This Student Data Addendum supplements the Terms of Service and Privacy Policy when a school, tutoring practice, educator, parent, guardian, or other organization uses HanyuGuide to create or manage student access.

Student Data

Student data includes student names or classroom display names, usernames, optional school email addresses, classroom placement, assignments, seat information, study activity, progress, accuracy, review timing, and other information provided or generated through classroom-managed student use.

School and Organization Control

For classroom-managed students, the school, tutoring practice, educator, parent, guardian, or organization that creates or approves access controls the student records submitted to HanyuGuide. HanyuGuide uses that information as a service provider to deliver, support, secure, and improve the educational service requested by that organization.

Permitted Use

HanyuGuide uses student data only to provide the educational service, including account access, classroom rosters, assignments, study scheduling, progress reporting, seat management, support, security, abuse prevention, and product maintenance.

HanyuGuide may use study activity and performance signals to improve educational features such as spaced repetition scheduling, assignment progress, curriculum quality, and learning recommendations. For improvements that benefit users beyond the original classroom, HanyuGuide uses aggregated, de-identified, or otherwise non-student-identifying data where practical, and the output must not identify a student, classroom, or organization.

Prohibited Use

HanyuGuide does not sell or rent student data. HanyuGuide does not use student data for targeted advertising, does not build unrelated commercial profiles about students, does not market directly to classroom-managed students, and does not redisclose student data except as needed to provide the service, comply with law, protect safety or security, or follow verified instructions from the controlling organization.

COPPA and FERPA Support

When an authorized school uses HanyuGuide in an educational context, HanyuGuide is intended to support the school's use of the school-official model under FERPA and school-authorized consent under COPPA. HanyuGuide processes student records under the organization's control, uses student data for a legitimate educational purpose, and does not use student data for any unrelated commercial purpose.

Educators, tutors, parents, guardians, and organizations that are not acting for a school are responsible for confirming that they have appropriate authority to invite students and provide student information, especially for students under 13.

Access, Correction, and Deletion

Organizations can use the classroom dashboard to link parent or guardian accounts to student records, export student data available to the organization, and remove a student from the organization. Verified parent or guardian accounts linked to a student can view, export, or remove that child's organization-specific data. Parents or students who contact HanyuGuide about a classroom-managed account may be directed back to the controlling organization so the request can be verified and handled consistently with that organization's records and policies.

When an organization removes a student through the dashboard, HanyuGuide deletes or de-identifies the related organization data unless retention is required for security, legal compliance, billing records, dispute resolution, or backup integrity. Managed username accounts with no other classroom, tutor, or organization links are deleted as part of that dashboard action. If an educator leaves an organization, the organization remains responsible for removing that educator's access.

Security and Incident Response

HanyuGuide uses access controls, role-based permissions, encrypted transport, hashed passwords, and operational monitoring to protect student data. If HanyuGuide becomes aware of a confirmed security incident involving student data, HanyuGuide will notify the affected organization through the available account or support contact information so the organization can meet its own notification duties.

Subprocessors

HanyuGuide uses subprocessors to host, secure, deliver, monitor, and bill for the service. These subprocessors may process limited information needed for their role:

• Application hosting and database providers: application hosting, storage, backups, logs, and network delivery.
• Cloudflare: security, CDN, Web Analytics, bot protection, Turnstile checks, and email delivery when configured.
• Sentry: error monitoring and performance diagnostics, with default personally identifiable information collection disabled.
• Stripe: payment processing, checkout, invoices, and billing records for paid accounts and classroom seats.
• RevenueCat: mobile entitlement and subscription status when mobile billing is used.
• Email delivery providers such as Cloudflare Email, Resend, Amazon SES, or Postmark when configured: account, invitation, verification, support, and service emails.

HanyuGuide requires subprocessors to process information only for the services they provide to HanyuGuide and to use appropriate confidentiality and security measures.

Standalone Student Signup

Students under 13 should use HanyuGuide only through access created or approved by an authorized educator, parent, guardian, tutoring provider, or organization. HanyuGuide does not knowingly allow under-13 students to create independent self-service accounts outside that authorized context.

Contact

Questions about this addendum or support issues that cannot be handled from the classroom dashboard can be sent to hey@hanyuguide.com.