DrawSplatTM Teacher Admin

Operator Guide

Run the Compliance Console.

Day-to-day guide for the eight sections inside Teacher Admin → Compliance Console. Pair this with Texas Compliance for the legal-language version and Google Apps Script setup for first-time installation.

Before you open the Console

  1. Set ADMIN_PASSCODE in your Apps Script project's Project Settings → Script Properties. Use 16+ random characters.
  2. Open Teacher Admin, unlock with the admin gate password, paste the Web App URL into Google Drive + Sheets, click Save URL.
  3. Click Test Connection. You want a green success message.
  4. Scroll to Compliance Console. First time you click into a section, the browser will ask for your ADMIN_PASSCODE — it's cached in localStorage after that.

Safety Review

What it does

Server-enforces the text keyword filter and link allowlist on every board save. Frozen boards reject all writes.

Daily use

Edge cases

The default block-list catches a small set of obvious harm keywords. Add your own in compliance.config.json under safety.text.patterns (regex strings) or safety.text.words. Use the Open Raw Config Editor button in Privacy Settings for live editing.

Family Access Tools

What it does

Parents submit requests at /parents/. Verified requests appear in the Console; you Approve, Deny, or mark Done.

Verification workflow

  1. In Student Age Band Lock, click Issue Parent Code next to a student. The browser shows the 8-character code once.
  2. Share the code with the parent through your existing parent-communications channel (email, paper note, SIS message, etc.). The server stores only a SHA-256 hash.
  3. Parent enters the code on /parents/. The ticket arrives in the Console as verified instead of pending_verification.
  4. Approve, Deny, or Done; the disposition is audit-logged.

Codes are 14-day single-use. Generate a new one if the parent didn't act in time.

Export & deletion

For verified export requests, click Export on that student's row in Age Lock. The browser downloads a ZIP with every board and turn-in plus a manifest. Email it to the verified parent through your normal channel.

For verified delete requests, click Delete. Two confirmations required. Drive files go to trash; sheet rows are removed; DATA_DELETED event is logged.

Student Age Band Lock

What it does

Assigns each student record one of under_13, 13_to_17, 18_plus, or unknown_minor. Server-locked.

Populating the roster

  1. Click Load Students — rows auto-populate from turn-ins. If you haven't run any turn-ins yet, the table is empty.
  2. Add Student — manual entry for one student at a time.
  3. Import Roster CSV — upload a CSV with header studentName, className, email, ageBand, ageSource, notes. Idempotent — re-uploading the same file updates rather than duplicates. Useful for first-day-of-school setup.

Changing a band

Use the dropdown next to the student. The browser prompts for a reason — required, logged in Activity Records as AGE_BAND_CHANGED with the old value, new value, and your reason.

Use Limits

What it does

Caps daily and per-session minutes for students. Enforces allowed-hours-of-day and weekend restrictions. Browser locks the workspace; server rejects saves outside the window so a reload can't bypass the lock.

Setup

  1. Toggle Enforce daily / session limits on.
  2. Set Daily seconds (e.g. 1800 = 30 min). Set Session seconds to 0 for "no per-session limit".
  3. Set Allowed hours start and end. Toggle Allow weekend access.
  4. Save Use Limits.

Affects students only; teachers bypass the cap when they're in teacher mode. A remaining-time chip appears at the bottom-right of the whiteboard for affected students.

Retention Policy & Cleanup

What it does

Archives or deletes boards based on age; prunes old audit rows. Available manually or on a nightly Apps Script trigger.

Setup

  1. Click Load Current to see the active thresholds.
  2. Set Archive boards after (e.g. 90 days) — older boards move to an Archive Drive subfolder.
  3. Set Delete boards after (e.g. 365 days) — older boards are trashed and the sheet row removed.
  4. Set Keep Activity Records (e.g. 365 days) — older audit rows are pruned.
  5. Save Settings.
  6. Click Install Daily Trigger once. From then on the cleanup runs nightly at 02:00 server time.

Manual Run Cleanup Now available any time. Each run writes a RETENTION_ACTION audit event with counts.

Privacy Settings

What it does

Read-only declarations the District Privacy Packet reports: storage location, encryption, third-party services, AI-training=NO, advertising=NO, data-sold=NO. Plus the Open Raw Config Editor dialog for advanced edits.

When to use it

Before a DPA review or compliance audit. Open the section, confirm everything looks accurate, then click Download District Privacy Packet at the bottom of the Console — that ZIP plus the policy pages is the artifact you hand over.

Activity Records

What it does

Append-only audit log of every compliance-relevant action. Filterable by action, actor, date. Exportable as CSV or JSON.

Common queries

Click Apply Filter, then Download CSV (spreadsheet-friendly) or Download JSON (machine-readable).

District Privacy Packet

What it does

One-click ZIP containing the current compliance configuration, the last 90 days of Activity Records as CSV, all parent-request tickets, and a README pointing at Terms & Privacy and the District Addendum.

When to use it

Any time a district reviewer, parent committee, or compliance auditor asks "what does DrawSplat actually do with our students' data?" One click in the Console; emails are unnecessary.

Where to read more