for security purposes. This is strictly necessary and cannot be disabled.
Other Integrated Services:
Our website may load static content or images (such as Google Fonts) via third-party content delivery networks (CDNs). These services may receive your IP address as part of the technical request, but do not process personal data for marketing.
Tag Management & Consent Tools:
We use Google Tag Manager to manage scripts and marketing tags. We also use Usercentrics CMP to manage and record cookie consent, in compliance with GDPR and ePrivacy requirements.
Tealium Inc. - If detected, this tag management service may be present due to legacy configurations or integrations. We are reviewing its usage and will ensure it is disabled unless strictly required. If active, it will be listed in our cookie consent banner.
Cloudflare, Inc. - We use Cloudflare as a content delivery network (CDN), DDoS protection service, and reverse proxy for the EZclass platform. As part of these services, Cloudflare processes personal data such as IP addresses, device/browser metadata, and security-related cookies for the purposes of ensuring the security, availability, and performance of our services. Data is processed under a GDPR-compliant Data Processing Agreement (DPA). Cloudflare’s data centers may be located worldwide, and appropriate safeguards are in place for international data transfers.
Strapi (Content Management & Form Handling):
We use Strapi to manage and deliver dynamic content on our Platform and to process data submitted through public-facing forms (e.g., contact or information requests). Strapi does not store user profiles or authentication data. It acts solely as a processor, handling user-submitted form data under our direct control and instructions.
- Full List of Sub-Processors
For an up-to-date list of the sub-processors engaged by EZclass OÜ, please refer to our Data Processing Agreement (DPA). This document is maintained to reflect current processors in compliance with Article 28 GDPR.
We share only the minimum necessary data with these providers and ensure they uphold strong security and confidentiality standards.
4.2 Within the EZclass Community
Certain information is naturally shared with other users as part of providing the Services:
- Teacher-Student Interaction: When a student books a class, the assigned teacher will see the student’s name and any profile information shared (such as a self-introduction or proficiency level). Teachers may also see parent/guardian contact information where required for minor students.
- Public Profiles and Reviews: If users post reviews, testimonials, or comments within community areas, the posted content and associated display name will be visible to others. Teacher profiles (name, photo, bio, qualifications) are visible to prospective students.
- Class Sessions: During live classes, anything shared — voice, video, chat messages, shared files, whiteboard content — will be experienced by the teacher and fellow students enrolled in that session. Class interactions (including chat and whiteboard content) may also be stored by EZclass to support learning review, performance analytics, and quality monitoring.
We do not make personal contact information (email, phone) publicly visible to other users. Communication between students and teachers is conducted via the Platform’s tools or masked channels.
4.3 Legal Requirements and Safety
We may disclose personal information where necessary to:
- Comply with legal obligations (such as court orders, subpoenas, or lawful government requests).
- Protect and defend the rights, property, or safety of EZClass OÜ, our users, or the public (including fraud prevention and investigating security breaches).
- Enforce our Terms & Conditions or other legal agreements.
Where permitted, we will notify you of any such disclosures unless we are legally prohibited from doing so.
4.4 Business Transfers
If EZClass OÜ undergoes a merger, acquisition, restructuring, or asset sale, your personal data may be transferred as part of that transaction. In such cases, the successor entity will be required to honor privacy terms that are at least as protective as those in this Privacy Policy. We will notify you of any significant ownership changes and give you an opportunity to exercise your rights regarding your data.
4.5 With Your Consent
In cases not covered above, we will only share your personal data with third parties if you explicitly consent to it. For example, if we partner with an external educational service or offer data export features, you will be asked to opt-in before any such sharing occurs.
Summary
EZclass takes your privacy seriously. We share data only as necessary to deliver our Services and under strict privacy and security standards. We do not monetize your personal data through sales or rentals to third parties.
5. International Data Transfers
EZclass is based in Estonia (within the European Union), but we serve users and operate services globally. As a result, your personal data may be transferred to, processed in, or stored in countries outside your country of residence — including countries that may not provide the same level of data protection as your local laws.
