Privacy Policy

1. Scope

This Privacy Policy explains how CraftSchoolship (“we,” “us,” “our”) collects, uses, discloses, and protects personal information processed through the CraftSchoolship's mobile and web applications, including optional integrations with Mattermost (team chat & file sharing) and Moodle (learning management system, “LMS”).

The Application is provided as a Free service and is offered “AS IS.” By installing or using the Application, you agree to the practices described below.

2. Quick Summary (Human‑Readable)

• We collect account info you provide (e.g., name, email) and data needed to deliver learning and collaboration features.
• Chat messages, files, and reactions flow through your organization’s Mattermost server (or ours if hosted for you).
• Course enrollments, grades, and learning content are retrieved from your organization’s Moodle instance when you access LMS features.
• We do not sell your personal data. We do not show advertising in the Application.
• You can request access, correction, export, or deletion of your data (subject to organizational/educational record requirements).
• Uninstalling the app stops further on‑device data collection; server‑side data may remain per retention rules.

3. Data We Collect

3.1 Account & Profile Data You Provide

• Name, display name, or username.
• Email address (required for account recovery/notifications in most deployments).
• Optional contact fields: phone, address, avatar image, role (student, teacher, admin), organization or school.
• Authentication identifiers (UID, user ID from identity provider, SSO tokens).

3.2 Educational & Interaction Data

• Courses you are enrolled in; sections, lessons, assignments, quiz attempts (via Moodle).
• Chat messages, threads, replies, emoji reactions, file attachments (via Mattermost).
• Feedback you submit (support tickets, in‑app forms, ratings).

3.3 Device & Technical Data (Automatically Collected)

• Device model, OS version, app version, language/locale.
• Approximate region inferred from IP address (no continuous GPS tracking unless explicitly enabled for a feature).
• In‑app usage analytics: screens viewed, feature taps, session length, crash logs, performance metrics.
• Device identifiers (resettable, platform‑allowed) used for analytics & debugging.

3.4 Content You Upload

If you upload or share files (documents, images, audio, video) in chat or coursework, those files—and the metadata required to deliver them—are processed and stored per the relevant integrated service (Mattermost or Moodle) and our hosting configuration.

3.5 Data We Do Not Intentionally Collect

• Precise continuous GPS location (unless you explicitly opt into a location‑based feature that clearly states this).
• Biometric identifiers.
• Payment card details (unless a separate module clearly requests and processes payments through a certified third‑party gateway).

4. How We Use Data

• Deliver core app functionality: login, profiles, chat, courses, assignments, notifications.
• Sync and display your Mattermost channels, messages, reactions, and shared files.
• Sync and display your Moodle courses, lessons, grades, and learning activities.
• Operate, secure, debug, and improve the Application and backend services.
• Communicate with you: service announcements, support responses, policy updates.
• Aggregate analytics to understand feature usage and guide product improvements.
• Comply with legal obligations and enforce terms of use.

5. Legal Bases (GDPR / Similar Frameworks)

Where applicable (e.g., EEA, UK, some other jurisdictions), we rely on one or more of the following legal bases:

• Contract: Processing necessary to provide the Application or related educational service you (or your institution) requested.
• Legitimate Interests: Security, analytics to improve services, preventing abuse—balanced against your privacy rights.
• Consent: Optional features (push notifications, certain integrations, marketing messages) where consent is required by law.
• Legal Obligation: Compliance with laws, education record rules, or valid legal requests.

6. When We Share Data

We do not sell personal data. We share personal data only as needed to provide and support the Application or as required by law.

6.1 Service Providers

• Hosting / infrastructure providers (cloud servers, storage, backups).
• Analytics / crash reporting tools (aggregated usage & diagnostics).
• Push notification gateways.
• Mattermost & Moodle servers operated by your organization or by CraftSchoolship (deployment‑specific).

6.2 Compliance & Safety

• Legal demands (subpoena, court order, lawful government request).
• Investigation of fraud, abuse, security incidents, or threats to safety.

6.3 Organizational Controllers

If you use The Application through a school, university, training center, or company, that organization may be the primary data controller for certain data types (e.g., educational records, institution‑hosted chat). We process that data on their behalf.

7. Data from Mattermost Chat Integration

The Application can connect to a Mattermost server to provide messaging, channels, threads, reactions, and file sharing.

7.1 Data Retrieved

• User ID, username/display name, avatar, status (online/away/offline).
• Team & channel memberships.
• Messages (posts), replies/threads, edited message history (if enabled server‑side).
• Emoji reactions you add or receive.
• File attachments & metadata (filename, size, MIME type, upload user, timestamps).
• System events used to update unread counts, notifications, and presence.

