Last updated: April 2026

Privacy Policy

Information We Collect

We collect information you provide directly to us when you use netschool. This includes:

• User Account Information: Full name, email address, username, birthdate, profile picture, language preference
• Authentication Data: Password hash (bcrypt, 12 rounds), email verification status, JWT session tokens
• Academic Records: Grades, attendance records, assignments, assessments, report cards, points and behavior tracking
• School Data: Class assignments, course enrollments, subject registrations, timetable schedules, school memberships
• Communication Data: Messages, posts, comments, inbox communications, notification preferences
• Media Files: Uploaded documents, images, profile pictures, and other file attachments
• Guardian Relationships: Guardian-child assignments (for guardians and students)

How We Use Your Information

We use the information we collect to provide and operate the school management platform, including:

• Managing user accounts and authentication (password hashing, JWT tokens, email-based login codes)
• Processing and storing academic records (grades, attendance, assignments, report cards)
• Facilitating communication between users (chat, posts, inbox, notifications)
• Managing school operations (classrooms, courses, subjects, timetables)
• Enforcing role-based access control (superadmin, admin, teacher, guardian, student)
• Generating certificates and academic documents
• Tracking points and behavior records
• Providing technical support and account management
• Sending notifications via email, FCM (Firebase Cloud Messaging), and web push

Data Security

We implement technical and organizational measures to protect your personal information:

• Password Security: Bcrypt hashing with 12 rounds for all passwords
• Authentication: JWT token-based session management with secure expiration
• Encryption: TLS 1.3 for data in transit; encryption at rest for stored data
• Media Files: Content hashing for file integrity and deduplication
• Access Control: Role-based permissions (superadmin, admin, teacher, guardian, student)
• Impersonation: Admin impersonation capability for support (logged and audited)

Role-Based Data Access

Access to information is controlled by user roles:

• Superadmin: Full system access across all schools
• Admin: Full access within their assigned school, including impersonation of other users
• Teacher: Access to assigned classes, student grades, attendance, and related data
• Guardian: Access to their assigned children's academic information and communications
• Student: Access to their own academic records, grades, and assigned resources

Data Sharing and Disclosure

We may share your information in the following circumstances:

• Within Your School: Teachers, guardians, and admins may access relevant information based on their role
• Service Providers: Third-party services for hosting (Fly.io), database (PostgreSQL), caching (Redis), notifications (Firebase, Resend), and file storage (R2)
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets

Data Retention

We retain your personal information for as long as necessary to:

• Provide the Service and maintain your account
• Fulfill the purposes outlined in this policy
• Comply with legal obligations (including educational record retention requirements)
• Resolve disputes and enforce our agreements

Academic records may be retained for longer periods to comply with educational regulations and institutional requirements.

Your Rights

Depending on your location and role, you may have rights regarding your personal information:

• Access: View your personal information through your profile and account settings
• Correction: Update your profile information, language preference, and profile picture
• Deletion: Request account deletion (subject to school policies and legal requirements)
• Data Portability: Export your data where technically feasible
• Objection: Object to certain processing activities where applicable by law

Children's Privacy

netschool is designed for educational use and may collect information from students under 13 with appropriate parental/guardian consent. Guardians control access to their children's information and are responsible for managing privacy settings for minor students.

Notifications

We send notifications to keep you informed about:

• Academic updates (grades, assignments, attendance)
• School announcements and posts
• Messages and communications
• Account security alerts

Notifications are delivered via email, in-app notifications, push notifications (FCM for mobile, web push for browsers), and may be managed through your notification preferences.

International Data Transfers

Your information may be stored and processed on servers located outside your country. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place to protect your information.

Changes to This Policy

We may update this privacy policy from time to time. We will notify users of significant changes by posting the new privacy policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy, our data practices, or to exercise your rights, please contact us at:

privacy@netschool.io