My School Day
Theme:
Always use a light theme for the portal.
On supported browsers, automatically switch between light and dark themes depending on system settings.
Always use a dark theme for the portal.
My School Day


My School Day Privacy Policy

Revised 2023-08-01

This privacy policy governs the “My School Day” mobile school/agenda app and associated services developed by Honeygarlic Software Ltd. (“HGS”). This app is used by students, parents and school staff to manage schedules, store notes, and as a communication tool to inform students and parents. School staff will also have access to a web-based service to create notifications and manage information.

1. Student Provided Information (mobile app)

Information entered into the app by the user (including student name, classes, timetable, photos, notes and assignments, and other personal information) are stored on the device only and not on any supporting app servers, except as noted below:

a. Each copy of the app registers a unique but anonymous identifier with the push notification service, along with a list of the subscribed channels associated with that user. This identifier does not identify the device serial number, phone number or provide any other personal information. Minimal analytic information associated with this identifier is collected (see section 5. Automatically Collected Information).

b. Information provided to third party tools is not covered by this policy, see section 6a. Third Party Integration

c. If a student or other user of the mobile app has chosen to enable an online backup solution (such as iCloud backups), information within the app may be stored on that service. Such online backup copies would be governed by the privacy policies of the relevant service as they are outside HGS's control.

2. School Provided Information

Information provided by the school or board staff may be stored on the supporting app servers. This information includes but is not limited to:

  • school contact, calendar and event information, typically matching that publicly available on the school website
  • a record of push notifications sent out to the app
  • a record of news bulletins sent out to the app; and
  • login information and a list of permitted functions an authorized school staff member has access to.

This information is provided by the school staff at their discretion, and as it is outside the control of HGS, no responsibility or liability for the content thereof is assumed or implied. Login credentials are encrypted, and associated email addresses and other information are available only to authorized school staff and HGS support staff.

3. App Servers

As of July 2020, the primary app servers are hosted at a SSAE16 SOC-1/SOC-2 and ISO/IEC 27001:2013 compliant facility in Toronto, Ontario. Secondary app servers that may be used in the event of unavailability of the primary data centre will be located at SOC-2/ISO 27002 compliant facility in Vancouver, British Columbia.

All connections to the servers are done via HTTPS encrypted connections. School staff logins to the web console are password protected with optional TOTP-based 2 factor authentication and granular access controls are enforced to limit access to data and functionality only as authorized. Administrative access to the app servers requires passwords and/or ssh keys available only to HGS staff. All computers operated by HGS with administrative access to the app servers use whole-system encryption, and encrypt all backups.

4. Availability of School Provided Information

The mobile app does not require any form of registration or authorization to download and use, with the exception of subscribing to notification channels marked as private – which require either a per-channel or per-user access code (at the discretion of the school) for access.

Accordingly, all information provided by the school for distribution through the app, including contact, calendar, and event information, as well as news bulletin content and push notification content, should be considered publicly available.

5. Automatically Collected Information

5a. Mobile App

In addition to the unique but anonymous identifier required for push notifications, and the associated subscription list, the mobile app automatically collects the following information:

  • Date/time of first time the app was used
  • Date/time of most recent session the app was used
  • Device model
  • Operating system version
  • App version
  • Language setting for the device

This information is associated only with the anonymous identifier and is not tied to personally identifying information such as name, email or phone number. The language setting may be used for delivery of notifications in the appropriate language, otherwise these items are used solely for planning of future features and aggregate measurement of app usage and engagement.

The app does not automatically collect any other information about the device or user, including other installed apps, app or device settings or status, phone number, IP address, or location.

5b. School Staff Usage of App Portal Website

In the course of usage of the app portal website by authorized school staff to send notifications, make calendar changes, and post other information, an audit trail of user actions is maintained including the user id of the person making the change/ post, the data and time, and the nature of the change/post.

6. Third Party Access to Information

  • Push notifications sent to the mobile app are transmitted through each platform’s push notification service and may be stored there temporarily, subject to their privacy policies.
  • Backups and snapshots of the supporting app server are available to the hosting provider. This access is in order for them to provide required services and support, access being governed by their privacy policies. These backups and snapshots will contain the publicly available School Provided Information, Automatically Collected Information from section 5b, and aggregated summaries of the Automatically Collected Information from section 5a.
  • An individual mobile app user may have an online backup service (such as iCloud backup) enabled for their device at their discretion, which may cause their personally entered information to be stored somewhere other than their device. This is beyond the control of HGS, and is governed by the privacy policies of the backup service being used.

6a. Third Party Integration

The school may at their discretion enable access to third party services such as Google Classroom or SchoolCash from within the app or by providing links which will open in the device’s web browser. These services may include or use student information stored according to their policies, which are beyond the control of HGS.

If a website is presented within the app a corresponding warning is displayed prior to allowing the student to access the third party service, and will subsequently clearly indicate functionality provided by the service. No student provided information in the core portions of the app will be made available to the third party service without an additional warning and explicit permission of the user.

Student provided information entered directly into the third party web service’s interface will be governed by their policies.

7. Device Security

It is the user’s responsibility to ensure the security of their device and any information stored thereon in the event the device is lost or stolen. This is typically addressed through the use of passcodes, device encryption, fingerprint scans, or other biometric methods as made available by the device manufacturer or operating system provider.

As these measures, their manner of use, and the physical security of a device, are all outside the control of HGS, no responsibility for the security thereof is assumed or implied.

8. Disclosure

Student Provided Information on the device is not available in any fashion to HGS and therefore cannot be disclosed by us. We may disclose School Provided and Automatically Collected Information:

  • as required by law, such as to comply with a subpoena, court order or other legal process;
  • when we believe in good faith that disclosure is necessary to protect our rights, protect user safety or the safety of others, investigate fraud, or respond to a government request; or
  • to trusted service providers who work on our behalf and have agreed to adhere to the rules set forth in this privacy policy.

If HGS is involved in a merger, acquisition, or sale of all or a portion of its assets, all customer schools will be notified via email and/or notice posted to our website. No information under our control will be transferred as part of any such merger, acquisition, or sale without authorization.

9. Data Retention Policy

We will retain School Provided Information (including calendar information, sent bulletins and push notifications) for as long as the school uses the app and for a reasonable time thereafter. We will retain Automatically Collected information for up to 12 months and thereafter may store it in aggregate. If you’d like us to delete School Provided Information or Automatically Collected Information immediately please contact us at privacy@myschoolday.app. Please note that some or all of the information may be required in order for the app to function properly or may need to be retained to meet legal requirements.

10. General Security

We are committed to safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. We limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our app. Every reasonable effort will be made to secure information we process and maintain, however due to the rapid and constant evolution of the security landscape, perfect security is not guaranteed.

11. Changes

This privacy policy may be updated from time to time for any reason. We will notify you of any such changes by posting an updated copy of this policy at https://myschoolday.app/privacy and by emailing anyone who requests updates via email at privacy@myschoolday.app. You are advised to consult this privacy policy regularly for any changes, as continued use of the app is deemed approval of all such changes.

12. Consent

By using the app and supporting services, you are consenting to our processing of your information as set forth in this privacy policy, now and as hereafter amended by us. "Processing” means using or touching information in any way, including, but not limited to, collecting, storing, transmitting, deleting, using, combining and disclosing information.

13. Contact us

If you have any questions regarding our privacy policy or practices, please contact us via email at privacy@myschoolday.app.