Privacy Policy for HolyCross Greek School/HCGS

Effective Date: October 11, 2025

This Privacy Policy explains how HolyCross Greek School ("We", "Us", or "Our") collects, uses, and protects information in connection with your use of the HCGS mobile application (the "App"), which is designed for communication between school staff and parents/guardians.

We understand the sensitive nature of student data and are committed to protecting the privacy of all users, including parents, teachers, and the students whose educational records are accessed through this App.

1. Scope of This Policy and User Roles

This App is strictly for internal use by Authorized Users:

  1. School Staff/Teachers: Authorized employees of HolyCross Greek School.

  2. Parents/Guardians: Authorized individuals with legal custody of an enrolled student.

Accounts are created and managed exclusively by HolyCross Greek School. Users (Teachers and Parents) cannot create new accounts or update passwords directly in the App.

2. Information We Collect

We collect information directly from you or through the school's administrative systems for the sole purpose of operating the App and providing educational communication services.

A. Personal Information (of Parents/Teachers)

This information is used for identification and communication:

  • Identification Data: Full Name, Email Address.

  • Account Data: User Role (Teacher or Parent), System-generated User ID, School-assigned credentials (which we manage).

B. Student Educational Records (Sensitive Data)

This data is stored securely and is accessed based on your authorized role:

  • Student Identification: Student Name, Class/Grade Level.

  • Academic Progress: Homework assignments, completion status, and grades/feedback.

  • Attendance Data: Records of student presence or absence.

  • Event Data: School calendar entries and notification history.

C. Non-Personal Information

We collect standard operational data solely for maintenance and improvement:

  • Usage Logs: Data about how the App is accessed and used (e.g., date/time of access, features used).

  • Device Information: Device type and operating system version (e.g., Android version) for troubleshooting and app compatibility.

3. How We Use the Information

We use the collected information only for the following legitimate, education-related purposes:

  • To Provide the Service: Enabling teachers to post information and allowing parents to view their child’s progress and attendance.

  • Authentication: Verifying your identity to ensure you only access data relevant to your role (e.g., a parent only sees their child's data).

  • Communication: Sending essential school notifications, emergency alerts, and system updates.

  • Maintenance and Improvement: Analyzing non-personal usage data to fix bugs and improve app performance.

  • Legal Compliance: Complying with state, federal, and international laws related to educational data privacy (such as FERPA in the US or relevant GDPR provisions).

We do not use any data collected through this App for marketing, advertising, profiling, or selling to third parties.

4. Data Sharing and Disclosure

We are committed to minimizing data sharing. We only share information in the following limited circumstances:

  • Between Authorized Users:

    • Teachers can access data for the students in their class(es).

    • Parents can only access data pertaining to their specific enrolled child(ren).

  • With Service Providers: We use trusted third-party services (e.g., Google Firebase/Firestore for secure database hosting) to maintain and host the App. These providers are bound by strict confidentiality obligations to protect the data and are only authorized to process data on our behalf.

  • Legal Requirements: If required to do so by law, court order, or governmental regulation, we will disclose information as mandated.

  • School Administration: Authorized school administrative staff will have access to all data necessary for school operation and oversight.

5. Data Security and Location

The security of your data is paramount.

  • We use commercially acceptable, robust security measures, including data encryption (at rest and in transit), role-based access controls, and secure servers to protect against unauthorized access or disclosure.

  • All data is hosted securely using [Specify your cloud provider, e.g., Google Cloud Platform or Firebase] which maintains industry-standard security certifications.

6. Data Retention and Account Deletion

A. Data Retention

We retain data only as long as it is necessary for the purposes outlined in this Privacy Policy, typically for the duration of the student's enrollment at [Your School Name] or the user's employment.

B. Initiating Account Deletion

Since all accounts are created and managed by the school, the user (Parent or Teacher) cannot delete their account directly within the app.

To initiate the deletion of your account and associated personal data, you must contact the School Administration directly via one of the methods below.

Upon receiving a verified deletion request:

  1. We will remove your user account credentials and personal identifying information (Name, Email).

  2. We will delete or securely anonymize all associated personal data from our active records, unless legally required to retain certain records (e.g., permanent academic transcripts).

  3. We will notify you once the deletion process is complete, which may take up to [X] business days to fully process.

7. Children's Privacy

The App is designed for use by Adult Users (Parents/Guardians and Teachers). It is not directed at children under the age of 13.

While we do not collect personal data from children through the App, we process and store educational records about enrolled students. This processing is performed under the authority of the school as an educational institution, in compliance with applicable laws like the Family Educational Rights and Privacy Act (FERPA) and other relevant regulations regarding student privacy.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy within the App and updating the "Effective Date" at the top of this policy. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions or requests regarding this Privacy Policy, your data, or initiating account deletion, please contact us:

Data Protection Officer/School Administration:

  • School Name: HolyCross Greek School

  • Email: greekschool.holycross@gmail.com

  • Mailing Address: Golders Green Rd, London NW11 8HL, UK