Privacy Policy
Effective date: June 4, 2026
Last updated: June 4, 2026
Game Point Math ("we," "us," or "the Service") is a web-based math learning platform built for classroom use. This policy explains what information we collect, how we use it, and the choices students, parents, teachers, and schools have.
What we collect — at a glance
The shortest version of this policy:
- From teachers: name, email address, and (when paid features launch) payment information. Teachers are adults and our direct customers.
- From students: a self-chosen gamertag, the class code their teacher gave them, approval status, and gameplay data (answers, scores, progress). That is all.
- From students, what we do NOT collect: real names, email addresses, OAuth or Google identities, parent contact information, biometric data, precise geolocation, or behavioral advertising data.
- Names typed by teachers stay on the teacher's device. A teacher may optionally type a student's real name into a private field that lives only in their own browser. That name is never transmitted to, received by, or stored by Game Point Math.
1. Who we are
Game Point Math is operated by Zachary Berman and Bradley Bentz ("the Operator"). You can reach us at contact@gamepointmath.com.
Independent operation. Game Point Math is an independent personal project. It is not affiliated with, endorsed by, sponsored by, or operated on behalf of Wachusett Regional School District, any other school, school district, or educational institution. Use of Game Point Math by any teacher, student, or school is voluntary.
2. Information we collect — full detail
The Service is designed around data minimization: we collect the smallest amount of information needed for the educational activity, and we treat student data and teacher data differently by design.
2.1 Teacher information
Teachers create accounts to operate classes. When a teacher signs up (via email/password or a Google sign-in), we collect and store:
- Name (chosen by the teacher; required for the account).
- Email address (used to sign in and recover access).
- Gamertag (a short identifier the teacher chooses; used as their public handle in the platform).
- Teacher-level usage data: classes the teacher creates, topics the teacher assigns, worksheets and bundles the teacher saves, sessions the teacher runs, and aggregate progress data for the teacher's own students.
- When paid features launch, payment information (handled by a third-party payment processor; we do not store card numbers ourselves).
2.2 Student information (intentionally minimal)
Students do not create accounts in the traditional sense. To join a class a student types two things into the join screen: a gamertag of their own choosing and the class code their teacher gave them. We then store, per student:
- Gamertag — a self-chosen identifier. Teachers are required by these terms to instruct students to use a nickname, not their real name (see Terms of Service §3).
- Class code — the short code identifying the class the student is requesting to join.
- Approval status — pending, approved, or removed by the teacher.
- Gameplay data — answers submitted, scores, points, streaks, topic-level progress, and per-session history within their class.
We do not collect, request, store, or receive:
- Student real names, school IDs, or any other directly identifying personal information.
- Student email addresses.
- Google, Apple, or any other OAuth identity for a student. There is no student-side sign-in with an external identity provider; that path has been removed by design.
- Parent or guardian contact information.
- Precise geolocation, biometric data, or behavioral advertising data.
- Social Security numbers or other government identifiers.
2.3 Names typed into the private-name field stay on the teacher's device
The teacher dashboard includes a "private name" field next to each approved student. A teacher may type the student's real name there as a personal classroom convenience — the same way a teacher writes a name on a paper roster.
That field is stored only in the teacher's browser, using browser local-storage. The Service does not transmit, receive, log, store, or back up that field. We have no copy of it, no ability to read it remotely, and no way to restore it if the teacher clears their browser data, signs in from a different browser, or switches devices. (We offer an optional client-side export so the teacher can save a copy as a file on their own computer; that file stays on the teacher's device too.)
Because the private-name field never reaches our servers, real student names provided this way are not part of the data we collect or hold under this policy. Teachers are responsible for safeguarding any such names they choose to store locally, the same way they safeguard a paper gradebook.
2.4 Technical information
- Basic device and browser information needed to render the site.
- IP address (used transiently for connection, rate limiting, and abuse prevention; not retained as part of the learning record).
- Cookies and browser local-storage used to keep teachers signed in, to remember preferences, and to manage live class sessions.
3. How we use information
We use what we collect to:
- Provide the core learning experience (serve questions, accept answers, score gameplay, award points).
- Let teachers see how their own students are progressing within their own class.
- Let students see their own gameplay progress and leaderboards within their own class.
- Keep accounts and sessions secure and prevent abuse.
- Fix bugs and improve the Service.
- Process payment (teachers only, once paid features launch) through a third-party payment processor.
We do not use any data for advertising. We do not sell student data. We do not build advertising profiles. We do not share student data with third parties except as described in Section 5.
4. Children's privacy (COPPA & FERPA framing)
Game Point Math is designed for use in educational settings. By design, the Service does not knowingly collect personal information from any student — including students under 13 — beyond the minimal set enumerated in Section 2.2 (a self-chosen gamertag, class code, approval status, and gameplay data).
