SchoolerOS logo mark

SchoolerOS

The Operating System for Modern Schools.
Enterprise Site

LEGAL DOCUMENT

Data Processing Notice

This notice explains how SchoolerOS handles school data as a service provider, including role definitions, processing scope, legal basis, and security commitments for educational institutions.

Effective Date February 23, 2026
Processing Role School: Controller • SchoolerOS: Processor
DPO Contact dpo@schooleros.com

1. Roles & Responsibilities

In most deployments, the school acts as the data controller and determines the purpose of processing. SchoolerOS acts as a data processor, operating strictly under documented school instructions and contractual obligations.

2. Processing Scope

SchoolerOS processes personal data only to provide contracted services, including:

  • Admissions setup, staff role provisioning, and class mapping.
  • Student and staff profile records, including photo capture workflows.
  • Attendance and gate security operations with timestamped logs.
  • Parent-school communication channels and complaint workflows.
  • Learning workflows including assignments, CBT, and result analytics.

3. Lawful Basis

Processing is based on the school's lawful grounds (for example, educational administration, duty-of-care obligations, and contractual service delivery). SchoolerOS supports schools with features and records that help demonstrate accountability.

4. Child and Sensitive Data

Because school systems involve minors, SchoolerOS applies stricter controls around identity records and operational access. Parent and child-related data is restricted by role and exposed only where necessary for educational and safety workflows.

5. Subprocessors

We engage vetted subprocessors for infrastructure, content delivery, and notification channels. Subprocessors are selected based on security posture, reliability, and contractual privacy obligations.

  • Infrastructure hosting and secure storage providers.
  • Monitoring and reliability tooling providers.
  • Transactional communication providers (email/SMS/push delivery).

6. International Transfers

Where data processing involves cross-border services, SchoolerOS applies contractual safeguards and transfer controls consistent with applicable data protection requirements.

7. Retention and Deletion

Data retention follows school policy and applicable law. Upon contract termination or school request, SchoolerOS supports export, transition, and secure deletion of data within defined timelines, subject to legal retention obligations.

Operational note

Schools should keep internal retention schedules for attendance records, discipline logs, and academic results to align system settings with local policy.

8. Incident Response

SchoolerOS maintains incident management procedures to investigate, contain, and remediate security events. Where legally required, affected schools are notified within the relevant disclosure timeframe.

9. Audits and Compliance Support

We provide compliance support information required for school governance and regulator engagement, including data handling documentation, role controls, and platform audit evidence where available.

10. Contact Information

For data processing and compliance questions:

  • Data Protection: dpo@schooleros.com
  • Security Team: security@schooleros.com
  • General Support: hello@schooleros.com