1. Introduction
PowerMySchool (“we”, “us”, or “our”) operates the PowerMySchool school management platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service, including our website, mobile applications, and all related tools and features.
By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with any part of this policy, please do not use the Service.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: When you register, we collect your name, email address, phone number, role (administrator, teacher, parent, student), and login credentials.
- School Information: School name, address, logo, academic year structure, and organizational details provided during setup.
- Student Records: Student names, dates of birth, enrollment details, class assignments, grades, attendance records, and parent/guardian contact information entered by authorized school administrators and teachers.
- Financial Data: Fee structures, payment records, and transaction history. Payment card details are processed directly by our payment partners (Stripe and Razorpay) and are never stored on our servers.
- Communication Data: Messages sent through the platform between teachers, parents, students, and administrators.
- Uploaded Content: Documents, images, assignments, and other files uploaded to the platform.
2.2 Information Collected Automatically
- Usage Data: Pages visited, features used, click patterns, and time spent on the platform.
- Device Information: Browser type, operating system, device type, screen resolution, and IP address.
- Cookies & Similar Technologies: We use essential cookies for authentication and session management (httpOnly, secure, sameSite strict). We do not use third-party tracking cookies. Analytics data is collected server-side without cookie-based tracking.
- Log Data: Server logs that record requests made to our Service, including timestamps, referring URLs, and error reports.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide, operate, and maintain the school management platform, including student management, attendance tracking, fee processing, report generation, and communication features.
- Account Management: To create and manage user accounts, authenticate logins, and enforce role-based access controls.
- Communication: To send important service notifications, attendance alerts, fee reminders, exam schedules, and other school-related communications via email, SMS, or in-app notifications.
- Payment Processing: To process fee payments, generate invoices and receipts, and maintain financial records on behalf of schools.
- Analytics & Improvements: To analyze usage patterns, generate academic and operational reports for schools, and improve our Service features.
- Security: To detect, prevent, and address fraud, unauthorized access, and other security issues.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
- Customer Support: To respond to inquiries, troubleshoot issues, and provide technical assistance.
4. Data Sharing and Disclosure
We do not sell your personal information to third parties. We may share information in the following circumstances:
- With Your School: Data entered into the platform is accessible to authorized personnel within the respective school based on their role and permissions.
- Service Providers: We share data with trusted third-party providers who assist in operating our Service, including:
- Stripe and Razorpay for payment processing
- Twilio for SMS and WhatsApp notifications
- Email delivery services for transactional emails
- Cloud hosting providers for data storage and processing
- UploadThing for secure file uploads
These providers are contractually obligated to protect your data and use it only for the services they provide to us. - Legal Requirements: We may disclose information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect the rights, safety, or property of PowerMySchool, our users, or the public.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify you of any such change in ownership.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
- Access Controls: Role-based access controls ensure users can only access data relevant to their role. All admin actions are logged in an audit trail.
- Authentication: Secure password hashing using bcrypt, HTTP-only cookies for session management, and support for multi-factor authentication.
- Infrastructure: Our servers are hosted in secure, SOC 2-compliant data centers with regular security audits and penetration testing.
- Backups: Automated daily backups with point-in-time recovery capabilities to prevent data loss.
- Monitoring: Real-time threat monitoring, rate limiting, and intrusion detection systems to prevent unauthorized access.
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
- Active Accounts: We retain your data for as long as your account or your school’s subscription remains active.
- After Termination: Upon account deletion or subscription cancellation, we retain data for 90 days to allow for recovery or reactivation. After this period, data is permanently deleted from our active systems.
- Backups: Data may persist in encrypted backups for up to 180 days after deletion from active systems.
- Legal Obligations: We may retain certain data longer if required by law (e.g., financial records for tax compliance).
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Portability: Request your data in a structured, machine-readable format (e.g., CSV or JSON export).
- Restriction: Request that we limit the processing of your data in certain circumstances.
- Objection: Object to the processing of your personal data for specific purposes.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact us at privacy@powermyschool.com. We will respond within 30 days.
8. Children’s Privacy
Our Service is designed for use by schools and involves the processing of data relating to students, including minors. Student data is entered and managed by authorized school administrators and teachers — not directly by children.
We comply with applicable child data protection laws, including COPPA (Children’s Online Privacy Protection Act) and GDPR provisions for minors. Schools are responsible for obtaining any necessary parental consent before entering student data into the platform.
9. International Data Transfers
PowerMySchool operates globally and your data may be processed in countries other than your own. We ensure that all international data transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) where required under GDPR.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: