For what it’s worth, I as the 3rd party pack maker have no access whatsoever to any data that’s being processed through my pack. I can only examine the logs if the person explicitly shares the doc with me.
I could technically leak the data into a doc of my own lol but of course I’m not doing any of that. If anyone has doubts I can hop on a call and walk the person through the source code (can’t make it open source though because I do want to profit from it; it’s a complicated pack with over 1000 lines of code already just for the cross-doc sync table functionality)
As a person who takes security very seriously, I can’t think of any method that won’t involve cross-doc in this or another way. One idea worth exploring is having not one doc per student but one doc for all students, but it’s separate from your private doc, and there is a cross-doc of all student data flowing into that doc with each student’s data encrypted with a different key. Then students would open that doc in play mode, enter their key, and have their part of the data decrypted but not the other students’ data. Play mode will ensure that the key they enter will not be stored to the doc snapshot and won’t leak to other students.