TogetherSchool

Privacy Policy

Last updated: January 2025

Who We Are

Together School ("we", "us", "our") is a service provided by William Roberts Coaching and Advisory Ltd, a company incorporated in England, company number 15629688. We are committed to protecting your privacy and handling your data transparently and securely. For questions, contact hello@togetherschool.ai.

What Data We Collect

  • Personal information (name, email, address, phone, child details)
  • Account and login details
  • Usage data (pages visited, actions taken)
  • Cookies and similar technologies
  • Communications and support queries
  • WhatsApp direct messages (see WhatsApp Message Processing section below)
  • Gmail emails (see Gmail Email Processing section below - optional feature)

WhatsApp Direct Message Processing

Important: Together School communicates with you via Direct Messages (DMs) only. We do NOT join or access WhatsApp groups. All communication is 1-on-1 between you and the Together School bot. Here's exactly what happens:

  • How You Connect: You sign up individually to Together School (via web or WhatsApp). After signup, you receive a verification code via WhatsApp DM. Once verified, all communication happens through direct messages between you and the bot.
  • What We Send: The bot sends you daily summaries of school emails (if you've connected Gmail), answers to your questions, coordination updates, and notifications. All messages are sent directly to you via WhatsApp DM.
  • What You Send: You can send commands and questions to the bot via WhatsApp DM (e.g., "what homework", "when is the school play", "my summary"). The bot processes these messages to provide personalized responses.
  • What We Store: We store your commands and questions, along with the bot's responses. We also store structured data extracted from your school emails (if Gmail is connected), such as event dates, payment amounts, homework assignments, and deadlines.
  • What We Don't Access: We never access or read your WhatsApp group messages. We never join WhatsApp groups. We only communicate with you directly via 1-on-1 messages. Your private conversations with other parents in WhatsApp groups are completely private and never accessed by Together School.
  • Group Context (Metadata Only): We may track which WhatsApp groups you're part of for context awareness (e.g., knowing which school group you belong to), but this is metadata only. The bot never reads or sends messages to these groups.

WhatsApp Business API: Together School uses the official WhatsApp Business API provided by Meta, which only supports direct messaging (not group messaging). All data transmission is encrypted end-to-end by WhatsApp. We comply with Meta's WhatsApp Business Policy and Data Processing Terms.

Third-Party Processing: Message processing may involve third-party AI services (e.g., OpenAI) operating under strict data processing agreements. These services process your direct messages only to understand your requests and provide responses. They do not retain message content.

Gmail Email Processing (Optional Feature)

This is an optional feature. If you choose to connect your Gmail account, Together School can process school-related emails to provide AI-powered summaries. Here's exactly what happens:

  • What We Access: We access emails in your Gmail inbox using Google's official OAuth 2.0 API with read-only permissions. We NEVER access emails in other folders (Sent, Drafts, Trash) unless explicitly configured.
  • What We Read: We only read emails from school-specific domains that you specify (e.g., @school.edu). We scan these emails to identify important information such as events, deadlines, payment requests, forms, and school updates.
  • What We Extract: We extract structured data such as event dates, deadlines, payment amounts, form links, and key information to create AI-powered summaries delivered via WhatsApp.
  • What We Store: We store email metadata (sender, subject, date, message ID) and AI-generated summaries. We do NOT store full email content or attachments.
  • What We Don't Access: Personal emails, marketing emails, or any emails outside your specified school domains are never accessed. We respect your privacy and only process school-related communication.
  • Your Control: You can disconnect Gmail access at any time from your dashboard. You can specify which email domains to monitor. You can delete all email summaries at any time.

Google OAuth Security: Together School uses Google's official OAuth 2.0 authentication. We request read-only Gmail access (gmail.readonly scope). We NEVER request permission to send emails, delete emails, or modify your inbox. Your Gmail password is never shared with us - authentication happens directly through Google.

Data Processing: Email processing uses OpenAI's GPT models under a strict Data Processing Agreement. OpenAI processes emails only to generate summaries and does not use your emails to train AI models. All data transmission is encrypted using TLS 1.3.

Third-Party Access: We do not share your Gmail data with any third parties except our secure AI processing provider (OpenAI) operating under contractual data protection obligations. Google monitors OAuth app usage and may revoke access if misuse is detected.

How We Use Your Data

  • To provide and improve our services
  • To communicate with you about your account or our services
  • To personalise your experience
  • To comply with legal obligations
  • For analytics and site security

Legal Basis for Processing (UK GDPR)

  • Consent (e.g. marketing communications)
  • Contract (to provide our services)
  • Legal obligation (e.g. safeguarding, compliance)
  • Legitimate interests (to improve our services, ensure security)

Data Sharing & Transfers

  • We do not sell your data.
  • We may share data with trusted service providers (e.g. hosting, analytics, payment processors) under strict agreements.
  • We may transfer data outside the UK/EU only with adequate safeguards (e.g. Standard Contractual Clauses).
  • We may disclose data if required by law or to protect safety.

Cookies

We use cookies and similar technologies to operate our site, remember your preferences, and analyse usage. You can control cookies via your browser settings.

Your Rights

  • Access your data
  • Correct or update your data
  • Request deletion of your data
  • Object to or restrict processing
  • Withdraw consent at any time
  • Complain to the UK Information Commissioner's Office (ICO)

Data Retention

  • Structured Summaries: Event summaries, deadlines, and coordination data are retained for up to 90 days or until no longer needed for service delivery.
  • Message Content: Raw message content is processed in real-time and not stored beyond the time needed for extraction (typically seconds).
  • Account Data: Personal account information is retained while your account is active and for a reasonable period afterward to comply with legal obligations.
  • Deletion: You can request deletion of your data at any time by contacting us. You can also stop receiving messages by blocking the Together School WhatsApp number or disconnecting your account.

How We Protect Your Data

We use industry-standard security measures to protect your data, including encryption, access controls, and regular reviews. Only authorised staff and partners have access as needed. All WhatsApp messages are encrypted end-to-end by WhatsApp before reaching our servers.

Children's Privacy

We take extra care with children's data. Parents/guardians must provide consent for children under 16. We do not knowingly collect data from children without appropriate consent.

Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes via email or our website.

Company Information

Legal Entity:

William Roberts Coaching and Advisory Ltd
Company number: 15629688
Incorporated in England and Wales

Together School is operated and provided by William Roberts Coaching and Advisory Ltd.

Contact Us

For questions or requests regarding your data, email hello@togetherschool.ai.