EZclass services and core application databases are hosted on secure cloud infrastructure provided by DigitalOcean, with primary server locations in San Francisco, United States. While we aim to store user data within the European Economic Area (EEA) where feasible, some infrastructure components are operated outside the EEA for performance and scalability reasons. However, certain trusted service providers we use may process data in other jurisdictions, including the United States. For example:
- Google Analytics may transfer anonymized or pseudonymized usage data to the United States for processing.
- Stripe (our payment processor) and Zoom SDK (our video service) are U.S.-based companies. Some of your payment or class-related data may be routed through or processed in U.S. data centers or other regions.
- Other providers we rely on for services such as email communications, support tools, cloud infrastructure, and performance monitoring may also process data in the United States or other third countries.
Safeguards for International Transfers
When we transfer your personal data outside of the EEA or United Kingdom, we ensure that appropriate safeguards are in place to comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws:
- Standard Contractual Clauses (SCCs): We enter into SCCs with our service providers where necessary, to legally require them to apply data protection standards equivalent to those in the EU.
- Data Privacy Framework (DPF): Where applicable, we may rely on service providers certified under the EU-U.S. Data Privacy Framework (for example, Google and Stripe) for lawful data transfers.
- Technical Measures: In addition to legal safeguards, we apply strong technical measures such as encryption, access controls, and data minimization to enhance data security during transfers and storage.
Your Rights and Our Commitment
By using EZclass, you acknowledge that your personal data may be transferred to and processed in jurisdictions outside your own, including the United States and other countries with different data protection regimes.
However, we will always handle your data in accordance with this Privacy Policy and apply appropriate safeguards to ensure an adequate level of protection, regardless of where it is processed.
If you have any questions about how your personal data is protected when transferred internationally — or if you would like to receive more details about the specific safeguards we apply — you can contact us at [email protected].
6. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, or to comply with applicable legal, accounting, or reporting requirements.
In general:
Account Information
We retain your account data for as long as your account remains active. If you delete your account, or if your account becomes inactive for an extended period, we will initiate the deletion or anonymization of your personal data in line with our data lifecycle processes.
However, certain information may be retained for longer periods where required for:
- Compliance with legal obligations (e.g. tax and accounting laws, anti-fraud requirements)
- Contract enforcement or dispute resolution
- Security and fraud prevention
In such cases, retained data will be limited to what is strictly necessary and will be securely stored with restricted access.
Class and Transaction Records
Records of class attendance, payments, and transactional communications may be retained for a period required under applicable tax and financial laws — typically 5 to 7 years depending on jurisdiction.
These records are used solely for legal compliance, auditing, or dispute resolution purposes.
Teacher Data
If a teacher ceases teaching on EZclass, we may retain their personal data (such as payment history, signed agreements, and key correspondence) for the duration necessary to enforce contracts, fulfill legal obligations, and comply with tax requirements.
Public-facing teacher profile information will be promptly removed from the Platform upon deactivation of the teacher account.
Analytics Data
Aggregated and anonymized analytics data (which does not directly identify individuals) may be retained for a longer period for service improvement and statistical purposes.
Where analytics logs contain identifiers (such as IP addresses), we will either:
- Anonymize or pseudonymize the data after a limited period (e.g. 14 months for Google Analytics, subject to configuration), or
- Delete the data once no longer required.
Communications
Customer support communications (emails, chat messages with our human support or AI chatbot) may be retained:
- For the duration of handling your inquiry
- For a limited follow-up period
- For legal or quality assurance reasons if needed (in line with our legitimate interests). We periodically review and purge old support records.
Backup Storage
Your personal data may be stored in our system backups for disaster recovery purposes. Backup data is encrypted and isolated from routine processing.
If personal data is deleted from our active systems, corresponding data in backups will be deleted when the backup retention period expires (typically a few weeks to a few months, depending on system architecture).
