Last updated: December 10, 2025
This Student Data Privacy Notice ("Notice") explains how Common Curriculum Inc. ("Common Curriculum," "we," "us") handles information in Common Planner when the service is used by schools, districts, and educators ("Schools"). This Notice supplements our general Privacy Policy and any written agreement (including any data protection addendum, "DPA") between Common Curriculum and a School. If there is a conflict, the DPA or other written agreement with the School controls.
1. Key Points
Common Planner is an educator-facing service. We do not provide student accounts and we do not require or support student login.
Students may view teacher-shared pages without logging in (read-only). A "teacher-shared page" is a page an educator marks as shareable by link. When any person loads a teacher-shared page, our systems may process limited technical data for security and reliable delivery. We may also collect limited usage event data on teacher-shared pages to understand how shared pages are used and to improve Common Planner.
Teacher-shared pages do not include fields for students to submit personal information to us. These pages are read-only and do not contain forms or other mechanisms for visitors to provide information.
Persistent identifiers may be processed on teacher-shared pages. We may process persistent identifiers and related log/event data. Under COPPA, certain persistent identifiers are treated as "personal information."
No targeted advertising; no sale of student data. We do not sell student information and do not use teacher-shared page data to serve targeted advertising.
No cross-site tracking for advertising. We do not use teacher-shared page data to build advertising profiles or to track users across unaffiliated online services for targeted advertising.
Schools control what educators share. Schools and educators decide what content to upload or include and what to share. Educators should avoid uploading or sharing unnecessary student personal information, especially on teacher-shared pages.
2. COPPA (Children's Online Privacy Protection Act)
Common Planner is not designed for children to create accounts or submit information. Teacher-shared pages do not include fields for students to submit personal information to us. To the extent children under 13 view teacher-shared pages, Common Curriculum may process persistent identifiers and related log/event data as described below.
A. What We May Collect on Teacher-Shared Pages
When a teacher-shared page is accessed, we may collect or receive:
Persistent identifiers and device/browser identifiers
Device and browser information
Timestamps and page request logs
Usage event data
Security and reliability telemetry
B. How We Use This Data
We use the data described in Section 2A only to support the internal operations of Common Planner and teacher-shared pages (16 C.F.R. § 312.2). Specifically, we use this data to:
Provide and operate teacher-shared pages
Maintain security and prevent fraud/abuse
Detect, debug, and fix errors, perform incident response, and maintain reliability and performance
Generate aggregated reporting that is not designed to identify an individual
We do not use these identifiers or events to identify or contact a child, to build a profile of a particular child, or to track users across unaffiliated services for targeted advertising.
C. What We Do Not Do With This Data
We do not use teacher-shared page data to:
Serve targeted advertising
Sell personal information
Build advertising profiles
Contact children
Identify or profile a particular child
Track users across unaffiliated websites or online services for targeted advertising
D. Cookies and Local Storage on Teacher-Shared Pages
Teacher-shared pages may use cookies and/or local storage. We categorize these as follows:
Strictly necessary/security: Required for the page to operate securely.
Performance/diagnostics: Used to detect errors and maintain reliability.
Analytics (service-provider only): Used to measure aggregate usage and feature performance. Any third-party vendors act solely as our service providers/processors, may process data only on our instructions, and are prohibited from using the data for their own purposes.
Some identifiers may persist beyond a single browsing session unless cleared by the user or restricted by browser settings.
E. Service Providers (Vendors/Subprocessors)
We may use vendors to operate Common Planner. Service providers may process teacher-shared page logs and identifiers only as needed to provide services to us. We require service providers by contract to:
Process information only on our documented instructions and only to provide services to us
Implement appropriate safeguards
Not use personal information (including persistent identifiers) for their own independent purposes
A current list of subprocessors is available upon request, and we will provide advance notice of material changes where required by DPA or applicable law. Schools may request the subprocessor list by contacting [email protected].
F. Retention and Deletion (Teacher-Shared Page Logs and Events)
We retain logs and event data containing persistent identifiers no longer than necessary for the purposes described in this Notice, and then delete or de-identify them. Specific retention periods may be set forth in a School's DPA. We may retain aggregated metrics longer where they are not reasonably linkable to an individual.
G. Educator-Uploaded Content (Avoid Unnecessary Student Data)
Common Planner is not intended for students to submit information. Schools and educators should not upload unnecessary student personal information. Educators should avoid placing student personal information on teacher-shared pages.
If we become aware that personal information of a child under 13 has been included in educator-uploaded content, we will handle it consistent with this Notice and delete it upon request from the School/district or when it is no longer needed for the purpose for which it was provided (unless retention is required by law).
H. School Context
Schools control whether and how teacher-shared pages are made available to students. If a School's use case would involve collecting additional personal information from children, the School is responsible for ensuring appropriate notices and authorizations/consents as required by law and School policy, and Common Curriculum must approve the configuration in writing before enabling such collection.
Schools control whether students access teacher-shared pages and are responsible for providing any notices and authorizations/consents required for their specific use case. Common Planner is intended to operate under School direction in the educational context.
