A learning surface
that respects FERPA.
Credentials are linked to a real person — so we have to be careful about the data we collect, where we keep it, and who sees it. This page describes the system honestly, including the surfaces where data does cross devices.
Two surfaces. Different rules.
1. Local-only (your browser)
The following data never leaves your device. Stored in
localStorage on the domain teachplay.dev. Cleared when you
clear browser site data:
| Key | What it stores |
|---|---|
hb:annotations | Highlights and notes you make on any page (text, prefix/suffix anchors, your note text). |
hb:achievements | Which achievement IDs you've unlocked. |
hb:visited:s## | Which sessions you've opened. |
hb:games-clicked | Which game-showcase cards you've opened. |
hb:role | student or instructor — the role-switch view toggle. |
hb:no-gamify | Achievement system mute state. |
hb:cursor-off | Custom cursor opt-out state. |
hb:quickcheck:seen | Spot the Loop item bank cooldown timestamps. |
hb:xapi:queue | Buffered xAPI events waiting to flush. See §2. |
1b. xAPI verb catalog (full list of events recorded)
Every learning event the site captures is one of the nine xAPI verbs below.
The site does not record keystrokes, mouse positions,
camera/microphone, or any biometric signal. Source:
xapi.js in the
repository.
| Verb | When it fires | What's stored |
|---|---|---|
started | First load of a session page | activity_id (session/s03), timestamp |
experienced / viewed | A section block scrolls into view ≥ 40% for ≥ 2 s | activity_id (section/s03/core), timestamp |
heartbeat | Every 60 s while the session-page tab is active | activity_id, timestamp (used to compute time-on-task) |
attempted / answered / responded | Quiz item interactions | activity_id, response value, correctness |
scored | End-of-quiz score | activity_id, raw score, percentage |
completed | "Mark session complete" click | activity_id, timestamp |
submitted | Deliverable upload | activity_id, file hash (SHA-256 — no file body) |
reviewed | Instructor scores a deliverable | activity_id, criterion-level score |
verified | Credential verification flow | credential_id, verifier identity if provided |
Annotations and notes are never serialized into xAPI events. They live exclusively in your browser's localStorage.
2. Server-side (only when you enroll)
If — and only if — you complete the enrollment modal with your name and email, a Cloudflare D1 database stores:
| Field | What it stores |
|---|---|
learner_id | A pseudonymous UUID generated on enrollment. Not derived from your email. |
name, email | What you typed at enrollment. Used for credential issuance. |
cohort | The cohort slug (e.g. 2026-spring). |
enrolled_at | Timestamp. |
cred_status | none / pending / issued. |
| xAPI events | One row per learning event: started, heartbeat, viewed, answered, completed. Includes activity_id and timestamp; does not include free-text notes or annotations. |
Three people. No third parties.
| Role | Access |
|---|---|
| PI: Jewoong Moon | Full access to D1 records via Cloudflare Workers admin API. Reviews learner submissions for credential issuance. |
| ACHE program analyst (Beth Hackett) | Quarterly aggregate reports — counts, completion rates, deliverable scores. Not learner-identifiable detail. |
| UA institutional research / FERPA office | On request only, under FERPA-permitted disclosure rules. |
The site's xAPI endpoint and admin endpoints are gated by an issuer API key held by the PI. There are no third-party data processors beyond Cloudflare (the hosting provider).
Credential records are education records.
Once you are issued the AI-enhanced Educational Game Design credential, that issuance creates an "education record" under the Family Educational Rights and Privacy Act (FERPA, 20 U.S.C. § 1232g). The issuance record contains:
- Your name (as you provided it)
- Your email
- The cohort identifier
- The five deliverable scores
- The signed Verifiable Credential JSON (Open Badges 3.0)
Under FERPA you have the right to inspect this record, request correction, and restrict directory-information disclosure. Requests via jmoon19@ua.edu with subject line "FERPA request: [your name]".
How long we keep things.
- localStorage data: until you clear browser data. We do not expire it.
- Enrollment + xAPI records: kept for the active grant period plus three years (per ACHE record-retention guidance) for evaluation reporting, then aggregated and the per-learner rows deleted.
- Issued credentials: the signed VC + status-list bit remain live indefinitely so verifiers can check the credential. Per FERPA, learners may request that the credential be revoked (status-list bit flipped); the signed VC itself becomes verifiable-but-revoked.
What you can ask us to do.
Three requests, one inbox
- Inspect: we send you a JSON dump of every row tied to your learner_id within 14 days.
- Correct: typos in your name on the credential, or an incorrect deliverable score — we fix and re-issue.
- Delete: we revoke the credential (status-list bit) and delete the per-learner rows from D1. This is not reversible.
All three: jmoon19@ua.edu. We acknowledge within 5 business days and complete within 30.
We don't set any.
The site uses localStorage (per-origin browser storage) for the
values listed above. It does not set HTTP cookies. There is no
tracking pixel, no session cookie, no advertising ID. The Cloudflare edge may
include its own infrastructure cookies (e.g. __cf_bm for bot
management) which are governed by
Cloudflare's privacy policy.
Statement last reviewed 2026-05-05. Revised whenever a new data field is added or a storage location changes.