In the event of a full system restoration from backup, we will promptly re-delete any data that had previously been deleted from active systems.
Final Deletion or Anonymization
When we no longer have a legitimate business need to retain your personal data, we will securely delete it or anonymize it so that it can no longer be associated with you.
If immediate deletion is not technically possible (for example, because data resides in archived backups), we will securely isolate it from any further processing and ensure it is deleted as soon as possible.
7. Your Rights and Choices
As a user of EZclass, and particularly if you are in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, you have certain rights regarding your personal data. We are committed to honoring these rights. These include:
7.1 Right to Be Informed
You have the right to be informed about the collection and use of your personal data. This Privacy Policy aims to provide you with that information in a clear and transparent way. We may also provide additional notices at the time of data collection for specific activities (e.g., a pop-up explaining cookie use).
7.2 Right of Access
You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it (Subject Access Request). We will provide this information in a commonly used format, typically within one month of request.
7.3 Right to Rectification
If any of your information is inaccurate or incomplete, you have the right to ask us to correct it. You can also update some of your information directly in your account settings.
7.4 Right to Erasure ("Right to Be Forgotten")
You can request that we delete your personal data in certain circumstances. This right is not absolute — for example, we may need to retain certain records for legal compliance (e.g., payment records). When applicable, we will securely delete or anonymize personal data upon request.
7.5 Right to Restrict Processing
You can request that we limit the processing of your personal data under certain conditions — for example, if you contest its accuracy or object to certain processing activities.
7.6 Right to Data Portability
You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (e.g., CSV or JSON), and to transmit it to another controller where technically feasible. This applies to data processed based on consent or contract, and processed by automated means. It does not cover derived data (such as analytics or performance scores generated internally).
7.7 Right to Object
You have the right to object to the processing of your personal data in certain circumstances, such as for direct marketing purposes or where processing is based on our legitimate interests.
7.8 Rights related to Automated Decision-Making and Profiling
EZclass does not make any legally significant decisions about users purely by automated means. While we may use algorithms (for example, for class recommendations, AI-powered chat interactions, performance analytics, or fraud detection), final decisions with legal or similar effects are subject to human oversight. If we introduce significant automated decision-making in the future, you will have the right to request human intervention and to contest the decision.
7.9 Right to Withdraw Consent
Where we rely on your consent to process data (for example, for marketing communications or non-essential cookies), you have the right to withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal.
7.10 Right to Complain
You have the right to lodge a complaint with a supervisory authority. As an EU-based company, our lead supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon). You may also contact your local data protection authority. However, we encourage you to contact us first so we can try to resolve your concern.
Exercising Your Rights
You may exercise your rights in the following ways:
- Account Settings: You can access and update certain personal data in your EZclass account settings.
- Data Request Form: We provide a “Make a Data Request” option on our website (linked in the footer), where you can submit requests to access, correct, delete, or otherwise manage your data.
- Email: You can email your request to [email protected] or [email protected]. Please include sufficient detail (e.g., "I would like a copy of my data" or "Please delete my account"). Using the email linked to your EZclass account helps us verify your identity.
We may need to verify your identity before fulfilling a request (such as confirming control of your email address).
We will respond to valid requests without undue delay, and in any event within one month, as required by GDPR. For complex or numerous requests, we may extend this period by up to two further months, and will notify you if we do so.
Requests are generally free of charge. However, if a request is manifestly unfounded or excessive (for example, repeated requests with no reasonable basis), we may charge a reasonable fee or decline to act, explaining our reasoning.
Note for Minors:
If your account is registered as a minor’s account (under age 18), your parent or legal guardian may exercise these rights on your behalf, consistent with applicable laws.
8. Cookies and Tracking Technologies
What Are Cookies?
Cookies are small text files that websites place on your device (computer, tablet, smartphone) when you visit them. They are widely used to make websites function efficiently, to personalize experiences, and to provide information to the site owners.
Similar technologies include local storage, pixels (also called tracking pixels), and scripts that monitor user activity. Under GDPR and applicable data protection laws, these technologies are treated the same as cookies where they store or access information on your device.