School-authorization model. Where the Service is used with students under 13, we rely on the U.S. Children's Online Privacy Protection Act ("COPPA") school-authorization model: the teacher (or the teacher's school or district) acts as the authorized educational adult who provides any consent required for in-classroom use of the Service, and confirms by accepting our Terms of Service that they have authority to do so.
Because the Service does not collect student real names, emails, or any other directly identifying personal information, the data set we hold about any individual student is materially smaller than that of conventional roster-based platforms.
FERPA framing. Where applicable, we treat student gameplay data as an education record under the U.S. Family Educational Rights and Privacy Act ("FERPA") and provide it back to the teacher/school for the educational use described in this policy. We do not redisclose student records except as described in Section 5.
Right to review and delete. A school, parent, or guardian who believes a specific student should be reviewed or removed may contact us at contact@gamepointmath.com with the class code and the gamertag in question, and we will delete the associated class membership and gameplay records on the Service. Because we never received a student's real name, we cannot locate a student by their real name — only by the class code and gamertag the teacher used inside the platform.
5. How information is shared
We share information only in narrow, described ways:
5.1 With the teacher who owns the class
A student's gamertag, approval status, and gameplay data are visible to the teacher who owns the class that student joined. This is the entire point of the Service.
5.2 With service providers
We use trusted third-party vendors to host and operate the Service. Each vendor receives only the data necessary to perform its function:
- Supabase — database, teacher-account authentication, and live data storage for class memberships and gameplay.
- Vercel — frontend hosting.
- Railway — backend hosting.
- Google (Sign-In) — used only for teacher sign-in. Students cannot sign in with Google; no student data is sent to Google.
- A payment processor — to be named when paid features launch. Used for teacher payments only; student data is never sent.
These vendors are contractually obligated to protect the data and use it only to provide their service to us.
5.3 For legal reasons
We may disclose information if required by law, subpoena, or to protect the rights, safety, or property of users or the public.
No sale of personal information. We do not sell, rent, or trade personal information. We do not share student data with advertisers, data brokers, or marketing services. Student gameplay data is used only to operate the Service for the student's own class.
6. Data retention
- Teacher accounts — retained while the account is active. A teacher may delete their account at any time by emailing us.
- Class membership rows (gamertag + class code + status) — retained while the class is active. A teacher may remove a student at any time; doing so deletes that student's class-membership row from the Service.
- Gameplay data — retained through the end of the school year in which it was created, and then deleted, unless a signed Data Use Agreement ("DUA") with a school or district specifies an alternative retention window.
- Inactive teacher accounts — accounts that have not been used in 18 months will be deleted along with their associated data, after at least 30 days' notice to the email on file.
- On request — a teacher, parent, or school may request deletion of class membership rows and gameplay data at any time. See Section 8.
- Local-only teacher data — anything stored only in the teacher's browser (including the private-name field) is not subject to our retention; it is controlled entirely by the teacher.
7. Security
We use standard industry practices to protect data, including:
- Encrypted connections (HTTPS) for all traffic.
- Encrypted storage and authentication via Supabase.
- Row-level security policies that prevent a teacher from reading or modifying another teacher's class members.
- Access controls limiting who on our team can view operational data.
No system is 100% secure. If we become aware of a security incident affecting personal information we hold, we will notify affected teachers and schools without undue delay, and in any event no later than required by applicable law.
8. Your rights and choices
Teachers, schools, parents, and guardians may:
- Access the information we hold tied to a specific class membership (gamertag + class code).
- Correct gameplay data the teacher believes is inaccurate.
- Delete a class membership row and its associated gameplay data.
- Delete a teacher account and all associated classes, sessions, and worksheets.
- Withdraw consent for continued use of the Service for a given class.
To exercise any of these rights, email contact@gamepointmath.com. For class-level requests include the class code and the gamertag(s) you want removed.
9. Cookies, local storage, and tracking
We use cookies and browser local-storage to:
- Keep teachers signed in across page loads.
- Remember preferences (game settings, display options).
- Maintain live class-session state.
- Store the teacher-only private-name field on the teacher's own device (see Section 2.3).
We do not use third-party advertising cookies or cross-site behavioral tracking.
10. Schools and districts (Data Use Agreements)
Schools or districts that require a signed Data Use Agreement, Student Data Privacy Agreement, or similar contract to use the Service may contact us at contact@gamepointmath.com. Where a DUA is in place, the DUA governs use of the Service for that institution and supersedes this policy to the extent of any conflict.
11. Changes to this policy
We may update this policy as the Service evolves. When we make material changes, we will update the "Last updated" date and notify teachers by email or in-app notice at least 30 days before the change takes effect (or sooner if required by applicable law or necessary to address a security or legal-compliance need).
12. Contact us
Questions, requests, or concerns:
contact@gamepointmath.com
Zachary Berman and Bradley Bentz