Privacy Policy

How we collect, use, and protect your information

Effective Date: January 2026 | Version: 2.0

1. Introduction

Thinccc Inc. ("we," "us," or "our") operates the thinccc platform, a workforce readiness assessment tool that uses challenge-based learning and the 3CQ Framework to measure Critical thinking, Communication, and Collaboration skills. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our platform.

We are committed to protecting student privacy and complying with the Family Educational Rights and Privacy Act (FERPA), applicable state student privacy laws including California's Student Online Personal Information Protection Act (SOPIPA), Illinois' Student Online Personal Protection Act (SOPPA), New York Education Law 2-d, and other applicable privacy regulations.

2. Legal Basis for Processing

We process student data based on the following legal grounds:

  • Contract Performance: Providing educational services as specified in our Data Processing Agreement with your school or district.
  • Legitimate Educational Interest: Operating as a "School Official" under FERPA to support educational objectives.
  • Consent: Where specifically obtained for research participation or optional features.
3. Information We Collect

3.1 Account Information: Name, email address, school-assigned student ID, grade level, and class assignments provided by the school or district.

3.2 Assessment Data: Quiz responses and accuracy scores, skill proficiency measurements, and 3CQ Framework competency levels (Critical Thinking, Communication, Collaboration).

3.3 Behavioral Data: The 3CQ assessment captures approximately 500 behavioral data points per student across an 8-week challenge. This behavioral data enables validated measurement of workforce readiness skills and includes:

  • Task planning quality metrics (strategic connection, measurability, implementation specificity)
  • Reflection depth and written communication quality
  • Peer interaction ratings (listening, support, contribution)
  • Time-on-task and engagement patterns
  • Decision sequences and problem-solving approaches
  • Team collaboration and coordination behaviors
  • Deliverable contribution metrics

All behavioral data is used exclusively for educational assessment purposes and is never used for advertising, marketing, or non-educational profiling.

3.4 Usage Data: Log data, device type and browser information, and platform interaction data used to maintain and improve the service.

3.5 Acceptance and Authentication Data: We record timestamps and version numbers when users accept our Terms of Service and Privacy Policy. For administrator accounts, we may store encrypted two-factor authentication credentials to secure access to sensitive functions.

4. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Maintain user sessions and enable core platform functionality.
  • Preference Cookies: Remember your settings and preferences.
  • Analytics: Understand how the platform is used to improve educational effectiveness.

We do not use tracking technologies for advertising purposes. We do not serve behavioral advertising to students, and we do not allow third-party advertisers to collect information from our platform.

5. How We Use Information

We use collected information solely for educational purposes including:

  • Providing and improving the thinccc platform and 3CQ assessments
  • Generating skill assessments and progress reports for students, teachers, and administrators
  • Supporting teachers with student insights and intervention recommendations
  • Conducting research using only de-identified aggregate data
  • Ensuring platform security and preventing misuse
6. Information Sharing

We do not sell, rent, or trade student personal information. We share information only as follows:

  • Schools and Districts: As authorized in our Data Processing Agreement.
  • Service Providers: Third parties who assist in operating the platform under strict contractual obligations. See our Sub-Processor List at thinccc.com/subprocessors.
  • Research Partners: Using only de-identified aggregate data that cannot be traced to individual students.
  • Legal Requirements: As required by law or to protect rights and safety.

Corporate partners who sponsor challenges receive only aggregate, de-identified performance data and never receive personally identifiable student information.

7. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls with comprehensive audit logging
  • Multi-factor authentication required for administrative accounts
  • Regular security assessments and penetration testing
  • Employee background checks and mandatory privacy training
  • SOC 2 compliant data centers located exclusively in the United States
8. Data Retention

We retain data according to the following schedule:

  • Active Student Data: Retained while the school relationship is current and the account is active.
  • Inactive Accounts: Flagged for review after 12 months of inactivity.
  • Upon Termination: Data export provided within 30 days upon request; personal data permanently deleted within 45 days.
  • Audit Logs: Retained for 3 years then automatically purged.
  • De-identified Aggregate Data: May be retained indefinitely for research and platform improvement.
9. Your Rights

Parents and eligible students have the right to:

  • Access: Review education records and assessment data.
  • Correction: Request amendment of inaccurate information.
  • Deletion: Request deletion of personal data. Students can initiate deletion through their account settings or request data deletion here.
  • Data Portability: Request export of data in a standard format.
  • Opt-Out: Withdraw from participation (coordinated through the school).

Requests can be submitted to [email protected] or through the school administrator. We respond to valid requests within 45 days.

10. Age Restrictions

thinccc is designed for users age 13 and older. We do not knowingly collect personal information from children under 13. Users must confirm they are 13 years of age or older during registration. Schools should not create accounts for students under 13 years of age.

11. State Law Compliance

This Privacy Policy is designed to comply with applicable state student privacy laws. Where state law provides additional protections beyond those described here, those protections apply. Specifically:

  • California (SOPIPA): We do not use student data for targeted advertising or create advertising profiles.
  • Illinois (SOPPA): We execute Data Processing Agreements with all Illinois schools before data sharing.
  • New York (Ed Law 2-d): We comply with the Parents' Bill of Rights requirements for data protection.
12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify schools of material changes at least 30 days in advance and post the updated policy with a new effective date and version number. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy questions or to exercise your rights, contact:

Privacy Officer
Email: [email protected]
Address: Thinccc Inc., 15893 Arbor Crossing Dr, Granger, IN 46530

For general support: [email protected]

Terms of Service Back to Registration