Privacy Policy

Last updated: May 28, 2026

1. Data We Collect

When you use ParentSync, we collect the following information:

  • School information: School name, address, country, state, contact details.
  • User information: Names, email addresses, mobile numbers of school staff and parents.
  • Student information: Student names, class/section assignments, parent-student relationships.
  • Communication data: Messages sent between school staff and parents, read receipts, timestamps.
  • Usage data (web portal): Login activity, feature usage, and browser/device information via cookies. The mobile app does not include third-party analytics or tracking SDKs.
  • Device data (mobile app): Device identifier, push notification token, platform (iOS/Android), app version. Used solely for delivering push notifications.
  • Authentication data: Mobile phone number, one-time passwords (OTP), hashed PIN. PINs are stored as bcrypt hashes — we never store your raw PIN.

2. How We Use Your Data

Your data is used solely for providing the ParentSync service:

  • Enabling communication between school staff and parents.
  • Managing school structure, students, and staff accounts.
  • Providing dashboards, analytics, and read receipt tracking.
  • Sending transactional emails (invitations, password resets, notifications).
  • Improving the platform through anonymous, aggregated usage analytics.

We do not sell your data to third parties. Ever.

We do not track you across other apps or websites. ParentSync does not use third-party advertising trackers, cross-app identifiers, or behavioral profiling services.

3. Data Storage & Security

  • Data is hosted on secure cloud infrastructure with encryption in transit (TLS) and at rest.
  • Each school's data is isolated in a multi-tenant architecture. No cross-school data access is possible.
  • Access to production systems is restricted to authorized personnel with audit logging.

4. Data Retention

Data is retained while the school's account is active. Different categories of data are retained as follows:

  • Account & profile data: Retained for a grace period of typically 30 days after account closure, then permanently deleted.
  • Messages & communication data: Retained for up to 2 years after a school's subscription ends, then permanently deleted.
  • Audit logs: Retained as required by applicable law for security and compliance purposes.

Schools and users may request earlier data export or deletion by contacting privacy@parentsync.net or by using the "Delete My Account" option in the mobile app.

5. Children's Data (COPPA / FERPA)

ParentSync is designed for use by schools, school staff, and parents. We do not knowingly collect personal information directly from children under 13.

  • Schools are the data controllers for student information; ParentSync acts as the data processor on the school's behalf.
  • Student information collected is limited to names, class/section assignments, and parent-child relationships — only as provided by authorized school staff.
  • Students do not have direct accounts on ParentSync. Their information is managed exclusively by authorized school staff.
  • FERPA: For US schools, schools act as authorized agents under the Family Educational Rights and Privacy Act (FERPA).
  • COPPA: No child data is ever used for advertising, marketing, or behavioral profiling.
  • We comply with applicable child data protection laws in each country where ParentSync operates.

6. Cookies

We use minimal cookies for session management and analytics on the web portal. A cookie consent banner is displayed for applicable regions. You can control cookies through your browser settings. The mobile app does not use cookies.

7. Third-Party Services

We use the following third-party services to operate ParentSync. Data shared with each is limited to what is necessary for the service to function:

  • Cloud hosting & database: Supabase (PostgreSQL database, authentication), Vercel (web hosting), Railway (API hosting).
  • Push notifications: Firebase Cloud Messaging (FCM) for Android, Apple Push Notification service (APNs) for iOS, via Expo Push Service.
  • SMS delivery: Telnyx (US), MSG91 (India) — for OTP verification and parent invitation codes.
  • Email delivery: Amazon SES for transactional emails (invitations, password resets, notifications).
  • Payment processing: Stripe (US and international) and Razorpay (India) for school subscription billing. Payment data is handled directly by these processors and is subject to their own privacy policies.
  • AI services (content moderation & translation): Message content may be transmitted to Google Gemini, OpenAI, or Anthropic Claude for automated content-policy scanning and on-demand translation. Content is processed in real time and is not retained by the AI provider beyond the request lifecycle.
  • Analytics & logging: Axiom (structured server logs; logs are scrubbed of personally identifiable information).
  • Over-the-air updates: Expo Application Services (EAS) for delivering app updates without requiring app store re-downloads.

8. Mobile App Permissions

The ParentSync mobile app requests the following device permissions, each only when needed:

  • Push notifications: To alert you about new messages from your school or parents.
  • Camera: To take photos for message attachments (requested only when you tap the camera option).
  • Photo library: To attach existing photos to messages (requested only when you tap the library option).
  • Face ID / biometrics: To unlock the app securely without re-entering your PIN. Biometric data never leaves your device.

9. Content Moderation

We use AI-powered systems to scan messages for policy violations before delivery. Messages containing threats, sexual content, or content endangering children may be blocked. Inappropriate content may be flagged and reviewed by school administrators. This scanning is automated and no human reviews your messages unless flagged.

10. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.

Contact privacy@parentsync.net for any data-related requests.

11. India — DPDP Act 2023

Under India's Digital Personal Data Protection Act, 2023, you have the right to access, correct, and delete your personal data, and to nominate a representative to exercise these rights on your behalf. To exercise these rights, contact privacy@parentsync.net or use the "Delete My Account" option in the mobile app.

12. California Residents — CCPA / CPRA

California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • The right to know what personal information we collect, use, and disclose.
  • The right to request deletion of personal information.
  • The right to correct inaccurate personal information.
  • The right to opt out of the sale or sharing of personal information.
  • The right to non-discrimination for exercising your privacy rights.

ParentSync does not sell or share personal information as those terms are defined under California law. To exercise your CCPA / CPRA rights, contact privacy@parentsync.net.

13. Changes to This Policy

We may update this policy from time to time. Users will be notified of material changes via email. Continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions or data requests, contact us at privacy@parentsync.net, or write to Vinrays Solutions LLC.