Platform Overview
MKTPraxis is an interactive marketing analytics education platform built by Dr. Andrew Baker, Associate Professor of Marketing at San Diego State University. It provides browser-based analytics tools, quizzes, live classroom games, and a market simulation designed for marketing courses.
| Attribute | Detail |
|---|---|
| Tools | 44 interactive analytics tools (descriptive stats, regression, clustering, time series, conjoint, neural networks, etc.) |
| Assessment | Quiz engine (7 question types), live classroom games, market simulation |
| Student access | Browser-only — no software installs, no app downloads |
| Cost to students | Free. No credit card, no paywall. |
| Operator | Andrew Baker / MKTPraxis (sole proprietorship, Utah) |
| Production since | 2024 |
Data & Privacy
What We Collect
| Data Category | What | Purpose |
|---|---|---|
| Account | Username, email (optional), hashed password | Authentication and account recovery |
| Educational activity | Tool usage timestamps, quiz scores, game participation | Instructor gradebook, engagement analytics |
| Security logs | Login timestamps, IP addresses (for failed login tracking only) | Abuse prevention and account lockout |
What We Do NOT Collect
- No real names required — students can use any username
- No payment information — platform is free for students
- No student-uploaded data on our servers — CSV files are parsed and analyzed entirely in the browser; raw data never leaves the student's device
- No cookies — authentication uses browser localStorage only
Data Sharing
We do not sell, rent, or share personal student data with third parties for advertising or marketing purposes. Data is shared only with:
- The student's instructor(s) — quiz scores, tool engagement, course-scoped analytics only
- Anthropic — if the student uses the optional Praxis Pal AI assistant, their messages (not personal data) are sent to Anthropic's API (Claude) for response generation (see AI Assistant section)
- Microsoft Clarity & Google Analytics — anonymous browsing patterns (page views, clicks) on public pages. These services do not receive usernames, emails, quiz scores, or any educational data
- SMTP2GO — for transactional emails only (password reset, MFA codes). No marketing emails unless user explicitly opts in.
Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion, or 3 years after last login |
| Educational activity data | 3 years after last login, then anonymized |
| AI assistant conversations | Automatically deleted after 48 hours |
| Failed login attempts | 24 hours |
| Anonymized aggregate analytics | Retained indefinitely (cannot be traced to individuals) |
Account Deletion
Students can request account deletion from their profile page. The process follows a 21-day grace period:
- Student initiates deletion (requires password confirmation)
- Account is immediately deactivated — login is blocked
- Confirmation email is sent with the permanent deletion date
- During the 21-day grace period, the student can contact us to reactivate
- After 21 days, account is permanently deleted. Personal data is removed; educational activity data is anonymized.
Administrators can also process manual deletion requests within 30 days at info@mktpraxis.com.
Full policy: Privacy Policy
Security
Infrastructure
| Component | Provider | Details |
|---|---|---|
| Backend API | Render (US) | Django 5.2 / Python on Daphne ASGI server |
| Frontend | Netlify (US CDN) | Static HTML/CSS/JS — no server-side rendering |
| Database | Render Managed PostgreSQL | PostgreSQL 16, US region |
| Real-time messaging | Upstash Redis (US) | WebSocket channel layer for games/classroom features |
| SMTP2GO | Transactional email only (MFA codes, password reset) |
All infrastructure providers are US-based. No student data is stored outside the United States.
Encryption
- In transit: All connections use HTTPS/TLS. HSTS is enforced with a 1-year max-age, subdomain inclusion, and browser preload list registration.
- Session cookies: Marked Secure and same-site. CSRF protection enabled on all state-changing endpoints.
- Passwords: Hashed with PBKDF2-SHA256 (Django default). Never stored in plaintext. Validated against 4 strength rules (minimum length, common password blocklist, similarity check, numeric-only check).
Authentication
| Feature | Status |
|---|---|
| Token-based authentication | Yes — tokens expire after 1 hour of inactivity |
| Two-factor authentication (MFA) | Yes — email-based 6-digit code, opt-in per user. Institutions can require MFA for their students upon request. |
| Rate limiting | Yes — login, registration, and password reset endpoints |
| Account lockout | Yes — 10 failed login attempts triggers 30-minute lockout |
| Login audit trail | Yes — every login event logged with timestamp and IP |
| SSO / SAML | Not yet |
Data Isolation
Course data is strictly scoped. Instructors can only view students enrolled in their own courses. There is no cross-course data visibility — one instructor cannot access another instructor's student data, quiz results, or engagement analytics.
Security Assessments
MKTPraxis has not undergone a formal third-party security audit (e.g., SOC 2, ISO 27001). As a single-developer educational platform, we prioritize transparency about our security posture rather than claiming certifications we don't hold.
We welcome security questions from institutional IT teams. Contact info@mktpraxis.com for detailed technical discussions.
