skeddiskeddiSign in

Legal

Privacy Policy

Effective date: April 24, 2026

This Privacy Policy explains how skeddi ("we," "us," or "our") collects, uses, stores, and shares information when you use the skeddi web application, iOS application, and related services (collectively, the "Service"). By accessing or using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect the following information through Google Sign-In for your school account:

  • Email address
  • Display name
  • Profile photo URL (if provided by your identity provider)
  • Account role (teacher, student, or administrator)
  • School affiliation

1.2 Service Usage Data

As you use skeddi, we collect information that you provide directly:

  • Help slots you create (including date, time, location, subject, and notes)
  • Slot sign-ups and attendance records
  • Teacher follow preferences
  • Notification preferences and read/unread status

1.3 Google Calendar Data

If you choose to connect your Google Calendar, we access your calendar to check for scheduling conflicts (busy/free times). We read calendar event times only and do not store the content of your calendar events. You can disconnect your Google Calendar at any time from the Settings page.

1.4 Device Information

If you enable push notifications, we collect a device push token from Apple Push Notification service (APNs) or Google Firebase Cloud Messaging (FCM). This token is used solely to deliver notifications you have opted into.

1.5 Automatically Collected Information

Our hosting infrastructure automatically receives standard technical information when you access the Service, including your IP address, browser type, operating system, referring URL, and access timestamps. This information is processed by our hosting providers (described in Section 4) as part of normal web operations. We do not use third-party analytics or tracking tools.

2. How We Use Your Information

We use your information for the following purposes:

  • To authenticate you and maintain your account
  • To display help slots to students and associate them with teachers
  • To show students which teachers are available and when
  • To send notifications you have opted into (such as new slot postings from teachers you follow)
  • To synchronize scheduling data with your Google Calendar, if connected
  • To process account deletion requests
  • To maintain the security and integrity of the Service
  • To comply with legal obligations

We do not sell, rent, or trade your personal information to third parties. We do not use your data for advertising. We do not build user profiles for marketing purposes.

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Service you have signed up for, including account management and core scheduling features.
  • Consent: Processing that requires your opt-in, such as push notifications and Google Calendar integration. You may withdraw consent at any time.
  • Legitimate interest: Processing necessary for security monitoring, fraud prevention, and service improvement, balanced against your privacy rights.
  • Legal obligation: Processing required to comply with applicable laws.

4. Service Providers and Data Sharing

We share your information with the following categories of service providers, strictly as needed to operate the Service:

4.1 Infrastructure Providers

  • Supabase (database hosting): Stores user accounts, profiles, help slots, sign-ups, notifications, and all application data in a hosted PostgreSQL database. Data is encrypted at rest and in transit.
  • Vercel (web hosting): Hosts and serves the web application. Receives standard HTTP request data (IP address, headers) as part of normal web serving operations.

4.2 Authentication Providers

  • Google(OAuth): If you sign in with Google, your authentication is handled through Google's OAuth 2.0 protocol. We receive your email address, display name, and profile photo URL. We do not receive or store your Google password.

4.3 Notification Providers

  • Apple Push Notification service (APNs) and Google Firebase Cloud Messaging (FCM): Device tokens are shared with these services solely to deliver push notifications. These providers do not have access to notification content beyond what is included in the push payload.

We do not share your personal information with any other third parties. We do not use advertising networks, data brokers, or social media tracking pixels.

5. Cookies and Local Storage

skeddi uses secure, HTTP-only cookies for authentication session management. These cookies are essential for the Service to function and cannot be disabled while using skeddi. We do not use advertising cookies, tracking cookies, or any non-essential cookies.

We may use browser local storage to save user interface preferences (such as theme selection). This data stays on your device and is not transmitted to our servers.

6. Data Retention

We retain your account information and associated data for as long as your account is active. If you delete your account (see Section 7), we permanently delete the following data:

  • Your profile (name, email, role, school affiliation)
  • Help slots you created
  • Your slot sign-ups
  • Your teacher follow preferences
  • Your notifications
  • Your device push tokens
  • Your Google Calendar integration credentials
  • Your authentication account

Deletion is performed immediately upon request. Backup copies held by our infrastructure providers may persist for up to 30 days before being automatically purged according to their retention policies.

7. Your Rights and Controls

You have the following rights regarding your personal information:

7.1 Access and Portability

You may request a copy of all personal data we hold about you. Contact us at the email address listed in Section 12 to submit a data access request. We will respond within 30 days.

7.2 Correction

You can update your display name and profile information through the Settings page. For corrections to other data, contact us at the email address below.

7.3 Deletion

You may delete your account at any time through the Settings page or by contacting us. Account deletion is permanent and removes all data described in Section 6. This action cannot be undone.

7.4 Withdraw Consent

You can disable push notifications at any time by revoking notification permissions on your device or through your device settings. You can disconnect Google Calendar integration from the Settings page.

7.5 Sign Out

You can sign out of the Service at any time from the Settings page or the sidebar navigation. Signing out clears your authentication session.

8. Data Security

We implement the following security measures to protect your information:

  • All data in transit is encrypted using TLS (HTTPS)
  • Database data is encrypted at rest
  • Authentication tokens are stored in secure, HTTP-only cookies that are inaccessible to client-side JavaScript
  • Google OAuth tokens for Calendar integration are stored encrypted in the database
  • Account deletion cascades through all related data tables to ensure complete removal
  • Administrative access requires separate authentication

While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

9. Children's Privacy

skeddi is designed for use in schools by students, teachers, and administrators. We recognize that some users may be under the age of 18.

Children under the age of 13 may only use skeddi if their school has authorized the use of the Service and has obtained any required parental consent in accordance with the Children's Online Privacy Protection Act (COPPA) and applicable state laws. We rely on schools to provide appropriate notice and obtain consent from parents or guardians before allowing children under 13 to use the Service.

We do not knowingly collect personal information from children under 13 without school authorization. If you believe a child under 13 has provided us with personal information without proper authorization, please contact us immediately and we will take steps to delete that information.

For users between 13 and 18, schools may choose to authorize use of the Service without additional parental consent, consistent with applicable law.

10. International Data Transfers

Our service providers (Supabase, Vercel, Google) may process data in the United States and other countries. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective date" at the top of this page. If we make material changes that significantly affect how we handle your personal information, we will notify you through the Service before the changes take effect.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should stop using the Service and delete your account.

12. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how your information is handled, please contact us at:

chrakeoverwatch@gmail.com

We will respond to all privacy-related inquiries within 30 days.