Traffic Lite Security

Last updated: May 12, 2026

Overview

Traffic Lite is designed to help K–12 schools communicate and manage AI-usage expectations within Google Classroom.

Traffic Lite was intentionally designed using a data-minimization approach. The platform does not collect student submissions, assignment body content, or student private communications from Google Classroom.

Traffic Lite processes limited account, classroom, and AI-policy metadata only as necessary to provide the service.

Privacy Commitments

Traffic Lite:

  • Does not sell student, teacher, or school data

  • Does not display advertising

  • Does not build behavioral advertising profiles

  • Does not use student or school data to train general-purpose AI models

  • Does not access student submissions or private communications

  • Collects only the minimum information necessary to operate the service

Traffic Lite is intended for school-authorized educational use.

Data Collected

Depending on configuration and user role, Traffic Lite may process:

  • Teacher and administrator name/email

  • Google account identifier

  • Google Classroom course identifiers

  • Google Classroom coursework/material identifiers

  • AI-policy selection metadata (Green/Yellow/Orange/Red)

  • Basic usage telemetry and timestamps

  • Application diagnostics and security logs

  • User-submitted support requests and optional attachments

Traffic Lite does NOT collect:

  • Student assignment submissions

  • Student essay/writing content

  • Student private communications

  • Financial/payment information

  • Precise geolocation information

  • Health or biometric information

  • Student browsing history unrelated to Traffic Lite functionality

Data Storage Regions

Traffic Lite data is currently hosted using cloud infrastructure providers operating primarily within the United States.

Certain subprocessors may process limited operational metadata within other approved jurisdictions consistent with applicable agreements and law.

Google API Access

Traffic Lite integrates with Google Classroom using limited OAuth scopes.

Traffic Lite currently uses scopes including:

  • userinfo.email

  • userinfo.profile

  • classroom.courses.readonly

  • classroom.courseworkmaterials

  • classroom.topics

Traffic Lite does not request Google Classroom roster/member-email scopes in its current production configuration.

Traffic Lite’s use of Google user data adheres to the Google API Services User Data Policy, including Limited Use requirements.

Google API Services User Data Policy: https://developers.google.com/terms/api-services-user-data-policy

Security Practices

Traffic Lite uses administrative, technical, and physical safeguards designed to protect school-related information, and follows a least-privilege access philosophy designed to limit internal access to production systems and data.

Security measures include:

  • Encryption in transit using HTTPS/TLS

  • Industry-standard cloud infrastructure providers

  • Restricted administrative access

  • Role-based access controls where applicable

  • Authentication through Google OAuth

  • Environment separation between staging and production systems

  • Monitoring and logging for reliability and security purposes

  • Limited internal access to production systems

  • Vendor/subprocessor review and management

Traffic Lite aligns its security practices with industry-standard cybersecurity principles, including concepts reflected in the NIST Cybersecurity Framework.

Traffic Lite maintains operational backup and recovery practices designed to support service continuity and incident recovery.

Data Retention & Deletion

Traffic Lite retains data only as long as necessary to provide the service, maintain security, comply with contractual obligations, or satisfy legal requirements.

Schools and authorized educators may request deletion of associated data.

Deletion requests may be submitted to Derek Tranchina at Derek@TrafficLiteEdu.com

Traffic Lite will work with schools to securely delete or transfer applicable data within commercially reasonable timeframes and in accordance with applicable agreements.

Incident Response

Traffic Lite maintains procedures designed to identify, investigate, and respond to potential security incidents.

In the event of a confirmed data breach involving protected school-related information, Traffic Lite will provide notice consistent with applicable law and contractual obligations.

Subprocessors

Traffic Lite uses carefully selected third-party service providers (“subprocessors”) to help operate the platform.

Current subprocessors may include:

  • Google: Authentication and Classroom API services

  • Railway: Application hosting/infrastructure

  • MongoDB Atlas: Database hosting/storage

  • Resend: Transactional email delivery

  • Netlify: Frontend hosting/deployment

These providers process data only as necessary to provide their services.

Traffic Lite works to ensure subprocessors maintain reasonable security and privacy protections.

Accessibility

Traffic Lite is committed to improving accessibility and usability for all users.

Traffic Lite strives to align with applicable accessibility standards, including WCAG guidance, where feasible for a Chrome extension and related web applications.

Accessibility questions or requests may be sent to: Derek@TrafficLiteEdu.com

Security Contact

Questions regarding security or privacy may be directed to:

Derek Tranchina | Leading Edge Learning, LLC | Derek@TrafficLiteEdu.com