Privacy Policy

1. Introduction

This Privacy Policy is provided by SG eSchool, a product of Star Group, located at Sultan Muzaffar Road, Erbil, Iraq (“we,” “our,” or “us”). This Application collects some Personal Data from its Users. We are committed to protecting the privacy and security of our users’ personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our school management platform, website, mobile applications, third-party integrations (including our Zoom Marketplace app), and related services (collectively, the “Service”).

Personal Data may be freely provided by the User, or, in the case of Usage Data, collected automatically when using this Application. By using SG eSchool, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use our Service.

2. Information We Collect

2.1 Personal Information

We may collect personally identifiable information that you voluntarily provide, including but not limited to:

• Usernames and account credentials
• Student names, dates of birth, and academic records
• Parent/guardian names, contact information, and emergency contacts
• Teacher and staff profiles, qualifications, and employment records
• Email addresses and phone numbers
• Financial information related to fee payments
• Attendance records and behavioral data

2.2 Usage Data

We automatically collect certain information when you access our Service, including device information, browser type, IP addresses, URI addresses, time of request, method utilized to submit the request to the server, pages visited, and time spent on the platform. This data helps us improve performance and user experience.

2.3 Data from Third-Party Integrations

When you connect SG eSchool with third-party services such as Zoom, we may interact with those services to provide specific functionality. For Zoom specifically:

• We use the Zoom API solely to create meetings on behalf of authorized users.
• The only data we store from Zoom is the meeting join link, which is saved on our servers so that students, teachers, and parents can access the meeting.
• We do not store Zoom user profiles, authentication tokens, participant lists, chat messages, recordings, or any other Zoom account data.

3. Device Permissions for Personal Data Access

Depending on the User’s specific device, our mobile application may request certain permissions that allow it to access the User’s device data as described below.

• Camera permission: Used for accessing the camera or capturing images and video from the device.
• Precise location permission (continuous): Used for accessing the User’s precise device location. This Application may collect, use, and share User location data in order to provide location-based services.
• Storage permission: Used for accessing shared external storage, including the reading and adding of any items.

4. Mode and Place of Processing the Data

4.1 Methods of Processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated.

4.2 Legal Basis of Processing

We may process Personal Data relating to Users if one of the following applies:

• Users have given their consent for one or more specific purposes.
• Provision of Data is necessary for the performance of an agreement with the User.
• Processing is necessary for compliance with a legal obligation to which the Owner is subject.
• Processing is necessary for the purposes of the legitimate interests pursued by the Owner.

5. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve the SG eSchool platform
• To manage student enrollment, academic records, and attendance
• To facilitate communication between schools, teachers, and parents
• To process fee payments and generate financial reports
• To send push notifications, alerts, and important educational updates
• To generate analytics and reports for school administrators
• To ensure security and prevent unauthorized access
• To comply with legal obligations and regulatory requirements
• To integrate with third-party services (e.g., Zoom) for virtual classroom and meeting features

6. Detailed Information on the Processing of Personal Data

6.1 Firebase Authentication (Google LLC)

Firebase Authentication is a registration and authentication service provided by Google LLC. Personal Data collected: username. Place of processing: United States. Google Privacy Policy.

6.2 Push Notifications

This Application may send push notifications to the User for updates and educational alerts related to classes, attendance, grades, and other school activities.

7. Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• With your school: Data entered into SG eSchool is accessible to authorized personnel within your institution based on their role and permissions.
• Third-party integrations: When you connect SG eSchool with third-party platforms (e.g., Zoom), data may be exchanged between services as necessary to provide the integrated functionality. Such integrations operate under the respective third-party’s privacy policy in addition to this policy.
• Legal requirements: We may disclose information if required by law, regulation, or legal process.

8. Third-Party Integrations

8.1 Zoom Integration

SG eSchool integrates with Zoom Video Communications, Inc. to allow authorized users to create Zoom meetings directly from the platform. When you authorize the Zoom integration:

• Data accessed: We use the Zoom API only to create meetings. We do not read or access your Zoom profile, contacts, recordings, chat messages, or participant data.
• Data storage: The only Zoom-related data we store is the meeting join link, which is saved on our servers so that students, teachers, and parents can view and join the meeting. We do not store Zoom authentication tokens, user IDs, or any other Zoom account information.
• Data use: The stored meeting link is used exclusively for displaying the meeting within the SG eSchool dashboard so participants can join. We do not use any Zoom data for advertising, marketing to third parties, or any purpose unrelated to the Service.
• Revoking access: You may disconnect the Zoom integration at any time through your SG eSchool account settings or by removing the app from your Zoom account. Upon disconnection, we will stop creating new meetings via Zoom. Previously saved meeting links may remain in your school’s records for reference.

Zoom’s own privacy practices are governed by Zoom’s Privacy Statement. We encourage you to review it.

8.2 Other Integrations

SG eSchool may integrate with additional third-party services in the future. Each integration will only access the data necessary to provide its intended functionality, and this policy will be updated accordingly.

9. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS 1.3 encryption for data in transit
• Role-based access control (RBAC)
• Regular security audits and penetration testing
• Multi-factor authentication (MFA) support
• Automated backups with geographic redundancy
• Secure API communication for third-party integrations (no tokens stored)

While we strive to use commercially acceptable means to protect your personal information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

10. Data Retention

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for, unless a longer retention period is required or permitted by law. Once the retention period expires, Personal Data shall be securely deleted or anonymized.

For data obtained through third-party integrations (e.g., Zoom), we retain only the meeting join links necessary for academic records. We do not store authentication tokens or any other integration account data. Upon disconnection, no new data is collected from the integration.

11. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal obligations.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to certain types of data processing.
• Withdraw consent: Withdraw your consent for data processing or third-party integrations at any time.

To exercise any of these rights, please contact us at info@sgeschool.app. We will respond to your request within 30 days.

12. Children’s Privacy

SG eSchool processes student data on behalf of educational institutions. Schools are responsible for obtaining necessary parental consent before entering student information into the system. We do not knowingly collect personal information from children under 13 without proper institutional authorization and parental consent.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data during such transfers, in compliance with applicable data protection laws.

14. Definitions and Legal References

• Personal Data (or Data): Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
• Usage Data: Information collected automatically through this Application, such as IP addresses, URI addresses, time of request, and method utilized to submit the request to the server.
• User: The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
• Data Subject: The natural person to whom the Personal Data refers.
• Data Controller (or Owner): The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
• This Application: The means by which the Personal Data of the User is collected and processed (SG eSchool platform, website, and mobile applications).

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR).

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the “Last updated” date, and where appropriate, sending a notification through the Service. We encourage you to review this policy periodically.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Group: Star Group (SG eSchool)
• Email: info@sgeschool.app
• General Inquiries: info@sgeschool.app
• Phone: +964 783 219 4529
• Address: Sultan Muzaffar Road, Erbil, Iraq