I. Parents' Rights
If you are a parent of a child under 13 who has accessed teacher-shared pages, and you have questions about the limited technical data collected or wish to request deletion, please contact your child's School or district first. Schools manage the educational relationship and can submit requests to Common Curriculum under their agreement. We will cooperate with requests routed through the School consistent with our DPA and applicable law.
You may also contact us directly at [email protected], though we may need to coordinate with the School to verify and fulfill requests related to School-controlled content or School-directed use.
3. FERPA (Family Educational Rights and Privacy Act)
Common Planner is designed for educator use. Educator-created or educator-uploaded content may include information that could be considered part of a student's education record.
A. Our Role When a School Uses Common Planner
When a School uses Common Planner, Common Curriculum processes School content (including any student information contained in it) on behalf of the School and under the School's instructions, only as needed to:
Provide and operate the service
Maintain and secure the service
Provide customer support
Comply with applicable law
B. "School Official" / Direct Control / Redisclosure Limits
To the extent a School discloses PII from education records to Common Curriculum under FERPA's "school official" exception, Common Curriculum will:
Perform an institutional service or function for which the School would otherwise use employees
Remain under the School's direct control with respect to the use and maintenance of education records, as set forth in the School's agreement
Be subject to restrictions governing the use and redisclosure of PII from education records, including that we will use PII only for the purposes for which the disclosure was made and will not redisclose it except as permitted by the School's agreement or required by law
Schools remain responsible for:
Determining who has "legitimate educational interest"
Meeting any FERPA notice obligations applicable to their disclosures
C. No Sale; No Targeted Advertising
We do not sell student information and do not use education-record PII for targeted advertising. We do not use PII from education records—or telemetry from teacher-shared pages—for advertising or marketing to students.
D. Disclosure to Service Providers
We do not disclose education-record PII to third parties except:
As directed or authorized by the School in writing
To vetted service providers operating on our behalf under written restrictions consistent with this Notice and the School's agreement
As required by law
E. Access, Correction, and Deletion Requests
Common Curriculum will assist the School with access, export, and deletion requests related to education records under the DPA. Common Curriculum does not independently decide to amend education records; the School directs any changes.
Schools and districts control what content educators upload or include in Common Planner. We will delete or return (as applicable) educator-uploaded content containing student information at the direction of the School/district, subject to applicable law and our retention obligations.
If you are a parent or eligible student, please contact your School or district first. Schools control education records and can submit requests to Common Curriculum under their agreement.
F. Aggregated and De-Identified Data
We may use properly aggregated and/or de-identified data to understand service performance and improve Common Planner in a manner that is not reasonably linkable to an individual student.
4. State Student Privacy Laws
In addition to COPPA and FERPA, Common Curriculum complies with applicable state student privacy laws, including but not limited to California's Student Online Personal Information Protection Act (SOPIPA), New York Education Law § 2-d, and similar laws in other states where Schools use Common Planner.
Consistent with SOPIPA and similar laws, we do not use student data to create profiles for non-educational purposes.
Schools with questions about state-specific compliance may contact us at the address below.
5. What Information We Collect (Summary)
Common Planner primarily collects information related to educator and school staff use, such as:
Educator account information
Service/device and log information used to maintain security and reliability
Educator-created content and uploads, which may include student information if the educator chooses to include it
Limited technical data and usage event data when teacher-shared pages are accessed
For additional details about information collected from educators and School staff, please see our general Privacy Policy.
6. How We Use Information (Summary)
We use information to:
Provide, maintain, and operate Common Planner
Administer educator accounts and permissions
Provide customer support
Maintain security, prevent abuse, and comply with legal obligations
Understand usage and improve Common Planner through internal operations
Generate aggregated operational metrics and reports
7. No Sale of Data; No Targeted Advertising
Common Curriculum does not sell personal information, including any student information that may be included in educator-uploaded content.
Common Curriculum does not use student information for targeted advertising and does not build advertising profiles of students.
Common Curriculum does not use student data to create profiles for non-educational purposes.
Common Curriculum does not use teacher-shared page-view data for targeted advertising across unaffiliated services.
8. Data Security and Breach Notification
We maintain administrative, technical, and physical safeguards designed to protect information in Common Planner. These safeguards include role-based access controls, least-privilege principles, audit logs for administrative access, and measures intended to protect against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is 100% secure.
In the event of a security incident involving unauthorized access to, or disclosure of, student personal information, we will notify affected Schools in the most expedient way possible and without unreasonable delay, and as set forth in our agreements with those Schools and applicable law, so that Schools may meet their own notification obligations to parents and regulatory authorities.
9. Data Deletion and Requests
Schools/districts may request deletion of educator-uploaded content (including any student information contained within it) by contacting:
Email: [email protected]
If you are a parent or eligible student, please contact your School or district first. Schools control education records and can submit requests to Common Curriculum under their agreement.
10. Contact Us
Questions about this Notice, COPPA, FERPA, or state privacy laws can be directed to:
Common Curriculum Inc.
Product: Common Planner
Email: [email protected]
Address: 8 Market Place Suite 300, Baltimore, MD 21202