Scope and operator
This notice applies only to the isolated Ascent Arcade hosted at arcade.thescholarsascent.org. It does not describe The Scholar's Ascent Assessment Center, a school roster system, or a separate teaching website. The Arcade is provided by Reminiscent Road Media LLC.
The Arcade uses a separate Firebase project and does not receive direct Firestore, Realtime Database, Storage, password, or roster access to the Assessment Center.
Data we process
| Data | Why it is needed | What users see |
|---|---|---|
| Firebase account identifier and security tokens | Authenticate a player, teacher, creator, or owner and prevent unauthorized requests. | A scoped alias, not the identifier. |
| Teacher email for verified teacher or owner sign-in | Account authentication and recovery. It is not copied into rooms, question banks, game reports, or public library entries. | Not shown to players or library users. |
| Room and gameplay records | Create/join rooms, enforce kick/restore/end controls, grade answers against immutable published banks, and create alias-only reports. | Room-scoped aliases, question content, score, and progress. |
| Aggregate product events | Measure reliability and broad feature use. Events exclude names, aliases, room codes, answers, URLs with query strings, and account IDs. | Owner metrics are suppressed below five qualifying contributors or actions. |
| Feedback text and optional page path | Investigate a reported problem and publish a visible resolution. | A random tracking code; public status never returns the original message. |
| Billing identifiers, if paid plans are enabled | Connect a teacher workspace to a Stripe customer and subscription status. | Plan and subscription status; the Arcade does not store full payment-card details. |
| Security signals | App Check, rate limiting, abuse prevention, request replay protection, and audit evidence. | Usually not displayed. |
Data we do not collect for gameplay
- Student real names, student email addresses, birth dates, student numbers, postal addresses, phone numbers, or class rosters.
- Advertising identifiers, precise location, contacts, photos, microphone recordings, or camera recordings.
- Raw answer text in telemetry. Authoritative grading uses a submitted answer only for the active attempt; durable result records retain correctness and score rather than a readable student-response profile.
- Password or service-account credentials in Arcade records.
Do not place personal information in a player alias, question bank, report title, feedback message, or workspace label.
Children, parents, and school use
The Arcade is designed to minimize information about children. A student can join public or teacher-hosted play with anonymous Firebase authentication and a generated alias. The service does not ask a student for age or a real-world identity.
Homework codes remain bound to a generated tenant-scoped player reference. Anonymous homework play does not create a persistent cross-session XP profile. A signed-in player can earn persistent XP, badges, tokens, and unlock inventory in either a verified teacher workspace or the Arcade's isolated public-play scope. Rewards remain scoped to that context, are never displayed as a public student profile, and can be exported or deleted from the private Progress page.
For classroom use involving children under 13, a school or district must authorize use for a legitimate educational purpose and provide any notices or consent required by its policies and applicable law. A teacher's action does not transfer the operator's legal responsibilities to the teacher. For independent use by a child under 13 outside a school-authorized context, a parent or guardian must direct and supervise use and contact us before providing any personal information.
This notice describes the product's data practices; it is not a certification that every school deployment automatically satisfies COPPA, FERPA, or state law. Schools should complete their own privacy review.
How data is used
- Deliver games, published question banks, room moderation, score reports, account workspaces, and support.
- Protect the service through authentication, App Check, rate limits, fraud prevention, audit records, and incident investigation.
- Operate subscriptions when a paid plan is selected.
- Publish aggregate product metrics, survey results, recent changes, and feedback resolutions without individual learner drilldowns.
We do not sell personal information, run targeted advertising, build student advertising profiles, or use student gameplay for unrelated commercial purposes.
Service providers and disclosure
Google Cloud and Firebase provide hosting, authentication, databases, storage, serverless functions, App Check, and related security infrastructure. Stripe processes payment information if paid plans are enabled. These providers process data to deliver their contracted services.
We may disclose data when required by law, to protect users or the service, or as part of a business transaction subject to appropriate protections. We do not provide student gameplay records to advertisers or data brokers.
Retention schedule
- Game attempts and free-plan result rows: generally 90 days after completion, matching the Free plan's available class-trend window.
- Homework assignments and tenant-scoped redemptions: retained while the teacher workspace needs the assignment; attempt results follow the applicable report-retention period. Teachers can close or archive assignments.
- Persistent progression: retained for the signed-in tenant-scoped profile until progression or related account data is deleted. Anti-farming counters expire after two to three days and request receipts generally after 30 days.
- Active rooms and access records: expire with the room; service receipts generally expire after 30 days and security/audit evidence generally after 365 to 400 days.
- Raw feedback text and page context: up to 30 days, and deleted earlier when feedback is resolved or declined. Non-content tracking status may remain to preserve the public trust loop.
- Anonymous Firebase accounts: configured for automatic deletion after 30 days.
- Teacher accounts and authored banks: retained while the account is active or as needed to deliver the service. An account deletion request enters a 30-day recovery window before final deletion processing.
- Billing records: retained as required for subscription administration, tax, accounting, fraud prevention, and legal obligations.
- Backups: production Firestore backups are scheduled daily with seven-day retention. Deletion from a backup follows the backup lifecycle.
Time-to-live deletion is asynchronous. An expired record must not grant access while deletion is pending.
Choices and requests
- A teacher can manage workspaces, invitations, authored banks, visibility, reports, subscription settings, and account deletion from authenticated product pages.
- A feedback submitter can use the random tracking code to view status without disclosing identity.
- A parent, eligible student, teacher, or school may request access, correction, deletion, or an explanation of data practices by contacting us. We may need to verify authority without collecting more information than necessary.
Security and limitations
Direct browser access to Firestore and Storage is denied for the public release. Sensitive operations are mediated by authenticated server routes with App Check, tenant-derived authority, rate limits, bounded schemas, immutable published versions, action-neutral idempotency, audit evidence, and scoped aliases. No system can guarantee absolute security; report a suspected vulnerability without including student data.
Contact
Email info@reminiscentroadmedia.com with the subject “Ascent Arcade privacy.” Do not include student names, room codes, answers, or other sensitive information.