General Provisions
This Privacy Policy has been established by Digiwill Co., Ltd. (hereinafter "Digiwill"), the operator of ClassI — Next-Generation Classroom Management Solution (hereinafter "ClassI"), to comply with the Personal Information Protection Act (PIPA), the Framework Act on Education, the Elementary and Secondary Education Act, and other applicable laws and regulations.
ClassI enables teachers to remotely monitor and control student devices during classroom instruction. This Policy describes how personal information is collected, used, stored, and shared throughout that process.
This Privacy Policy covers the following software and services provided by Digiwill (collectively, "Services"):
Data Collection — Categories and Methods
In accordance with the principle of minimal processing, Digiwill collects only the data strictly necessary to provide each software feature:
- Data Collected
- Device name · IP address · Current screen status · List of active websites / apps / programs · Network connection status
- Collection Trigger
- Automated real-time collection via software agent — active during class hours only
- Data Collected
- Device control logs: timestamp of control action · type of action (lock / unlock / app restriction / screen switch) · target device identifier
- Collection Trigger
- Logged automatically each time the teacher explicitly issues a control command
- Data Collected
- Full AI conversation text (student questions + AI responses) · Timestamp of conversation · Student identifier (student ID or anonymised ID)
- Collection Trigger
- Automatically recorded whenever the student uses the in-app AI feature
- Data Collected
- Real-time screen data from the student's device (live streaming frames only)
- Collection Trigger
- Transmitted in real time when the teacher explicitly issues a broadcast command
- Automated real-time collection via software agent (client program installed on student devices)
- Automatic logging each time the teacher explicitly executes a control command
- Submission of written or electronic consent forms by students and guardians
Purpose of Data Use
Digiwill uses collected personal information only within the purposes listed below. Use beyond these purposes is strictly prohibited.
| Feature | Purpose of Use | Legal Basis (PIPA) |
|---|---|---|
| Real-Time Monitoring | Monitor class engagement; block inappropriate content; maintain learning environment | Art. 15(1)(6) — Legitimate Interest |
| Screen Control | Lock/unlock devices; restrict apps; support orderly instruction | Art. 15(1)(6) — Legitimate Interest |
| AI Conversation Data | Assess AI usage patterns; prevent inappropriate content; improve educational quality | Art. 15(1)(1) — Explicit Consent |
| Screen Broadcast | Support presentations, collaborative tasks, and teacher demonstrations | Art. 15(1)(6) — Legitimate Interest |
Data Storage and Retention Periods
Digiwill retains personal information only for the minimum period necessary. Data is destroyed immediately upon achievement of its collection purpose.
| Data Category | Where Stored | Retention Period | Deletion Method |
|---|---|---|---|
| Real-Time Monitoring Data | Teacher's screen only (RAM / display buffer) | Not stored | Discarded immediately after display |
| Screen Control Logs | Internal server (encrypted) | 30 days | Automatic permanent deletion |
| AI Conversation Content | Encrypted cloud storage (if applicable) | ≤ 3 months | Irrecoverable deletion / anonymisation |
| Screen Broadcast Data | Not stored — live stream only | Not stored | N/A |
| Consent Forms & Records | Secure internal archive | 2 years post-enrollment | Shredded / permanently deleted (per education law) |
Data Destruction — Procedures and Methods
① Destruction Procedure
Once the collection purpose is achieved, data is moved to a separate database and retained only as long as required by law, then destroyed. Data in this interim state is not used for any other purpose.
② Destruction Methods
- Electronic files: Permanently deleted using irrecoverable methods (e.g., multi-pass overwriting, certified deletion software)
- Printed materials / paper documents: Mechanically shredded or incinerated
Security Measures
Pursuant to Article 29 of the Personal Information Protection Act, Digiwill implements the following technical, administrative, and physical safeguards.
① Technical Safeguards
- All communication between student device agents and teacher servers uses encrypted dedicated channels (TLS)
- Access privileges follow the principle of least privilege, assigned per teacher / administrator account
- Intrusion detection systems (IDS) and firewalls are operated; regular vulnerability assessments are performed
- Access logs are retained for at least 6 months with tamper-prevention controls applied
② Administrative Safeguards
- The number of personnel who handle personal information is kept to the minimum necessary
- Mandatory periodic personal information protection training is provided to all handlers
- Internal management plans are established and reviewed/updated annually
- All handlers sign confidentiality agreements; access rights are revoked immediately upon role change or resignation
- A Chief Privacy Officer (CPO) is designated to regularly supervise processing activities
③ Physical Safeguards
- Servers and storage devices are maintained in access-controlled, locked facilities
- External physical access to devices is prohibited; entry/exit records are maintained
Chief Privacy Officer and Contact Information
Digiwill has designated the following Chief Privacy Officer to protect user data and handle related complaints:
- Organisation
- Digiwill Co., Ltd.
- Phone
- 031-213-9280
- brick@digiwill.co.kr
- Response Time
- Within 10 business days of receipt
For personal information infringement reports or further enquiries, you may also contact:
Data Sharing — Third-Party Disclosure
Personal information is shared with third parties only in the following limited circumstances:
| Circumstance | Details | Safeguard |
|---|---|---|
| User / Guardian Consent | Data shared only when explicit prior consent has been obtained from the user or their legal guardian | Consent required before any disclosure |
| Legal / Investigative Request | Disclosure required by law or requested by investigative authorities following legally prescribed procedures | Only via lawful process |
| Statistical / Research Use | Provided only in fully anonymised, de-identified form for statistical compilation, academic research, or market research — no individual can be identified | Anonymised / de-identified only |
Data Processing Entrustment (Sub-Processors)
For software operation and maintenance, Digiwill may entrust personal information processing to the following vendors. All entrustment agreements contain explicit data protection obligations, and vendors are supervised to ensure compliance.
| Sub-Processor | Tasks Entrusted | Data Accessed | Retention |
|---|---|---|---|
| Software Development & Maintenance Vendor | System operation, bug fixes, feature improvements | Minimum necessary for maintenance tasks | Duration of agreement |
| Cloud Server Operator (if applicable) | Encrypted storage and management of AI conversation data | AI conversation data only | Duration of agreement |
Rights of Data Subjects (Students and Guardians)
Students and guardians (legal representatives) may exercise the following rights at any time:
- Access — Request confirmation of what personal information is being processed
- Correction / Deletion — Request correction of inaccurate data or deletion of unnecessary data
- Processing Suspension — Request suspension of specific data processing activities
- Withdrawal of Consent — Withdraw consent for collection and use at any time without penalty
Rights may be exercised by contacting the Chief Privacy Officer (Article 7) in writing, by phone, or by email. Requests will be processed and responded to within 10 business days.
Amendments to This Privacy Policy
Digiwill will provide advance notice of any amendments to this Privacy Policy at least 7 days before they take effect, via in-app announcements or school newsletters. For material changes, at least 30 days' advance notice will be given.
| Current Version | v1.0 |
| Effective Date | January 15, 2026 |
| Last Modified | January 14, 2026 |
