Privacy Policy

1. Who This Policy Applies To

This policy applies to:

• Instructors who create and manage programs
• Parents / Guardians who join programs via invite code

Sessionly does not create student accounts and does not collect information directly from children.

2. Information We Collect

We collect information in the following categories:

A. Account Information

When you create an account, we collect:

• Full name
• Email address
• Role (Instructor or Parent)
• Encrypted password (handled securely via authentication provider)

B. Program Participation Information

Depending on your role:

Instructors may provide:

• Program name and description
• Program dates and location
• Announcements
• Schedule sessions
• Volunteer needs
• Supply needs
• Invite codes

Parents may provide:

• Child's first name (for roster purposes)
• Volunteer signups
• Supply commitments
• Emoji reactions to announcements

C. Technical Information

We collect limited technical data necessary for app functionality:

• Authentication tokens (stored securely on your device)
• Device and session information required for login persistence
• Basic usage logs for reliability and security monitoring

We do not collect:

• Location tracking data
• Contacts from your phone
• Photo library access
• Microphone or camera data (unless required by future features and explicitly requested)
• Background behavioral tracking

3. How We Use Your Information

We use your information only to:

• Create and manage your account
• Authenticate your identity
• Route you to the correct role experience (Instructor or Parent)
• Allow instructors to manage programs
• Allow parents to participate in programs
• Enable announcements, schedules, volunteer signups, and supply commitments
• Maintain security and prevent unauthorized access
• Provide customer support
• Comply with legal obligations

We do not:

• Sell your data
• Rent your data
• Use your data for advertising
• Profile users for marketing
• Share data with third-party advertisers

Sessionly is not an engagement-driven platform and does not monetize user behavior.

4. Role-Based Data Access

Sessionly enforces strict role-based access control:

• Instructors can access only programs they own.
• Parents can access only programs they are enrolled in.
• Parents cannot message other parents.
• Parents cannot see other parents' private data beyond what appears in program context.
• Users can only modify their own profile, reactions, signups, and commitments.

All access control is enforced at the database level, not just in the app interface.

5. Data Storage & Security

Sessionly is built on secure infrastructure:

• Data is stored in a managed PostgreSQL database.
• Row Level Security (RLS) policies restrict access at the database layer.
• Authentication is handled via secure token-based sessions.
• Tokens are stored in secure device storage (not local plaintext storage).
• We do not embed elevated server keys in the mobile application.
• All network traffic is encrypted via HTTPS.

We implement reasonable administrative, technical, and organizational safeguards to protect your information.

No system is 100% secure, but we design for safety, predictability, and auditability.

6. Program Lifecycle & Archiving

Programs in Sessionly are temporary by design.

When a program is archived:

• It becomes read-only.
• New announcements and updates are disabled.
• Parents retain access to historical content.
• Volunteer and supply actions are disabled.

We retain archived program data unless:

• An instructor deletes their account, or
• A user requests deletion (see Section 9).

7. Third-Party Services

Sessionly uses trusted infrastructure providers for:

• Authentication
• Secure data storage
• Push notification delivery
• Application hosting

These providers process data only as necessary to operate the service and are contractually obligated to maintain confidentiality and security.

Sessionly does not integrate with advertising networks.

8. Children's Privacy

Sessionly does not create accounts for children.

Parents may enter a child's first name solely for roster identification within a program. We do not collect:

• Child email addresses
• Child phone numbers
• Academic records
• Behavioral records
• Grades or assessments

If you believe we have collected information directly from a child inappropriately, please contact us.

9. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your account and associated data
• Withdraw consent where applicable

To request account deletion, contact: help@usesessionly.com

When you delete your account:

• Your user profile is removed.
• Your program enrollments are removed.
• Your reactions and commitments are deleted.
• Instructor-owned program content may remain if required for other participants.

10. Data Retention

We retain information:

• For the duration of your account
• For the lifecycle of programs you participate in
• As required to comply with legal obligations

We do not retain data longer than necessary to provide the service.

11. International Users

If you access Sessionly outside the country where our servers are located, your information may be transferred and processed in that country. By using the App, you consent to that transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

If changes are material, we will:

• Update the "Last Updated" date
• Provide notice within the App where appropriate

Continued use of Sessionly after changes indicates acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact:

Email: help@usesessionly.com