Privacy Policy

schedull is a school timetable scheduling service that helps educators and administrators generate conflict-free weekly timetables automatically. We operate as a software-as-a-service product and act as the data controller for the personal information you provide when creating an account or using the platform.

We collect only the minimum data necessary to provide the service. This includes: your account identifiers (name, email address, and a unique user ID) managed through Auth0 when you sign up or log in, including external identity-provider data when you choose Google sign-in; the timetable data you create: projects, classes, subjects, teachers, schedules, and constraints; your application preferences such as display language and colour theme; your cookie consent choices stored in schedull_cookie_consent; subscription information processed securely through Stripe, including your billing status; and, only when you accept marketing cookies, limited public-page visitor information collected through Instantly Website Visitors.

Your data is used to operate, secure, improve, and market schedull. Specifically: to authenticate you and maintain your session; to store and process the timetable projects you create; to apply your display preferences across the application; to remember your cookie choices; to manage your subscription and process payments through Stripe; to diagnose and fix technical issues; and, if you consent to marketing cookies, to understand which organizations show interest in schedull on public pages. We do not sell your timetable content and we do not use your timetable content to train machine-learning models.

We retain your account and timetable data for as long as your account is active. If you choose to delete your account, all associated personal data and timetable content will be permanently removed from our systems within 30 days, except where we are legally required to retain certain records (for example, billing records for tax compliance, which are kept for 7 years in accordance with applicable regulations).

Schedull relies on a small number of trusted third-party services: Auth0 manages account authentication, credential storage, and session-related identity services; Google may act as an external identity provider if you choose Google sign-in, subject to Google's privacy policy; Stripe processes subscription payments, so card details never pass through our servers; our infrastructure providers host the application and databases used to run the service; and Instantly Website Visitors may process public-page visitor information for marketing lead identification only after you accept marketing cookies.

We use necessary first-party cookies and optional marketing cookies. Necessary cookies support session management, login security, language preference, theme preference, antiforgery protection, and the schedull_cookie_consent cookie that stores your cookie choices. These necessary cookies are required for the service and may expire within one year depending on their purpose. Optional marketing cookies and similar technologies are disabled by default and are used only if you accept them; today this category covers Instantly Website Visitors on public pages. You can reopen Cookie settings from the footer at any time to change or withdraw consent.

Depending on your location, you may have the following rights regarding your personal data: the right to access a copy of the data we hold about you; the right to correct inaccurate information; the right to erasure (deletion) of your account and associated data; the right to data portability (receiving your timetable data in a machine-readable format); the right to object to or restrict certain types of processing; and the right to withdraw consent where processing is based on consent. To exercise any of these rights, please contact us using the details below.

We take reasonable technical and organisational measures to protect your data. All traffic is encrypted in transit using TLS. Sensitive account authentication data is handled through Auth0 and its managed security controls, while our application data at rest is stored in encrypted databases. Access to production systems is restricted to authorised personnel only. Despite these measures, no system is completely immune to risk, and we encourage you to use a strong, unique password and to log out from shared devices.

If you have questions about this policy, wish to exercise your data rights, or need to report a privacy concern, please reach out through the contact information listed on our website. If this policy changes materially, we will notify active users by email and update the revision date below. Continued use of the service after notification constitutes acceptance of the updated policy.