Privacy Policy

Last updated: March 2026

1. Introduction

Skolmind (“we”, “us”, “our”) is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, and protect information when you use our kindergarten management platform at skolmind.app, skolmind.my, and skolmind.com (the “Platform”).

This policy complies with applicable data protection laws and regulations in the jurisdictions where we operate.

2. Data We Collect

2.1 School Administrator Data

When a kindergarten registers on our Platform, we collect: school name, registration number, address, administrator name, email address, and phone number.

2.2 Teacher Data

Teacher accounts are created by school administrators. We store: name, email, phone number, and assigned class information.

2.3 Parent Data

Parent accounts are created via school invitation. We store: name, email, phone number, and linked child information across schools.

2.4 Child Data

We store information provided by schools including: child name, date of birth, gender, class assignment, health notes, allergies, dietary requirements, emergency contacts, and immunisation records. Photos are stored only with explicit consent and opt-out is available at any time.

2.5 Attendance & Safety Data

Attendance records, dismissal logs, incident reports, and escalation records are stored in immutable (insert-only) database tables and cannot be altered or deleted. This ensures a tamper-proof audit trail for child safety.

3. How We Use Your Data

We use collected data exclusively for the following purposes:

  • To provide the kindergarten management service
  • To send attendance alerts and safety escalations
  • To process fee invoices and payment records
  • To enable parent-teacher communication
  • To generate reports for school management
  • To send transactional notifications via SMS, email, and push notifications
  • To improve Platform performance and reliability

We do not use personal data for advertising, profiling, or any purpose unrelated to the kindergarten management service.

4. Data Security

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Child photos are delivered via time-limited signed URLs that cannot be shared or reused after expiry. Our infrastructure is protected by Cloudflare WAF and DDoS protection.

We conduct regular security reviews and follow industry best practices for data protection, including the OWASP Top 10 framework.

5. Data Sharing

We do not sell, rent, or trade personal data. Data is shared only with:

  • The school that created the record - within their school scope only. Cross-school data access is not possible.
  • Parents linked to specific children - they can only see data related to their own children.
  • Third-party service providers - limited to SMS delivery (Unosend), push notifications (Firebase Cloud Messaging), and file storage (Cloudflare R2). These providers process data only as instructed by us.

6. Data Retention

Active account data is retained for the duration of the service subscription. After subscription cancellation, data is retained for 60 days before permanent deletion, with email reminders sent at 30 days and 7 days before deletion. Attendance and safety records are retained for 7 years as required by applicable regulations.

7. Your Rights

You have the right to:

  • Access your personal data held by us
  • Request correction of inaccurate data
  • Withdraw consent for non-essential data processing
  • Request data export in a machine-readable format (JSON or CSV) within 30 days
  • Request data deletion, subject to legal retention requirements for safety records

Parents can opt out of the photo gallery for their child at any time. When opted out, the child's photos are excluded at the database query level - they never appear in any API response. This is not a UI filter; it is enforced at the infrastructure level to guarantee privacy.

9. Children's Privacy

We take the privacy of children seriously. Child data is only accessible to authorised school staff and linked parents. All child photos use signed URLs with automatic expiry (15 minutes for photos, 60 minutes for documents). We do not use child data for marketing, analytics, or any purpose beyond the kindergarten management service.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify users via email and update the “last updated” date at the top of this page.

11. Contact Us

For privacy inquiries, data access requests, or to exercise any of your rights, contact us at: privacy@skolmind.app