7.2 How We Process It

• Display chat history within the Application UI.
• Send new posts, replies, and reactions you create back to the Mattermost server via API or WebSocket.
• Cache limited recent messages locally for faster loading (encrypted or platform‑protected where supported).
• Download attachments on demand or stream previews; optional local caching may occur if you open a file.

7.3 Your Controls

• Edit or delete your own messages (subject to server policy).
• Remove reactions you added.
• Request export of channel data from your Mattermost administrator.

See the Mattermost Privacy Policy for platform details: Mattermost Privacy.

8. Data from Moodle LMS Integration

The Application can connect to a Moodle instance to display and interact with educational content.

8.1 Data Retrieved

• User account identifiers (Moodle user ID, name, email if provided by your institution).
• Course enrollments & roles (student, teacher, admin).
• Course structure: sections, lessons, activities, resources (files, pages, URLs, quizzes, assignments).
• Grades & completion status where your institution allows exposure through the API.
• Submissions metadata (timestamps, attempt status); actual uploaded work may be downloaded when viewed.

8.2 How We Process It

• Display your enrolled courses and related learning content in the Application.
• Allow launching or deep‑linking to Moodle activities.
• Fetch updated grades, completion, and assignment states on refresh.
• Cache minimal course metadata locally for offline navigation (if enabled).

8.3 Educational Records

Course data, submissions, and grades may be considered educational records under local law (e.g., FERPA in the U.S.). CraftSchoolship processes such data under the direction of your educational institution.

See the Moodle privacy notice: Moodle Privacy.

9. Device Permissions & Local Storage

The Application may request access to certain device capabilities to deliver features. Granting is optional but required for related functionality.

• Camera: Capture photos or video to upload to chat or assignments.
• Photo Library / Files: Select and upload existing files or download received attachments.
• Microphone: Record audio messages or voice notes (if feature enabled).
• Notifications: Receive chat messages, course updates, assignment reminders.
• Local Storage: Cache session tokens, thumbnails, limited recent content for performance/offline use.

You can revoke permissions in your device settings; some features may stop working.

10. Data Retention

• Account data: Retained while your account is active and for a reasonable period after deactivation (institution policy governs).
• Chat content: Stored in Mattermost per your organization’s retention rules; deletions there are reflected in the Application.
• LMS data: Retained in Moodle per institutional academic retention schedules.
• Support inquiries: Retained as long as needed to resolve the issue and meet legal requirements.
• Local caches: Cleared when you log out, uninstall, or clear app data (platform dependent); we attempt to minimize persistent local personal data.

To request deletion of your user‑provided data held by CraftSchoolship, email contact@craftschoolship.com. For data controlled by your school/company, please contact your administrator.

11. Security

• Transport Layer Security (HTTPS / WSS) for data in transit (required for production deployments).
• Role‑based access & authentication tokens for API calls.
• Server‑side access controls and audit logging where supported.
• Periodic security reviews and patching of dependencies.
• Encryption or OS‑level protection for sensitive tokens cached on device (platform permitting).

No system is 100% secure. We encourage strong credentials, SSO where available, and reporting any suspected security issue immediately.

12. Your Rights & Choices

Your privacy rights depend on your jurisdiction and your organization’s role as data controller. Subject to applicable law, you may be able to:

• Access a copy of your personal data.
• Request correction or update of inaccurate data.
• Request deletion (erasure) of certain data.
• Export or receive data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent for optional features (e.g., marketing emails, push categories).

Submit requests to contact@craftschoolship.com or contact your institution administrator if they manage your account.

12.1 Opt‑Out of Analytics / Tracking

Where offered, you can toggle analytics in app settings. Otherwise, contact us and we can generate an opt‑out token or instruct you how to disable diagnostic uploads.

12.2 Uninstall

Removing the Application stops on‑device data collection. It does not automatically delete server data (chat history, academic records). Contact your organization for those requests.

13. Children’s Privacy

The Application is used by educational institutions that may include minors. We do not knowingly permit children under 13 (or the minimum age in your jurisdiction) to create independent accounts without appropriate institutional or parental authorization.

If we learn we have collected personal information from a child without required consent, we will work with the responsible institution to delete or secure it. Please notify us at contact@craftschoolship.com if you believe this has occurred.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

• Update the “Last updated” date above.
• Post the revised version in the Application and/or on our website.
• Provide in‑app or email notice of material changes where required by law.

Continued use of the Application after the Effective Date of changes constitutes acceptance of the revised policy.

15. Contact Us / Data Protection Contact

If you have privacy questions, requests, or complaints, contact us:

If your inquiry concerns data managed by your school, university, or employer, please also contact your institution’s data protection officer or system administrator.

Third‑Party Policies

• Expo Privacy
• Mattermost Privacy
• Moodle Privacy