Skhoolar · Legal

Privacy & data-processing notice

Last reviewed 20 June 2026.

This notice explains how Skhoolar processes personal data when your school uses our products (The School Inbox, The School Pulse, SpeakAlert and HonorMinds). It is provided under Articles 13 and 14 of the UK and EU GDPR. Your school is the data controller and decides why and how personal data is used; Skhoolar is a data processor acting on your school’s instructions under a data-processing agreement.

What we process, and why

We process only what each product needs, on the lawful basis your school (the controller) determines — typically the school’s legitimate interests, a legal obligation, the performance of its agreement with families, or, where required, consent:

  • The School Inbox — parent/guardian contact details and messages, to run school↔home communication.
  • The School Pulse — climate-survey responses collected and stored as anonymous aggregates (small cohorts are suppressed); free-text comments may be analysed to detect wellbeing concerns and group themes.
  • SpeakAlert — safeguarding reports (anonymous by default; a reporter may choose to be named). Processed to protect children — a legal obligation / vital-interests / public-task basis. This is special-category data, handled with extra safeguards.
  • HonorMinds — academic-integrity evidence for students aged 13+, including a record of the drafting process and optional voice viva. A teacher always makes the final decision; AI is never an automated verdict.
  • Authentication — staff, student and parent sign-in details to secure access.

Automated processing & AI

Some features use automated systems and third-party AI providers (see the sub-processor list). Pulse free-text comments may be screened for wellbeing concerns and clustered into themes; HonorMinds work may be analysed to support an integrity review and a viva recording may be transcribed. No AI output is an automated decision — a member of school staff always reviews and decides. For schools in the EU/EEA, high-risk AI features are switched off until the required compliance review is complete.

Sub-processors

Skhoolar engages the following sub-processors, each under its own data-processing agreement and only to the extent its function requires. Your school is notified of material changes before a new sub-processor begins processing its data.

Sub-processorFunctionPrimary region
VercelApplication hosting / serverless functionsSingapore (sin1)
NeonManaged PostgreSQL (primary datastore, RLS-isolated per school)Singapore (ap-southeast-1)
CloudflareR2 object storage; inbound email routing; DNSR2 region-pinned; edge global
DigitalOceanSelf-hosted ClamAV attachment scanningSingapore (sgp1)
ClerkStaff + student authentication (OAuth, MFA, sessions)US (control plane)
AnthropicAI — HonorMinds integrity analysis, Pulse classificationUS
OpenAIAI failover providerUS
DeepgramSpeech-to-text (HonorMinds viva transcription)US
ResendTransactional email deliveryUS/EU
PusherRealtime nudges (content-free — type + timestamp only)Asia-Pacific (ap1)
Google Firebase Cloud MessagingWeb/mobile push deliveryGlobal (Google)
UpstashRate-limiting (ephemeral counters)Region-configurable
SentryError monitoring (PII scrubbed; Session Replay off)US
uptime.comExternal uptime monitoring (no school data)Global probes

Data-minimisation: realtime nudges carry no message content; AI usage logs are metadata only (never prompt, response, audio or transcript text); attachment scanning streams bytes for a verdict only and retains nothing; error monitoring runs with PII collection disabled.

International transfers

Skhoolar’s primary data region is Singapore. Some sub-processors (for example Clerk, Anthropic, OpenAI, Deepgram and Sentry) process data in the United States. Where personal data is transferred outside the UK/EEA, it is covered by appropriate safeguards (such as Standard Contractual Clauses / the UK International Data Transfer Addendum) in the relevant sub-processor agreement. Your school may request details of the safeguards in place.

How long we keep data

DataRetention
HonorMinds process evidence (submissions, vivas, integrity reports, audio)7 years, then purged
AI call log (metadata only — never prompt/response content)3 years, then purged
Pulse benchmark contributions3 years, then aged out
SpeakAlert safeguarding recordsPreserved (not auto-deleted); removal only by court-ordered legal deletion
Audit log (hash-chained, tamper-evident)Retained with monthly signed checkpoints
Inbox messages / attachmentsSchool-controlled; trash → restore window before hard delete

Your rights

You have the right to access, rectify, erase, restrict or object to the processing of your personal data, and to data portability, subject to the safeguards that apply (for example, safeguarding records are preserved by law). Because your school is the controller, please direct any request to your school’s data-protection lead in the first instance; Skhoolar assists the school in fulfilling it. You can also contact us at privacy@skhoolar.com, and you have the right to complain to your local data-protection authority.

Security

Each school’s data is isolated at the database level (row-level security). SpeakAlert reports are encrypted (AES-256-GCM); the audit log is hash-chained and tamper-evident; all traffic is served over TLS. Access to safeguarding records is least-privilege and every view is audited.

← Back