EZclass uses these technologies to:
- Keep you logged in
- Remember your preferences
- Analyze usage patterns
- Personalize content
- Ensure site security and stability
Types of Cookies We Use
Essential Cookies
These cookies are necessary for the operation of our Platform. For example, authentication cookies keep you logged in across pages, or remember your language selection. Without these cookies, core functionality (such as secure login or payments) would not work.
We rely on legitimate interests to use strictly necessary cookies, as permitted by GDPR.
Preference Cookies
These cookies store your preferences to enhance your experience. For example, if you select a preferred teacher or time zone, cookies may store this so the Platform shows correct times and content in your preferred language.
Analytics Cookies
We use analytics cookies to collect information about how visitors use EZclass — for example, which pages are most visited, how long users spend on certain pages, or whether errors occur.
We primarily use Google Analytics 4 (GA4) with server-side tagging, implemented via a Google
Tag Manager (GTM) server container.
This setup allows us to:
- Minimize client-side tracking
- Have greater control over what data is sent to Google servers
- Anonymize IP addresses and other identifiers
- Better comply with GDPR and ePrivacy requirements
Analytics cookies are classified as non-essential, and we seek your consent via our cookie banner before enabling them.
Server-side tagging also gives us flexibility to implement stricter data protection measures — for example:
- Stripping personal identifiers before forwarding data
- Reducing reliance on third-party JavaScript
- Honoring Do Not Track (DNT) signals more effectively
Advertising and Marketing Cookies
Currently, EZclass does not host third-party ads on our Platform.
If that changes in the future, we will update this section and obtain necessary consents.
At present, we may use certain first-party marketing cookies (such as a Meta [Facebook] Pixel or Google Ads Pixel) to measure the performance of our own advertising campaigns — for example,
to understand whether a user who clicked an ad later signed up.
These cookies are only placed if you consent through our cookie banner.
Third-Party Cookies
Some integrated services may set their own cookies:
- Zoom: When you join a Zoom class via our Platform (via our Zoom SDK integration), Zoom may set cookies for user session management.
- Stripe: During the checkout process, Stripe may set cookies to facilitate secure payment processing and prevent fraud.
- Google Analytics: As discussed, uses cookies (such as _ga, _gid) to distinguish visitors.
- Social Media Services: If we offer social login or sharing features (e.g., "Sign in with Google" or "Share on Facebook"), those platforms may set cookies for authentication or interaction tracking.
We do not directly control these third-party cookies, but we disclose their potential use and seek consent where required. Third-party cookies are subject to their respective providers' privacy policies.
Your Choices
When you first visit ezclass.io — and periodically thereafter — you will see a Cookie Consent Banner in accordance with the EU ePrivacy Directive (Cookie Law) and GDPR.
This banner informs you about our use of cookies and allows you to manage your preferences for non-essential cookies (such as Analytics or Marketing cookies). You can:
- Accept all cookies
- Customize your preferences
- Reject non-essential cookies
You may also adjust your preferences at any time by using the "Manage Cookies" link available on our site (typically in the footer).
EZclass uses Cookiebot CMP by Usercentrics A/S to manage cookie consents on ezclass.io and related subdomains. Cookiebot stores and logs your consent status in compliance with GDPR Art. 7(1) and ePrivacy Directive requirements. You can manage or update your cookie preferences at any time via the "Manage Cookies" link in our footer.
Browser Controls
Most web browsers allow you to control cookies via browser settings. You can configure your browser to:
- Block all cookies
- Block cookies from certain sites
- Notify you when a cookie is being set
Please note: Disabling cookies may impact functionality — for example, preventing login or proper display of the Platform.
Do Not Track (DNT) Signals
We respect Do Not Track (DNT) signals where technically feasible.
If we detect a DNT signal from your browser, we will endeavor to disable Analytics tracking for that session (for example, by not loading Google Analytics scripts).
