Privacy Policy
Last updated: 15th January 2024
Commitment: We protect your family's educational data with enterprise-grade security measures.
1. Data Controller
Cynapps Limited
Contact via: Secure Contact Form
2. Information We Process
2.1 Account Data
- Student enrollment information
- School-issued access credentials
2.2 Educational Content
- Homework submissions & teacher feedback
- Class project documentation
- Progress reports & assessments
2.3 Technical Data
- IP addresses for security monitoring
- Device identifiers for access control
3. Secure Communications
3.1 Encrypted Video Conferencing
-
Encryption Standards:
- End-to-end encryption (E2EE) using TLS 1.3
- SRTP for media stream protection
- Recordings disabled by default
-
Data Processed:
- Participant video/audio streams
- Meeting chat transcripts
- Connection metadata (duration, participants)
4. Password Vault Security
4.1 Client-Side Encryption
-
Technical Implementation:
- AES-256-GCM encryption in browser memory
- PBKDF2-SHA256 key derivation (100,000 iterations)
- Zero-knowledge architecture
-
Our Limitations:
- No decryption capability
- No stored password recovery mechanism
- Encrypted blobs only stored on servers
Important: We cannot recover encrypted passwords. Protect your master password.
4.2 User Responsibilities
- Secure master password management
5. Educational Content Sharing
-
With Schools:
- Homework to designated teachers
- Progress reports to administrators
- Parent consent required for sharing
-
Retention:
- 1 academic year maximum
- Automatic deletion after leaving school
6. Data Sharing
-
Essential Processors:
- OVHCloud (cloud hosting)
- Wasabi (cloud storage)
- Stripe (PCI-compliant payments)
- Metered (video infrastructure)
-
Legal Requirements:
- Court-ordered disclosures
- Child protection investigations
7. Security Measures
- HTTPS with HSTS enforcement
- BCrypt password hashing
- Annual penetration testing
- Role-based access controls
8. Your Rights
- Access/export personal data
- Request content deletion
- Withdraw consent for sharing
Exercise rights via our Contact Form (72h response time)
9. Children's Privacy
- Parent-mediated data collection
- COPPA-compliant verification
- School-approved data flows
10. Data Retention
Data Type | Retention Period |
---|---|
Account Information | 5 years post-deletion |
Educational Materials | 1 academic year |
Video Call Metadata | 90 days |
11. Policy Updates
- 30-day advance notification
- In-service banner alerts
- Version archive available on request
12. Contact Us
All data protection inquiries must use our
Secure Contact Form