Privacy & data-processing notice
Last reviewed 20 June 2026.
This notice explains how Skhoolar processes personal data when your school uses our products (The School Inbox, The School Pulse, SpeakAlert and HonorMinds). It is provided under Articles 13 and 14 of the UK and EU GDPR. Your school is the data controller and decides why and how personal data is used; Skhoolar is a data processor acting on your school’s instructions under a data-processing agreement.
What we process, and why
We process only what each product needs, on the lawful basis your school (the controller) determines — typically the school’s legitimate interests, a legal obligation, the performance of its agreement with families, or, where required, consent:
- The School Inbox — parent/guardian contact details and messages, to run school↔home communication.
- The School Pulse — climate-survey responses collected and stored as anonymous aggregates (small cohorts are suppressed); free-text comments may be analysed to detect wellbeing concerns and group themes.
- SpeakAlert — safeguarding reports (anonymous by default; a reporter may choose to be named). Processed to protect children — a legal obligation / vital-interests / public-task basis. This is special-category data, handled with extra safeguards.
- HonorMinds — academic-integrity evidence for students aged 13+, including a record of the drafting process and optional voice viva. A teacher always makes the final decision; AI is never an automated verdict.
- Authentication — staff, student and parent sign-in details to secure access.
Automated processing & AI
Some features use automated systems and third-party AI providers (see the sub-processor list). Pulse free-text comments may be screened for wellbeing concerns and clustered into themes; HonorMinds work may be analysed to support an integrity review and a viva recording may be transcribed. No AI output is an automated decision — a member of school staff always reviews and decides. For schools in the EU/EEA, high-risk AI features are switched off until the required compliance review is complete.
Sub-processors
Skhoolar engages the following sub-processors, each under its own data-processing agreement and only to the extent its function requires. Your school is notified of material changes before a new sub-processor begins processing its data.
| Sub-processor | Function | Primary region |
|---|---|---|
| Vercel | Application hosting / serverless functions | Singapore (sin1) |
| Neon | Managed PostgreSQL (primary datastore, RLS-isolated per school) | Singapore (ap-southeast-1) |
| Cloudflare | R2 object storage; inbound email routing; DNS | R2 region-pinned; edge global |
| DigitalOcean | Self-hosted ClamAV attachment scanning | Singapore (sgp1) |
| Clerk | Staff + student authentication (OAuth, MFA, sessions) | US (control plane) |
| Anthropic | AI — HonorMinds integrity analysis, Pulse classification | US |
| OpenAI | AI failover provider | US |
| Deepgram | Speech-to-text (HonorMinds viva transcription) | US |
| Resend | Transactional email delivery | US/EU |
| Pusher | Realtime nudges (content-free — type + timestamp only) | Asia-Pacific (ap1) |
| Google Firebase Cloud Messaging | Web/mobile push delivery | Global (Google) |
| Upstash | Rate-limiting (ephemeral counters) | Region-configurable |
| Sentry | Error monitoring (PII scrubbed; Session Replay off) | US |
| uptime.com | External uptime monitoring (no school data) | Global probes |
Data-minimisation: realtime nudges carry no message content; AI usage logs are metadata only (never prompt, response, audio or transcript text); attachment scanning streams bytes for a verdict only and retains nothing; error monitoring runs with PII collection disabled.
International transfers
Skhoolar’s primary data region is Singapore. Some sub-processors (for example Clerk, Anthropic, OpenAI, Deepgram and Sentry) process data in the United States. Where personal data is transferred outside the UK/EEA, it is covered by appropriate safeguards (such as Standard Contractual Clauses / the UK International Data Transfer Addendum) in the relevant sub-processor agreement. Your school may request details of the safeguards in place.
How long we keep data
| Data | Retention |
|---|---|
| HonorMinds process evidence (submissions, vivas, integrity reports, audio) | 7 years, then purged |
| AI call log (metadata only — never prompt/response content) | 3 years, then purged |
| Pulse benchmark contributions | 3 years, then aged out |
| SpeakAlert safeguarding records | Preserved (not auto-deleted); removal only by court-ordered legal deletion |
| Audit log (hash-chained, tamper-evident) | Retained with monthly signed checkpoints |
| Inbox messages / attachments | School-controlled; trash → restore window before hard delete |
Your rights
You have the right to access, rectify, erase, restrict or object to the processing of your personal data, and to data portability, subject to the safeguards that apply (for example, safeguarding records are preserved by law). Because your school is the controller, please direct any request to your school’s data-protection lead in the first instance; Skhoolar assists the school in fulfilling it. You can also contact us at privacy@skhoolar.com, and you have the right to complain to your local data-protection authority.
Security
Each school’s data is isolated at the database level (row-level security). SpeakAlert reports are encrypted (AES-256-GCM); the audit log is hash-chained and tamper-evident; all traffic is served over TLS. Access to safeguarding records is least-privilege and every view is audited.