Privacy Policy for User Auth Guard

Welcome to User Auth Guard. We are dedicated to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines how we collect, use, store, and share your data when you use our services.

We collect the following types of information:

Personal Information:

This includes your name, email address, and other identifiers necessary for account creation and management.

Google User Data:

With your explicit consent, we access specific Google account information to provide our services. The data accessed depends on the permissions (scopes) you grant during the OAuth authorization process. The scopes we request include:

• https://www.googleapis.com/auth/admin.directory.device.chromeos: Allows viewing and managing metadata of Chrome OS devices in your domain.
• https://www.googleapis.com/auth/admin.directory.user: Permits viewing and managing the provisioning of users on your domain.
• https://www.googleapis.com/auth/admin.directory.group: Enables viewing and managing the provisioning of groups on your domain.
• https://www.googleapis.com/auth/admin.directory.orgunit: Grants access to view and manage organizational units on your domain.
• https://www.googleapis.com/auth/admin.directory.resource.calendar: Allows viewing and managing the provisioning of calendar resources on your domain.
• https://www.googleapis.com/auth/admin.reports.audit.readonly: Permits viewing of audit reports for your Google Workspace domain.
• https://www.googleapis.com/auth/admin.reports.usage.readonly: Enables viewing of usage reports for your Google Workspace domain.
• https://www.googleapis.com/auth/admin.directory.group.member: Allows managing group membership on your domain. Used by SendGuard to add and remove approved parent/guardian email addresses as members of student contact groups.
• https://www.googleapis.com/auth/apps.groups.settings: Allows viewing and managing Google Groups settings on your domain. Used by SendGuard to configure student contact groups as restricted, hidden from directory, and members-only posting.
• https://www.googleapis.com/auth/admin.directory.customer.readonly: Allows viewing customer domain information. Used to verify your organization's Google Workspace domain configuration.

We use the collected information to:

• Provide and Improve Services: Utilize your data to operate and enhance the features of User Auth Guard.
• Communicate with You: Send updates, notifications, and respond to your inquiries.
• Ensure Security: Monitor and protect against unauthorized access or misuse of our services.

We do not sell or rent your personal information to third parties. We may share your data with:

• Service Providers: Trusted partners who assist in operating our services, subject to strict confidentiality agreements.
• Legal Obligations: Authorities when required by law or to protect our rights and safety.

We implement robust security measures to protect your information from unauthorized access, alteration, or disclosure. However, no method of transmission over the internet is entirely secure, and we cannot guarantee absolute security.

You have the right to:

• Access and Update: Review and modify your personal information.
• Withdraw Consent: Revoke permissions granted to access your Google data at any time.
• Delete Account: Request the deletion of your account and associated data.

Our Chrome extension provides real-time classroom monitoring and screen time tracking capabilities for educational institutions. Here's how it works and what data it collects:

Extension Features:

• Screen Monitoring: Captures screenshots of student screens at configurable intervals (default: 5 seconds) during active monitoring sessions
• Screen Time Tracking: Tracks time spent on websites and applications, categorized by educational value (similar to iPhone Screen Time)
• Activity Monitoring: Records user interactions including clicks, keystrokes (excluding passwords), and scrolling to measure engagement
• Keyword Alerts: Monitors for concerning keywords related to self-harm, violence, or inappropriate content
• Search Logging: Records search queries for safety monitoring
• Time Limits: Enforces daily/weekly time limits for different website categories

Data Collection:

The extension collects the following data when monitoring is active:

• Screenshots: Captured images of the active browser tab (not the entire screen)
• Website URLs and Titles: To track which sites are being visited
• Time Spent: Duration on each website/application
• Activity Metrics: Click counts, keystroke counts (excluding sensitive fields), scroll distance
• Search Queries: What students search for online
• Tab Information: Open tabs and their status
• Idle Time: Periods of inactivity

Privacy Protections:

• Passwords and email fields are explicitly excluded from keystroke monitoring
• Monitoring only occurs when explicitly initiated by authorized school personnel
• Students are notified when monitoring is active via browser badge
• Data is transmitted securely via WebSocket connections to your school's AuthGuard server
• Screenshots and activity data are retained according to your organization's data retention policy
• The extension requires explicit user authentication through AuthGuard before activation

Permissions Required:

The extension requires the following Chrome permissions:

• tabs: To track which websites are being visited
• desktopCapture: To capture screenshots of browser tabs
• storage: To store monitoring settings and temporary data
• webNavigation: To track page navigation
• idle: To detect when the user is away from the computer
• notifications: To alert users about time limits and monitoring status
• host permissions: To inject monitoring scripts on all websites

Data Usage:

Data collected by the extension is used exclusively for:

• Providing real-time visibility to teachers during classroom sessions
• Generating screen time reports and usage analytics
• Ensuring student safety through keyword and content monitoring
• Enforcing organizational policies and time limits
• Creating activity summaries for parents and administrators

Data Retention:

• Screenshots are retained for 30 days by default (configurable by your organization)
• Screen time data is aggregated daily and retained for reporting purposes
• Alert logs for safety incidents are retained according to your school's policy
• Raw activity data older than 90 days is automatically purged

User Control:

• The extension only activates when a user is logged into AuthGuard
• Monitoring sessions must be explicitly started by authorized personnel
• Users can see when monitoring is active via the extension badge
• School administrators can configure which features are enabled
• Parents can request access to their child's screen time data

SendGuard is an optional feature that enables schools to manage approved email contacts for students using Google Groups. When enabled by a school administrator, SendGuard creates and manages Google Groups on the school's domain to facilitate controlled email communication between students and their approved contacts (typically parents or guardians).

