Privacy Policy

Who Controls The Data

The preschool using the service is responsible for deciding what student, guardian, staff, and attendance data is entered. Preschool Ops provides the software platform and processes data so the preschool can run its operations.

Data We Process

• School profile details such as school name, address, phone number, timezone, plan, and WhatsApp configuration status.
• Staff user details such as name, email address, role, invitation status, login identifiers, and audit activity.
• Student records such as name, preferred name, date of birth, gender, identity reference if provided, class assignment, enrolment date, attendance status, and notes entered by the school.
• Guardian records such as name, phone number, email address, relationship to student, primary contact status, and WhatsApp opt-in status.
• Operational communications such as absence drafts, approved WhatsApp template variables, delivery status, inbound replies, and message audit metadata.
• Usage, security, analytics, and error data needed to operate the service, investigate failures, and understand which features are used.

How We Use Data

• Create and administer each preschool workspace.
• Manage classes, students, guardians, attendance, staff access, and audit history.
• Prepare absence messages and send WhatsApp notifications only after authorised human approval.
• Provide support, debug errors, improve reliability, and detect misuse.
• Produce product analytics at school and feature level without intentionally collecting full message bodies or phone numbers in analytics tools.
• Comply with legal, accounting, security, and regulatory obligations.

WhatsApp And AI

WhatsApp messages are sent only through configured WhatsApp Business providers and only after the preschool has obtained the required guardian opt-in and an authorised user approves the send. AI-assisted message generation prepares drafts only. A human admin or authorised staff member remains responsible for reviewing content before it is sent.

Service Providers

• Supabase for authentication, database, storage, and related infrastructure. The intended production region is Singapore unless configured otherwise.
• Twilio and Meta WhatsApp infrastructure for approved WhatsApp Business messaging and delivery status callbacks.
• Configured AI providers for generating draft parent messages when the school uses AI-assisted writing. Drafts still require human review before sending.
• Sentry for error monitoring, with filtering intended to avoid full phone numbers, message bodies, and secrets.
• PostHog for product analytics, with server-side events scoped to product usage rather than raw child or guardian communication content.
• Deployment, DNS, and hosting providers used to run the production website.

Security And Retention

The service uses authenticated access, school-level data separation, database row-level security, audit logs, and restricted operational tooling. Data is retained while the preschool account is active and for a reasonable period afterward where required for backup, accounting, security, dispute, or legal purposes. The preschool may request export or deletion, subject to legal and operational limits.

Access And Correction

Parents, guardians, staff, and schools may request access to or correction of their personal data through the preschool or the service operator. Requests may need identity verification before data is disclosed or changed.

Contact

Privacy requests should be sent to the preschool operator or to the official support contact that will be published before production launch.