Sign in

Privacy policy

Last updated: 30 June 2026

Who we are

Schoolee is a UK-based service and acts as the data controller for the purposes of the UK GDPR and Data Protection Act 2018. Contact: privacy@schoolee.app.

What this policy covers

Schoolee turns school PDF emails into calendar events for parents. This policy explains what personal data we process, why, how long we keep it, who we share it with, and your rights.

What data we collect

How we use each Google scope

When you sign in with Google, we request these OAuth scopes. Each is limited to exactly what's described:

We do not request access to Gmail, Drive, Contacts, Photos, or any other Google service.

Google API Services User Data Policy — Limited Use

Schoolee's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not:

How we use your data

Children's data

Schoolee is designed for parents, not children. We comply with the UK Age Appropriate Design Code (AADC) and UK GDPR Article 8 protections.

Our extraction is explicitly instructed to exclude children's names, class lists, or any personally identifiable information about individual children from the events we store. We classify event locations (e.g. trip destinations) as "restricted" by default; admins must explicitly approve parents before those locations are revealed, so the whereabouts of children are not exposed to anyone who happens to obtain a Schoolee account at a school.

Where your data lives

Schoolee runs on Cloudflare's edge platform. Account data and event data are stored on Cloudflare's platform in European data centres (Cloudflare's EU region). OAuth tokens are encrypted before storage.

Third-party processors

We share only the minimum data needed with the following service providers:

We do not sell or share personal data with advertisers, data brokers, or any party not listed above.

How long we keep data

Temporary beta exception

During Schoolee's closed beta only, we temporarily keep a complete copy of the school emails you forward (including the original body and attachments) so we can improve how accurately we recognise which school an email is from and extract the right dates. This is used solely to test and tighten our matching — never for advertising or shared with third parties.

These raw copies are automatically deleted within 60 days, and the entire store is permanently deleted at the end of the beta period. After beta, Schoolee returns to not retaining the original email body or attachments after extraction.

Your rights (UK GDPR)

You have the right to:

Requests: email privacy@schoolee.app. We respond within 30 days.

Cookies

Schoolee's cookies are all strictly necessary and used for no purpose other than authenticating the current session. We never set them for analytics, advertising, or tracking.

Security

Your data is encrypted in transit and at rest. Sessions use signed tokens, and we require CSRF protection on every state-changing request. Access to school data is role-checked on each request. We run regular internal security reviews and remediate issues we find.

Open data attribution

Our UK school directory is built from open government data. School information for England is © Crown copyright and database right, Department for Education (Get Information about Schools). Scottish school data is © Crown copyright, National Records of Scotland (statistics.gov.scot). Welsh school data is © Crown copyright, Welsh Government (StatsWales). All used under the Open Government Licence v3.0.

Complaints

If you believe we've mishandled your data, please contact us first. If you're not satisfied, you can complain to the UK Information Commissioner's Office (ico.org.uk).

Changes to this policy

We'll update this page when our data practices change and update the "Last updated" date. Material changes will also be announced via email to your registered address.