However, essential cookies and functional cookies will still operate. We continue to monitor industry guidance regarding DNT and will update our practices accordingly.
Cookie Duration
- Session cookies: Deleted when you close your browser
- Persistent cookies: Remain on your device for a specified period or until manually deleted (for example, Analytics cookies may last 24 hours to several months)
Our cookie management tool will display cookie names and their durations wherever feasible.
Additional Information
For more detailed information about the specific cookies and tracking technologies we use, please refer to our Cookie Policy (linked in the footer) and the cookie consent tool on our site, which lists current cookies and their purposes. Our Cookie Policy forms part of this Privacy Policy.
If you have any questions about our use of cookies or tracking technologies, please contact us at [email protected].
9. Data Security
We take the security of your personal data seriously. EZclass has implemented a comprehensive set of technical and organizational measures to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures align with GDPR requirements and reflect best practices in modern SaaS and EdTech security.
Encryption
All communications between your browser/app and our servers are encrypted via HTTPS/TLS. Sensitive data — such as passwords — is hashed before storage (we never store plaintext passwords). Payment card data is never stored on our servers; it is securely tokenized and processed by Stripe. Additional sensitive data is encrypted at rest using industry-standard encryption.
Server and Infrastructure Security
EZclass servers and databases are hosted within the European Economic Area (EEA) on secure cloud infrastructure with strong encryption (both at rest and in transit). Our cloud architecture follows security best practices, including isolation of environments, robust firewall configurations, and continuous security monitoring. We enforce least privilege principles in access management.
Access Controls
Access to personal data is strictly limited to authorized EZclass personnel and trusted service providers who require it for specific processing purposes. Internal access is governed by role-based access control (RBAC), with strong authentication (including multi-factor authentication) required for all administrative access. All access is logged and monitored.
Zoom SDK Security
EZclass delivers video classes through the Zoom SDK, fully embedded within our Platform. There are no public Zoom meeting links or externally shareable URLs. All session access is securely controlled through authenticated user sessions on EZclass. Zoom SDK traffic is encrypted, and we maintain a Data Processing Addendum (DPA) with Zoom to ensure compliant handling of any personal data processed through this integration.
Security Testing and Vulnerability Management
We maintain an active vulnerability management program. Our systems are regularly monitored for security advisories (such as CVE feeds), and we promptly apply patches or mitigations to address emerging threats. We conduct regular internal and external security audits and penetration testing to validate the robustness of our defenses. Any findings are prioritized and remediated swiftly.
Monitoring and Zero Trust Principles
EZclass implements continuous monitoring across our infrastructure for unauthorized access attempts and anomalous behavior. We adopt Zero Trust principles wherever possible: no implicit trust is granted to any system or user based solely on network location or internal/external status. Authentication, authorization, and least-privilege principles are enforced consistently across the platform.
PCI Compliance
To ensure the highest level of payment security, we offload credit/debit card processing to Stripe, a PCI DSS Level 1 certified service provider. Our integration with Stripe is fully PCI-compliant — for example, using Stripe Elements or hosted payment pages — so that sensitive card data never touches EZclass servers.
Data Minimization
We follow a strict data minimization approach, collecting only the data necessary to provide our Services. For example, if a user does not provide a phone number, we do not collect it unnecessarily. We also routinely review and purge outdated or unnecessary data (such as old logs or obsolete backups).
Training and Internal Policies
All EZclass team members receive training on data protection, privacy, and security best practices. We maintain robust internal policies governing the secure handling of personal data, incident reporting, and privacy by design. Privacy and security considerations are integrated into all stages of product development and operations.
Despite all our efforts, no method of transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure. While we continuously strive to implement commercially acceptable means to protect your personal information, we cannot guarantee absolute security.
In the event of a data breach affecting your personal data, EZclass will comply with all applicable legal obligations, including timely notification to affected individuals and relevant data protection authorities, and will take all necessary remediation steps to mitigate impact and prevent recurrence.
