Privacy Policy

CAT Prints

prints.whscat.com

CAT Prints is the order and job-tracking queue for CAT's classroom fabrication services: printing and custom products (banners, posters, stickers, fatheads, shirts, laser-cut items) and photobooth and popcorn rentals. Staff manage orders, and student workers ("specialists") help produce them.

What an order collects: your first and last name and email address, the order details (sizes, quantities, an optional project name and design description, and for rentals the event date and location), and any files you upload. We do not collect a phone number, and there are no advertising or tracking cookies.

Who sees it: CAT staff see the full order to fulfill it. Student-worker specialists see a minimized view, first name and last initial only, with no email and no pricing. The in-shop TV board shows only first name and last initial.

Sign-in: staff sign in with Google (OpenID Connect), limited to an allow-list. openidemailprofile Used only to confirm an authorized staff member and display the account, held in the session and not written to our database. Student workers sign in with a username and a securely hashed password, not a Google account.

Data minimization: uploaded design files are automatically deleted about 14 days after an order is completed, and hidden metadata (such as GPS and camera info) is stripped from uploaded photos. Order information is never sent to any advertising, analytics, or AI service. Database backups are encrypted and stored off-site.

What we do not access: any Google data beyond the staff sign-in above.

CAT Board

catboard.whscat.com

CAT Board powers the digital signage on the classroom TVs. Students and staff share photos of field trips, classwork, and CAT events by emailing them to whs.catphotos@wuhsd.org, a district Google Workspace account. A photo is displayed only for a student whose parental media-release consent is on file, and clearing that consent removes their photos and blocks new ones.

Sign-in: Only authorized CAT staff (Mr. Oliver and Mr. Swanson) sign in with Google to reach the dashboard. openidemailprofile Student and other accounts are not authorized to sign in. The mailbox is read using IMAP with an app password, not a Google API, so no Gmail scope is involved.

Review before display: apart from a few vetted social-media-team students, every submission waits in a queue and is not shown until a staff member approves it. Staff can remove any photo at any time.

Data minimization: location and device metadata (EXIF and GPS) are stripped from every photo and video on arrival. Media is served only through short-lived signed links, never a public folder. A student's email is stored once on the roster rather than on each photo, the original device filename is not kept, and identifying details are kept out of the application logs. No photo is ever sent to an AI service, and the optional text-moderation feature that could send a caption to an AI service is turned off.

What we store: the submitted photos and videos (which may show students and CAT activities), a first name and last initial for on-screen attribution, and the staff reviewer's name and email (to record who reviewed a photo). Displayed media appears only on in-classroom signage.

Retention: photos and videos are automatically removed after about 90 days, and a student's records are purged after they graduate. The internal review history keeps no student names and is pruned after a year. A single action erases a student and their photos on request, and backups are encrypted before any copy leaves the server.

What we do not access: any other Google data.

CAT Print Farm

printfarm.whscat.com

CAT Print Farm automates and tracks our classroom 3D-printer fleet. Students do not log in. A student submits a print request through a Google Form, providing their name, school email, class period, and a sliced print file. The form responses collect into a Google Sheet, which our software reads using a Google service account (read access to that Sheet and read-only access to the uploaded file in Drive). Our software checks that the file was sliced correctly, dispatches it to a printer in the classroom, and emails the student when the print starts and finishes, including a timelapse video of the job.

Staff dashboard: CAT staff sign in with Google (openid, email, profile), limited to an allow-list, to manage the printer fleet. No student signs in.

Notification email: these messages are sent from whittierhighstem@gmail.com using standard email (SMTP with an app password, not a Google API). This is a temporary sending account used until the district provisions a dedicated address.

What we store: the name, email, and class period the student enters; the submitted print file; the print job's status; and the timelapse media.

Data minimization: the uploaded file is dispatched to the printer under a non-identifying job number (for example CAT-1234), so a student's name and class period are not embedded in the file sent to the printer or shown on the printer. A job's identifying details (name, email, teacher, class period) are automatically removed from its record about 30 days after the print finishes, leaving only non-identifying job statistics. The separate filament-usage tally is kept under a one-way identifier, not a name or email.

What we do not access: any data from a student's personal Google account. The service account reads only the academy's own form-response Sheet and the file the student uploaded, read-only.

CAT Jukebox

jukebox.whscat.com

CAT Jukebox is a classroom reward tool: a student may queue a song to play on the classroom jukebox only when they are caught up on their Google Classroom work. This is the only app that reads Google Classroom data, and it does so read-only.

Student sign-in. Students sign in with a username and a securely hashed password issued within the app, not a Google account. Each student also has a small linked record used for the work check (described below).

Teacher sign-in and Classroom connection. A teacher signs in with Google and connects their Google Classroom. To identify the connecting teacher, the app requests two identity scopes (openid and userinfo.email). To run the work check, it then reads the following, read-only, for the classes that teacher teaches:

• Classes (classroom.courses.readonly): class names and IDs, to identify the relevant courses.
• Coursework (classroom.coursework.students.readonly): assignment titles, types, and due dates, to determine which assignments are past due.
• Student submissions (classroom.student-submissions.students.readonly): each student's turned-in status, and the first and last name a student types into two short-answer "name" questions the teacher posts.

Why. We use this data to compute, per student, how many assignments are past due and not turned in, and to show the appropriate status. The two name answers are used to link a student's otherwise-anonymous Google identifier to their jukebox account, because our district does not expose student names through the Classroom directory.

What we do not access or store. We do not access or store student grades or scores, assignment file contents, student email addresses, the class roster or directory, or any district student-ID number. We never store a student's full last name. From Classroom, a matched student is stored only as an opaque Google identifier and a missing-assignment count, with no name at all. A first name and last initial are kept only temporarily for a student we could not match automatically, so a teacher can resolve it, and are removed once the student is matched. In public views, students appear as a first name and last initial only (for example, "Marcos R.").

How it's handled. Classroom data is read through the connecting teacher's account, processed on a private server, and reduced to a small per-student record in a local database. The raw coursework and submissions are processed in memory and are never saved. Counts refresh automatically and are overwritten on each sync. The teacher's authorization is encrypted at rest, is used only to enable that refresh, and is deleted when the teacher disconnects. A student's record is removed when the student is deleted, when Classroom is disconnected, or when the student is no longer enrolled in the teacher's classes.

Music playback. Selected songs play through the classroom's own Spotify account, connected once by a staff member. Students do not connect a personal music account, and we do not access any student music-service data.