Our promise in plain English: We read your school emails to extract event details, then immediately delete them. We never store email content, never sell your data, and never use it for advertising. You can delete your account and all your data at any time.
SchoolSphere is operated by SchoolSphere Ltd, a company registered in England and Wales. We are the data controller of your personal data under UK GDPR and the Data Protection Act 2018.
Questions? Email privacy@schoolsphere.app
You also have the right to contact the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.
When you sign in via Google OAuth, we store your name, email address, unique user ID, and account creation date. We do not store your password.
When you add a child, we store their first name or nickname, year group, avatar emoji, and colour. We do not collect children's dates of birth, addresses, photographs, or government identifiers. Children cannot create accounts or access the app directly.
We store events you add manually or import via text, email, PDF extraction, or school letter scanning — including titles, dates, requirements, and the child they are associated with.
If you connect Gmail, we access your inbox with read-only scope to extract school events. We do not store the full text of your emails. Raw email content is processed in memory and discarded immediately after extraction. Only extracted event data is saved.
PDFs and photos you upload are temporarily stored, processed by AI to extract event information, and then permanently deleted immediately after extraction. We do not retain uploaded documents.
Text you paste (email text, WhatsApp messages) is sent to our AI for extraction and is not stored beyond the extraction process.
If you subscribe, payment is processed by Stripe. We do not store your card details. We receive from Stripe: your customer ID, subscription status, plan type, and billing dates.
If you enable push notifications, we store a device push token to deliver reminders to your device.
We collect standard server logs (IP addresses, request timestamps, error reports) for security monitoring only. Retained for 90 days maximum.
We use your data only to provide the SchoolSphere service. Specifically: to run your account and calendar (lawful basis: contract); to process Gmail and uploaded documents with your consent (lawful basis: consent — revocable at any time in Settings); to process subscription payments (lawful basis: contract); and for security monitoring (lawful basis: legitimate interests).
We do not use your data for advertising, profiling, or any purpose not listed here.
SchoolSphere is for parents and carers aged 18 and over. Children do not have accounts. We apply the following protections in line with the ICO's Children's Code:
Children's data is stored only as entered by the parent or carer. Children cannot access or modify their own records. We do not use children's information for advertising or profiling. Household members only see children's data for children the account holder has explicitly shared. When an account is deleted, all children's data is permanently deleted. We collect only the minimum information necessary (first name and year group).
We do not sell your data. We share data only with trusted service providers acting as data processors: our platform host (app hosting and database); Stripe (payment processing); Google (Gmail API — read-only, with your consent); our AI provider (event extraction — text content only, no names or account identifiers); and Amazon Web Services (temporary file storage — files deleted immediately after processing).
Where data is transferred outside the UK, we ensure Standard Contractual Clauses (SCCs) are in place as required by the ICO.
Account and profile data: until you delete your account. Events and calendar entries: until you delete them or your account. Uploaded files: deleted immediately after AI processing. Gmail OAuth token: until you disconnect Gmail. Push tokens: until you revoke permission. Stripe billing data: 7 years (UK financial regulations). Server logs: 90 days. Consent records: 7 years.
You have the right to access a copy of your data (use "Download My Data" in Settings); rectify inaccurate data; erase your account and all data (Settings → Delete Account); data portability (export as JSON via Settings); restrict processing in certain circumstances; object to processing based on legitimate interests; and withdraw consent at any time for Gmail sync, push notifications, and email digest.
To exercise any right, email privacy@schoolsphere.app. We will respond within 30 days.
You also have the right to complain to the ICO at ico.org.uk/make-a-complaint.
All data is transmitted over HTTPS (TLS 1.2+). Session cookies are httpOnly and secure. OAuth tokens are stored encrypted at rest. Uploaded files use randomised storage keys and are deleted immediately after processing. We do not store passwords.
In the event of a data breach likely to risk your rights, we will notify you and the ICO within 72 hours as required by UK GDPR.
Term dates retrieved from school websites are provided for convenience only and may not be accurate. Always verify important dates directly with your school. We are not affiliated with any school.
SchoolSphere uses a single session cookie to keep you logged in. This cookie is strictly necessary for the app to function and does not track you across other websites. We do not use advertising cookies, analytics cookies, or third-party tracking.
If we make material changes, we will notify you within the app and ask you to review and accept the updated policy before continuing to use SchoolSphere.