Your role in security: You also play a key role in protecting your own data. We recommend using a strong, unique password for your EZclass account and keeping it confidential. If you suspect any unauthorized access to your account, please contact us immediately at [email protected].
10. Children’s Privacy
Protecting children’s privacy is extremely important to us. EZclass offers services that may be used by children (such as classes for kids and teens), but only with the involvement and consent of a parent or legal guardian.
Our Platform is not intended for use by children under the age of 7 to create accounts on their own. Children between ages 7 to 17 may use EZclass, but only with verified parental or guardian permission and supervision.
Parental Consent
If you are under 18 (or the age of majority in your jurisdiction), you must have your parent’s or guardian’s permission to use EZclass. We may require verifiable parental consent for minors under 17 (for example, requiring the parent to register the account and explicitly accept our Terms and Privacy Policy on behalf of the child). The parent/guardian must supervise the child’s use of the Platform.
Information Collected from Children
When a child uses EZclass (with parent/guardian consent), we may collect limited personal data necessary for providing the service — such as the child’s first name, age, parent’s contact details, and class participation data (homework answers, messages to the teacher, or classroom interactions).
We do not collect more data than is reasonably necessary for the child to participate in EZclass services. All such data is used only for educational purposes and not for any unrelated commercial purposes.
No Targeted Advertising
We do not knowingly use any personal data collected from children for targeted advertising or profiling. We do not sell, share, or monetize children’s personal data.
Parental Rights
As a parent or guardian, you have the right to:
- Request access to the personal data we have collected from your child
- Request that we delete your child’s data
- Refuse any further collection or processing of your child’s data
To exercise these rights, please contact us (see Section 6 for contact options) and include identifying details about your child’s account (such as the associated email address or account name). We may require verification of your identity as the authorized parent or guardian.
Teacher Interactions
All EZclass teachers are instructed to maintain the highest standards of professionalism when teaching minors and are prohibited from collecting unnecessary personal information from children. All communications between teachers and students must be strictly class-related and conducted through the secure EZclass platform.
If you believe a teacher or another user has violated this policy or that your child has shared sensitive information in class that concerns you, please notify us immediately so we can take appropriate action.
Accounts of Minors
If we discover that we have collected personal data from a child under 7 without verified parental consent, or if a minor under 18 has misrepresented their age to create an account without the required parental authorization, we will promptly:
- Suspend the account
- Delete the child’s personal data where legally required
If you believe that a child is using the Platform improperly or without valid consent, please contact us so we can investigate.
International Compliance
We strive to comply with children’s privacy requirements globally, including:
- COPPA (Children’s Online Privacy Protection Act) in the U.S. (applies to under 13)
- GDPR (EU), where parental consent is required for processing personal data of children under 16 (or lower, depending on the country — e.g., 13-16 depending on Member State law)
- Other applicable children’s privacy laws in jurisdictions where we operate
Parents and guardians — we greatly appreciate your cooperation in helping us provide a safe, secure, and legally compliant learning environment for young learners.
learners.
11. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons (such as the introduction of new features or services).
When we make changes, we will update the “Effective Date” at the top of this Policy. If the changes are material (for example, if we begin collecting new categories of personal data or change how we use data in a way not previously disclosed), we will provide prominent notice — such as by posting a notice on our homepage or sending an email to registered users. Where required by law, we will also seek your explicit consent for significant changes.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal information.
Your continued use of EZclass Services after any changes take effect will constitute your acknowledgment of the updated Policy and your agreement to be bound by it, to the extent permitted by law.
If you do not agree to the changes, you may stop using the Services and can request deletion of your personal data (see Section 7 — Your Rights).
12. Data Breach Notification
Despite our strong security measures (see Section 9), no system is entirely immune to risks. EZclass is committed to promptly detecting, responding to, and communicating about any personal data breach that may occur.
In the unlikely event of a data breach that is likely to result in a risk to the rights and freedoms of individuals (for example, unauthorized access, disclosure, alteration, or loss of personal data), we will:
- Assess and Contain the breach immediately upon discovery, working with internal teams and any relevant third-party security experts as needed.
