Privacy Policy

Last updated: 15th January 2024

Commitment: We protect your family's educational data with enterprise-grade security measures.

1. Data Controller

Cynapps Limited
Contact via: Secure Contact Form

2. Information We Process

2.1 Account Data

  • Student enrollment information
  • School-issued access credentials

2.2 Educational Content

  • Homework submissions & teacher feedback
  • Class project documentation
  • Progress reports & assessments

2.3 Technical Data

  • IP addresses for security monitoring
  • Device identifiers for access control

3. Secure Communications

3.1 Encrypted Video Conferencing

  • Encryption Standards:
    • End-to-end encryption (E2EE) using TLS 1.3
    • SRTP for media stream protection
    • Recordings disabled by default
  • Data Processed:
    • Participant video/audio streams
    • Meeting chat transcripts
    • Connection metadata (duration, participants)

4. Password Vault Security

4.1 Client-Side Encryption

  • Technical Implementation:
    • AES-256-GCM encryption in browser memory
    • PBKDF2-SHA256 key derivation (100,000 iterations)
    • Zero-knowledge architecture
  • Our Limitations:
    • No decryption capability
    • No stored password recovery mechanism
    • Encrypted blobs only stored on servers
Important: We cannot recover encrypted passwords. Protect your master password.

4.2 User Responsibilities

  • Secure master password management

5. Educational Content Sharing

  • With Schools:
    • Homework to designated teachers
    • Progress reports to administrators
    • Parent consent required for sharing
  • Retention:
    • 1 academic year maximum
    • Automatic deletion after leaving school

6. Data Sharing

  • Essential Processors:
    • OVHCloud (cloud hosting)
    • Wasabi (cloud storage)
    • Stripe (PCI-compliant payments)
    • Metered (video infrastructure)
  • Legal Requirements:
    • Court-ordered disclosures
    • Child protection investigations

7. Security Measures

  • HTTPS with HSTS enforcement
  • BCrypt password hashing
  • Annual penetration testing
  • Role-based access controls

8. Your Rights

  • Access/export personal data
  • Request content deletion
  • Withdraw consent for sharing

Exercise rights via our Contact Form (72h response time)

9. Children's Privacy

  • Parent-mediated data collection
  • COPPA-compliant verification
  • School-approved data flows

10. Data Retention

Data Type Retention Period
Account Information 5 years post-deletion
Educational Materials 1 academic year
Video Call Metadata 90 days

11. Policy Updates

  • 30-day advance notification
  • In-service banner alerts
  • Version archive available on request

12. Contact Us

All data protection inquiries must use our
Secure Contact Form