MJE Part Shop ("Part Shop," "we") is a browser-based 3D design tool provided to K-12 schools. This Privacy Policy describes what information we collect from students and teachers, how we use it, and the rights available to parents and schools under the Children's Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), and applicable state student-data laws (including SOPIPA, NY Ed Law §2-d, Illinois SOPPA, and Colorado HB21-1273).
Part Shop operates under the COPPA school-authorization exception (FTC guidance, 2013; updated 2023). Under this exception, a school may consent to the collection of personal information from students under 13 on behalf of parents, provided the information is used only for educational purposes and the operator meets the obligations listed below. Part Shop does not collect personal information from students for any commercial purpose, and does not permit third-party advertising to students.
Schools that enroll students in Part Shop must sign our Data Processing Addendum before student data is collected.
| Field | Source | Purpose | Retention |
|---|---|---|---|
| Student ID | Assigned by the teacher; typed by student at login | Identity across sessions; attribute work to a student | Until school end-of-year purge or delete request |
| Student name (optional) | Added to roster by the teacher | Display in teacher dashboard only; not shown to other students | Same as Student ID |
| Access code | Issued by school administrator | Authenticate the school tenant; derive school name for data isolation | Expires per issuance, typically one academic year |
| Design projects | Student saves their work | Restore the design in future sessions | Until delete request or 400 days of inactivity |
| Screenshots of student work | Student clicks "Share with Teacher" | Teacher review, feedback, assessment | Until delete request or end-of-year purge |
| Print requests (design + preview + STL) | Student submits for print approval | Teacher approves and downloads for 3D printer | Until delete request or 400 days |
| Teacher feedback comments | Teacher writes in portfolio | Formative assessment | Same as screenshot |
| Timestamps | Automatic on submission | Sort newest-first; audit | Same as parent record |
| IP address and user agent | Automatic on every request | Security, abuse detection | Per Cloudflare edge defaults (typically 7-30 days) |
What we do NOT collect: real names beyond what the teacher explicitly adds to the roster; email addresses; phone numbers; physical addresses; geolocation; biometric identifiers; social-media logins; device identifiers beyond the browser's own user agent. We do not use advertising identifiers.
We do not use student information for marketing, behavioral advertising, building user profiles for commercial purposes, or selling to third parties.
Part Shop relies on the following third-party services:
We do not use Google Fonts CDN, Google Analytics, Meta Pixel, or any other third-party tracker or CDN that would transmit student data outside the Cloudflare perimeter.
Under COPPA §312.6, parents have the right to:
Because Part Shop operates through schools, parents exercise these rights through the school. A parent who wishes to review, delete, or halt collection of their child's data should contact their child's teacher or school administrator, who will forward requests to us at privacy@part-shop.pages.dev and confirm identity before action. We respond within 10 business days.
In states with student data bills of rights (NY, IL, CO, CT, and others), students and their parents have the right to:
Part Shop uses HMAC-SHA256-signed session tokens, TLS 1.3 for all traffic, per-school tenant isolation, input sanitization, and server-side HMAC verification on every data endpoint. No system is perfectly secure. We disclose any confirmed security incident affecting student data to the school within 72 hours of confirmation.
Security contact: security@part-shop.pages.dev — see our Security policy.
We retain data only as long as needed for the educational purpose. Default retention limits:
Schools may request bulk deletion at any time via the teacher dashboard or by emailing privacy@part-shop.pages.dev.
Student data is stored on Cloudflare's global edge network, including US data centers. Cloudflare does not replicate KV data outside its edge network in a form that exposes it to other Cloudflare customers.
We will notify the school administrator of any material change at least 30 days before it takes effect. Continued use after the effective date constitutes acceptance.