- Notify Supervisory Authorities: If required under GDPR (Article 33), we will notify the competent supervisory authority (such as the Estonian Data Protection Inspectorate) within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to individuals’ rights and freedoms.
- Notify Affected Individuals: Where required by law, if the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay via email or other appropriate communication channels. This notice will include:
- A description of the nature of the breach
- Contact details for further information
- Likely consequences of the breach
- Measures taken or proposed to address the breach and mitigate potential adverse effects.
- Document the breach in accordance with Article 33(5) GDPR — including details of what happened, effects, and remedial action taken.
We also maintain an internal data breach response plan, and our team is trained to handle potential incidents professionally and transparently.
Your Role: If you believe that your EZclass account or personal data may have been compromised, please immediately notify us at [email protected] so we can investigate and respond appropriately.
13. International Users — California (CCPA / CPRA Notice)
If you are a resident of California, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
EZclass already adheres to privacy standards that meet or exceed the requirements of the CCPA/ CPRA (as we comply with the GDPR). However, in accordance with the CCPA/CPRA, we provide the following additional disclosures:
Personal Information We Collect
We collect the categories of personal information described in this Privacy Policy, which may include:
- Identifiers (such as name, email address, IP address)
- Commercial information (such as transaction data)
- Internet or other electronic network activity information (such as usage data, cookies)
- Audio, visual, or similar information (such as class recordings, where applicable)
- Professional or employment-related information (for teachers)
- Inferences (such as user progress indicators or learning trends)
We do not sell your personal information, nor do we share personal information with third parties for cross-context behavioral advertising.
Your Rights Under CCPA/CPRA
As a California resident, you have the following rights under CCPA/CPRA:
- Right to Know: You may request to know what categories of personal information we have collected about you, and the categories of sources from which we collect that information.
- Right to Access: You may request a copy of the specific personal information we have collected about you.
- Right to Correct: You may request correction of inaccurate personal information we maintain about you.
- Right to Delete: You may request that we delete your personal information, subject to certain legal exceptions.
- Right to Opt-Out of Sale or Sharing: As noted above, EZclass does not sell personal information or share it for targeted advertising.
- Right to Limit Use of Sensitive Personal Information: EZclass does not use sensitive personal information for any purpose that requires offering this right.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
Exercising Your CCPA/CPRA Rights
You may exercise these rights using the same methods described in Section 7: Your Rights and
Choices of this Privacy Policy:
- Contacting us via email at [email protected]
We will verify your request consistent with applicable laws and respond within the timeframes required by the CCPA/CPRA.
If you are an authorized agent submitting a request on behalf of a California consumer, we may require proof of your authorization and verification of the consumer’s identity.
14. United Kingdom (UK GDPR) Addendum
If you are located in the United Kingdom, your personal data is processed in accordance with the UK General Data Protection Regulation ("UK GDPR") and the UK Data Protection Act 2018.
EZclass’s privacy and data practices as described in this Privacy Policy apply equally to users in the UK. All references to GDPR should be read as including UK GDPR for users in the UK.
Your data rights under UK GDPR mirror those described in Section 7 of this Privacy Policy, including:
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object
- Rights related to automated decision-making and profiling
- Right to withdraw consent
- Right to lodge a complaint
For UK users, your supervisory authority is the Information Commissioner’s Office (ICO):
EZclass remains committed to providing an equivalent level of data protection to UK users and to complying with UK GDPR requirements for data transfers and processing.
15. Brazil (LGPD) Notice
If you are located in Brazil, your personal data is processed in accordance with the Brazilian Lei Geral de Proteção de Dados Pessoais (LGPD) — Law No. 13,709/2018.