AI Assistant (Praxis Pal)
MKTPraxis includes an optional AI-powered educational assistant called Praxis Pal. It helps students understand analytics concepts within the context of the tool they're using.
How It Works
- Students type a question while using an analytics tool
- The message and current tool context are sent to Anthropic's API (Claude model)
- The AI responds with an educational explanation scoped to the current tool
Data Sent to AI Provider
| Sent | Not Sent |
|---|---|
| Student's message text | Username or email |
| Current tool context (on-screen labels, chart descriptions) | Quiz scores or grades |
| System prompt (educational instructions) | Other students' data |
| Uploaded CSV data (processed client-side only) |
Guardrails & Limits
- 30 messages per day per student (configurable per institution upon request)
- Topic-scoped: Each tool context constrains the AI to relevant educational content
- Content filtering: System prompt prohibits harmful, offensive, or misleading content
- 48-hour auto-purge: All conversation data is automatically deleted from our servers after 48 hours. Only anonymous usage counts are retained.
Accessibility
MKTPraxis is committed to making its platform accessible to all students, including those with disabilities. We are actively working toward WCAG 2.1 Level AA conformance.
Current Status
Our accessibility remediation is ongoing. Current measures include:
- Skip navigation links on all pages
- Semantic HTML landmarks (
<main>,<nav>,<header>) - ARIA labels on all data tables and interactive elements
- Keyboard-visible focus indicators (
:focus-visibleoutlines) - Respect for
prefers-reduced-motionuser preference - Form labels and
aria-describedbyon inputs - Color contrast ratios meeting AA thresholds in primary UI
VPAT
A formal Voluntary Product Accessibility Template (VPAT) is not yet available. We can provide our internal accessibility audit data and discuss specific accommodation needs for your students. Contact info@mktpraxis.com.
Reporting Barriers
If you or your students encounter an accessibility barrier, please report it to info@mktpraxis.com. We aim to address reported accessibility issues promptly.
FERPA
MKTPraxis is designed to support institutional compliance with the Family Educational Rights and Privacy Act (FERPA). The platform's architecture reflects FERPA principles:
- Minimum necessary data: We collect only what's needed for educational functionality (username, optional email, tool usage, quiz scores)
- Course-scoped access: Instructors can only view data for students enrolled in their own courses
- No third-party data sales: Student data is never sold, rented, or shared for advertising
- Student data rights: Students can view, export, and request deletion of their data
- Audit trail: Login events and access patterns are logged for security monitoring
Integrations & Browser Requirements
LMS Integration
| Feature | Status |
|---|---|
| LTI 1.3 (Canvas, Blackboard, etc.) | Not yet |
| Canvas gradebook sync | Planned |
| SSO / SAML | Not yet |
| Standalone gradebook CSV export | Available |
MKTPraxis currently operates as a standalone platform. Students access it via registration codes provided by their instructor. Gradebook data is exportable as CSV for manual import into any LMS.
Browser Requirements
MKTPraxis runs in any modern web browser. No plugins, extensions, or software installs required.
- Supported: Chrome, Firefox, Safari, Edge (current and previous two major versions)
- Not supported: Internet Explorer
- Devices: Desktop, laptop, and tablet. Some tools work on mobile, but desktop is recommended for the best experience.
Compliance Checklist
Quick-reference table for common institutional requirements:
| Requirement | Status | Notes |
|---|---|---|
| HTTPS / TLS encryption | Yes | HSTS enforced, 1-year max-age, preload registered |
| Password hashing | Yes | PBKDF2-SHA256, 4 validation rules |
| Two-factor authentication | Yes | Email-based, opt-in. Institutional enforcement available upon request. |
| Rate limiting & lockout | Yes | Login, registration, password reset endpoints |
| Course-scoped data isolation | Yes | Instructors see only their own students' data |
| Student data export | Yes | Gradebook CSV export available |
| Account deletion | Yes | Self-service with 21-day grace period, or manual request |
| Data retention policy | Yes | 3 years active, then anonymized. AI chats purged at 48 hours. |
| No student data sales | Yes | Never sold, rented, or shared for advertising |
| CSV/upload data stays client-side | Yes | All student-uploaded data processed in-browser, never sent to servers |
| Free for students | Yes | No credit card, no paywall, no student charges |
| FERPA support | Supported | Architecture supports FERPA compliance. DPA available on request. |
| WCAG 2.1 AA | In progress | Active remediation ongoing. Internal audit data available on request. |
| SOC 2 / ISO 27001 | No | No third-party security audit to date |
| LTI / LMS integration | Planned | Canvas gradebook sync in development pipeline |
| SSO / SAML | No | Not yet available |
| Uptime SLA | No | Best-effort availability. No contractual uptime guarantee. |
Questions?
We welcome inquiries from institutional IT, compliance, procurement, and accessibility teams.
General & technical: info@mktpraxis.com
Academic & institutional partnerships: drbaker@mktpraxis.com
Related documents: Privacy Policy · Terms of Use · Contact & Info