LGPD in the classroom: what every teacher should know

When a class starts using an online platform, personal data shows up almost unnoticed: name, email, performance on each question, error patterns, access times. Brazil's General Data Protection Law (LGPD) — much like the GDPR — does not forbid this use; it requires that it be done with clear purpose, minimization, transparency, and security. This guide sums up what every teacher should know to use educational tools without exposing their students.

Why this is the teacher's responsibility too

Many educators believe compliance is the platform's problem alone. It is not. By choosing a tool, asking students to register, and handling their results, the school and the teacher act as data processing agents. The good news: meeting the LGPD in class means, in practice, adopting a few simple habits and choosing vendors that already take the topic seriously.

Purpose: use data only for what was agreed

The purpose principle says data collected for one goal cannot be used for another without a new legal basis. In the educational context, that means a student's email is for login and communication about the activity — not for marketing lists. At SimulAI, data serves exclusively to generate and deploy tests, maps, and presentations. Marketing based on student performance? We don't do it.

Minimization: collect the minimum necessary

The less data you collect, the lower the risk. Before requesting any information, ask whether it is truly necessary for the activity. National ID, address, phone, and date of birth are rarely needed for a classroom task. SimulAI collects email for login; everything else — tests, maps, presentations — is generated by the user and belongs to them.

Transparency: explain what happens to the data

Students and, for minors, their guardians have the right to know what data is collected, why, and for how long. A clear, accessible privacy policy is mandatory. It also helps to explain in class, in plain language, that the tool stores performance to produce reports — and that no outsider has access to it.

Security: the non-negotiable technical minimum

Security is not optional. The baseline every serious platform should offer includes:

• Encryption in transit (TLS) so data does not travel in plain text.
• Encryption at rest to protect what is stored.
• Need-to-know access, so only those who need it see certain data.
• Session auditing to trace improper access.

On the teacher's side, a few habits help as much as the technology: never share credentials with the class, avoid loose spreadsheets with grades and names, and prefer reports inside the platform over exports that end up forgotten on USB drives.

Children's and teenagers' data

Processing minors' data demands extra care and, generally, guardians' consent. Educational platforms should not target behavioral advertising at minors. If your class is made up of children, confirm how the tool handles this before adopting it.

The rights a student can exercise

The LGPD guarantees the data subject access, correction, anonymization, deletion, portability, and consent withdrawal. In practice, this means a student can ask to see or erase their data. Know where to route that request — at SimulAI, a single email to the contact address suffices, with a reply within the legal window.

A quick checklist before adopting a tool

Before bringing any platform to your class, run through these questions. If the answer to any of them is "I don't know", it is worth investigating before signing students up:

• Is there a clear, accessible privacy policy stating what data is collected and why?
• Does the tool collect only what is necessary for the activity, or does it ask for data that makes no sense for a classroom task?
• Is the data used only for the educational purpose, rather than becoming a base for advertising?
• Is there encryption in transit and at rest?
• Is it easy to exercise rights — view, correct or delete data — and is there a contact channel for that?
• Is there specific handling for minors, with no targeted behavioral advertising?

What to ask the vendor

If the school is evaluating a tool, it is worth asking in writing: where the data is stored, how long it is retained, who has internal access, and whether there are subprocessors (cloud services, for example) involved in the processing. Serious vendors answer this plainly — and a refusal to answer is, in itself, an answer.

In short

A good educational platform is one that does the job with minimal data and maximum care — and makes it easy for the teacher to act correctly. Clear purpose, lean collection, transparency, and security are not red tape: they are what keeps the trust of the class and families. That is the commitment we make, and what you should demand of any tool you bring into the classroom.