EZclass complies with LGPD principles and provides Brazilian users with the rights described in
Section 7 of this Privacy Policy, which align with the following LGPD rights:
- Right to confirm existence of processing
- Right to access data
- Right to correct incomplete, inaccurate, or outdated data
- Right to anonymization, blocking, or deletion of unnecessary or excessive data
- Right to data portability
- Right to deletion of personal data processed with consent
- Right to obtain information about data sharing
- Right to revoke consent
- Right to oppose processing that is not compliant with LGPD
- Performance of contracts with users
- Compliance with legal and regulatory obligations
- Legitimate interests (such as security and service improvement)
- Consent (where required — for example, for marketing or cookies)
International Transfers:
If we transfer your data outside of Brazil (for example, to servers in the EU or trusted providers in
the US), we apply appropriate safeguards such as contractual clauses and compliance with international data protection standards.
Brazilian users can exercise their rights using the contact methods listed in Section 7 and may also contact our privacy team at [email protected] with any questions related to LGPD compliance.
16. Definitions
For clarity and consistency throughout this Privacy Policy, the following terms have the meanings below when capitalized:
“Platform” refers to the EZclass platform, including the website (ezclass.io), subdomains (such as ezdash, ezinvoice, ezhours, ezcurriculum), mobile applications, and any related services operated by EZClass OÜ.
“Services” refers to all educational services, class bookings, subscriptions, teacher services, chat support, AI chatbot interactions, whiteboard tools (including Excalidraw), and other learning-related tools and features provided via the Platform.
“User” / “You” / “Your” refers to any individual accessing or using the Services, including but not limited to students, parents/legal guardians, teachers, administrators, visitors, and other authorized users.
“Personal Data” (or "personal information") means any information relating to an identified or identifiable natural person (as defined by GDPR), such as name, email address, IP address, device ID, or any other data that could be used to identify you directly or indirectly.
“Processing” refers to any operation performed on Personal Data, whether by automated means or not, such as collection, recording, organization, storage, alteration, retrieval, consultation, use, disclosure, transmission, deletion, or destruction.
“Controller” refers to EZClass OÜ, which determines the purposes and means of processing your Personal Data as described in this Privacy Policy.
“Processor” refers to a third-party service provider engaged by EZClass OÜ to process Personal Data on our behalf under a data processing agreement, for example: cloud hosting providers, payment processors, email delivery services, analytics providers, and video conferencing platforms.
“Consent” means any freely given, specific, informed, and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of your Personal Data.
“Data Subject” means an individual whose Personal Data is being processed — in this context, you as a user of the EZclass Services.
“GDPR” refers to the General Data Protection Regulation (EU) 2016/679, the primary EU law governing the processing of personal data of individuals in the European Economic Area (EEA).
“EEA” means the European Economic Area, which includes all EU member states plus Iceland, Liechtenstein, and Norway.
“Supervisory Authority” means an independent public authority responsible for monitoring the application of data protection law — in EZclass’s case, the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
“Data Breach” (or "Personal Data Breach") means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
“Cookies” refers to small text files or similar technologies (such as pixels or local storage) placed on your device when visiting the Platform, used for various purposes as described in Section 8.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, you can contact us at:
EZClass OÜ
Legal Address: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia
Email for Privacy Matters: [email protected]
Alternate Email: [email protected] (for general support or if the privacy email is unresponsive)
Data Request Form: You may also use the “Make a Data Request” form on our website (linked in the footer) to submit privacy-related requests, or the general contact form for other inquiries.
Data Protection Officer (DPO):
At this time, EZClass OÜ is not legally required to appoint a formal Data Protection Officer under GDPR. However, we have a designated privacy lead who can be reached via the privacy email above. If we appoint a formal DPO in the future, their contact details will be published here.
We take all privacy inquiries seriously and will respond to your request promptly and in good faith.
If you feel that we have not adequately resolved a privacy concern, you also have the right to contact your relevant supervisory authority (see Section 7). However, we strongly encourage you to contact us first — we value the opportunity to resolve any issues directly and constructively.
Thank you for trusting EZclass with your learning journey. We are committed to safeguarding your personal information and respecting your privacy.