How SendGuard Works:

• Google Group Creation: For each student with approved contacts, SendGuard creates a Google Group on the school's domain (e.g., parent-jsmith@schooldomain.org). This group is configured as hidden from the directory, restricted to members-only posting, and allows external members.
• Contact Management: School administrators upload approved parent/guardian contact information. SendGuard adds these email addresses as members of the student's Google Group via the Google Groups API.
• Email Routing: Students can email their approved contacts by sending to their group address. Google handles all email routing — UserAuthGuard does not read, store, or process email content.

Data Collected by SendGuard:

• Parent/Guardian Names: First and last name of approved contacts, as provided by the school administrator.
• Parent/Guardian Email Addresses: Used to add contacts as Google Group members.
• Parent/Guardian Phone Numbers: Optional, stored for school reference only.
• Relationship: The contact's relationship to the student (e.g., mother, father, guardian).
• Google Group Identifiers: The group email address and Google Group ID for each student's contact group.

What SendGuard Does NOT Do:

• SendGuard does not read, intercept, or store any email content.
• SendGuard does not monitor email communications between students and parents.
• SendGuard does not share parent/guardian contact information with any third party.
• SendGuard does not contact parents/guardians directly for any purpose.
• SendGuard does not retain data after a school disables the feature or terminates their account.

Google API Usage:

SendGuard uses three additional Google Workspace Admin SDK scopes to manage groups on behalf of your school:

• admin.directory.group and admin.directory.group.member — To create student contact groups and manage their membership.
• apps.groups.settings — To configure group privacy and posting restrictions.

These scopes are only used when SendGuard is enabled by a school administrator. All group operations are performed on behalf of the school's Google Workspace domain. Our use of Google API data adheres to the Google API Services User Data Policy, including the Limited Use requirements.

UserAuthGuard is committed to protecting student privacy in compliance with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g.

Education Records

Under FERPA, "education records" are records directly related to a student that are maintained by a school or by a party acting on behalf of the school. When your school uses UserAuthGuard, certain information we process on the school's behalf qualifies as education records, including:

• Student names and school-issued email addresses used for device assignment
• Device assignment records (which student is assigned to which Chromebook)
• Device check-in and check-out logs
• Device location data (when lost mode is enabled by a school administrator)

Our Role as a "School Official"

UserAuthGuard operates as a "school official" with a "legitimate educational interest" under FERPA's school official exception (34 CFR 99.31(a)(1)). This means:

• We perform a service that your school would otherwise need its own staff to perform — specifically, managing and securing school-owned Chromebook devices.
• We are under your school's direct control with respect to how we use and maintain education records.
• We use education records solely for the purpose of providing device management services to your school.
• We do not disclose personally identifiable information from education records to any third party except as directed by the school or as required by law.

Parent and Eligible Student Rights

FERPA gives parents (and students aged 18 and older) the right to:

• Inspect and review their child's education records. Contact your school administrator — they can access all records through their UserAuthGuard admin dashboard.
• Request correction of education records they believe to be inaccurate.
• Request deletion of their child's data. Schools can delete individual student records at any time, or contact us at privacy@userauthguard.com.

Data Retention and Deletion

We retain student education records only for as long as your school's account is active. When a school's subscription ends or a school requests deletion, we will delete or de-identify all student education records within 30 days. We do not retain student data for our own purposes after the school relationship ends.

UserAuthGuard complies with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. 6501-6506, which protects the online privacy of children under 13 years old.

School Consent on Behalf of Parents

When a school chooses to use UserAuthGuard, the school acts as the agent of parents to consent to our collection and use of student information, as permitted by COPPA and confirmed by FTC guidance. We rely on the school's authorization and do not collect personal information directly from students or ask students to create accounts.

Information We Collect About Students

We collect only the minimum information necessary to provide device management services:

• Student name and school email address — provided by the school through Google Workspace integration, used to assign devices to students.
• Device assignment records — which device is assigned to which student, and when.
• Check-in/check-out timestamps — when devices are checked out to and returned by students.
• Device location — collected only when a school administrator activates "lost mode" to locate a missing device. Not continuous.

What We Do NOT Do

• We do not use student data for advertising or marketing of any kind.
• We do not sell, rent, or trade student personal information to any third party.
• We do not use student data to build profiles for purposes unrelated to the school's educational mission.
• We do not contact students directly for any commercial purpose.
• We do not collect more information than is reasonably necessary to provide device management services.

Parents' Rights Under COPPA

Parents have the right to:

• Review the personal information collected about their child by contacting their school administrator.
• Request that the school direct us to delete their child's personal information.
• Refuse further collection of their child's information (the school can remove the student from UserAuthGuard at any time).

To exercise these rights, parents should contact their child's school directly. Schools can reach us at privacy@userauthguard.com for assistance.

Our use and transfer of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We may update this Privacy Policy periodically. We will notify you of any significant changes by posting the new policy on our website and updating the effective date.