We do not sell or share your personal information
School-Core does not sell personal information. We do not exchange personal information for monetary or other valuable consideration with any third party.
School-Core does not "share" personal information for cross-context behavioural advertising. CPRA defines "sharing" as disclosure for advertising purposes that follow a consumer across services. We never do this. We do not run any advertising on the platform, and we do not use third-party analytics that build cross-site profiles.
We do not sell or share children's personal information under any circumstances — whether the consumer is under 13 (COPPA), or 13–16 (CCPA / CPRA opt-in floor).
Because we do not sell or share, there is nothing for you to opt out of through this notice. The footer link is provided because CCPA / CPRA require it as a transparency measure for businesses interacting with California residents.
Categories of personal information we have collected in the last 12 months
We collect the following categories of personal information from or about California residents, sourced from the school and the resident themselves:
- Identifiers — name, email, school-issued ID, IP address
- Protected classifications — age (for COPPA threshold detection), grade level
- Commercial information — school subscription billing data (handled by Stripe)
- Internet / network activity — login timestamps, browser user-agent, audit log entries
- Geolocation — coarse geolocation derived from IP address only; no precise GPS
- Professional information — job title and department for staff users
- Education information — FERPA-covered student records uploaded by the school
- Inferences — aggregate engagement statistics shown to teachers and administrators
Detailed descriptions of each category, the source, and the purpose of processing are in our Privacy Policy §4 and §5.
Categories of personal information disclosed for a business purpose
We disclose the categories above only to the sub-processors listed in our Sub-Processor Registry, solely for the operational purposes specified there (database hosting, application hosting, file storage, AI educational features, payment processing, transactional email, error monitoring). Each disclosure is governed by a written data processing agreement.
We have not disclosed personal information to third parties for the third parties' own purposes.
Your CCPA / CPRA rights
- Right to know
- What personal information we have collected about you in the last 12 months and how it has been used.
- Right of access
- Receive a copy in a portable format.
- Right to delete
- Personal information, subject to exceptions for FERPA-protected education records and other legally required retentions.
- Right to correct
- Inaccurate personal information.
- Right to limit use of sensitive personal information
- We already restrict use of sensitive PI to operational purposes.
- Right to opt out of sale or sharing
- We do not engage in either, so this right has no effect for our processing.
- Right to non-discrimination
- For exercising any of the above.
FERPA-protected records
FERPA-protected education records (transcripts, grades, disciplinary records, etc.) follow FERPA request and amendment procedures. Submit those requests to your school's registrar; we cannot release education records directly to parents or students without the school's authorisation.
How to submit a request
You can exercise the rights above using either of the following methods:
- In-app: sign in and use
Account Settings → Download my dataorDelete my account. These are the same endpoints we use to fulfil GDPR data-subject requests, so you receive the same level of completeness either way. - Email: privacy@school-core.com. Include your account email and the type of request.
We respond within 45 days, with one possible 45-day extension if the request is complex. Authorised agents acting on a resident's behalf must submit signed authorisation; we may ask the resident to confirm separately.
Notice of financial incentive
We do not offer financial incentives in exchange for the collection, sale, or retention of personal information.
Retention
We retain personal information only as long as needed for the purposes described in our Privacy Policy §8 and as required by law. Specific retention windows are spelled out there (e.g. read notifications 90 days, AI usage summaries 1 year, audit logs 3 years).
Changes to this notice
We will post material changes to this notice here, update the "Last updated" date, and notify Customers through the platform when changes are significant.
Authorised agents and questions
Last updated: June 2026 · v1.0 — June 2026