EdHubAI

Legal

Privacy Policy

Last updated: 2026-05-30

1. Introduction & scope

EdHub AI Limited (“EdHub AI”, “we”, “us”) provides a cloud-based education management platform (the “Service”) used by schools to manage admissions, communications, and student records. This Privacy Policy explains how we collect, use, store, and share personal data across the Service, our public marketing site, and our inbox add-ins for Gmail and Outlook.

We process personal data in accordance with the UK and EU General Data Protection Regulation (UK GDPR / GDPR), the Data Protection Act 2018, and other applicable data protection laws including the Family Educational Rights and Privacy Act (FERPA) for United States schools.

Inbox add-in note: When you install the EdHubAI Gateway add-in for Gmail or Outlook, we receive the sender email address of the message you are viewing in order to look up matched admissions applications in your school's Gateway database. We do not store the email body or attachments unless you explicitly click “Log to Gateway”. The add-in operates entirely under your school's existing data processing agreement with EdHubAI. See section 14 below for the full add-in disclosure.

2. Information we collect

2.1 Account data

  • Email address and bcrypt-hashed password
  • Full name, role, and school affiliation
  • SSO identity (Google or Microsoft, when used)
  • Multi-factor authentication state and backup codes
  • Session and login activity (IP address, user agent, timestamps)

2.2 School data (processor role)

Schools input data into the Service to run their admissions and operations. We process this data on the school's behalf; the school is the data controller.

  • Applicant and student records (names, dates of birth, year group)
  • Guardian and parent contact details
  • Application status, supporting documents, and academic history
  • Fee records and payment status (when FeeFlow is enabled)
  • Medical, dietary, and safeguarding information provided by the school

2.3 Communications metadata

  • Email send timestamps, delivery status, and recipient addresses
  • Inbox add-in: sender email of the currently open message (used only to look up matches; not persisted)
  • Inbox add-in: when you explicitly click “Log to Gateway”, the message subject, plain-text body, and the application it is logged against

2.4 Telemetry & cookies

  • Essential session cookies (authentication, CSRF protection)
  • Analytics cookies (page views, performance metrics — only with explicit consent)
  • Error reports and stack traces via Sentry (PII stripped at source)
  • Anonymous usage telemetry for product improvement

3. How we use information

  • Provide the Service: authenticate users, render admissions records, route notifications, process fees
  • Improve features: measure adoption, diagnose bugs, refine workflows
  • Support: respond to ticket requests and on-call escalations
  • Legal compliance: meet audit, tax, and regulatory obligations
  • Security: detect and prevent fraud, abuse, and unauthorised access

4. Sharing & disclosure

We do not sell personal data. We share data only with the sub-processors required to deliver the Service, with lawful authorities when compelled by valid legal process, and in connection with corporate transactions as set out below.

4.1 Sub-processors (current as of 2026-05-30)

  • Google Cloud Platform (Cloud Run, europe-west3) — application hosting; data processed in Frankfurt, EU
  • Neon — managed PostgreSQL (EU region for sandbox and production)
  • Cloudflare — CDN, DDoS protection, and R2 object storage
  • Sentry — error tracking with PII scrubbing
  • Resend — transactional email delivery
  • Stripe — payment processing for the FeeFlow module
  • Google Identity / Microsoft Identity — SSO providers (only when your school enables them)

4.2 Lawful requests

We disclose data only when required by valid legal process (court order, regulatory request, or law enforcement subpoena) and notify the affected school unless prohibited by the order.

4.3 Business transfers

If EdHub AI is acquired, merges, or sells substantially all of its assets, school data may be transferred to the acquirer subject to the same protections as this policy. We will notify affected schools at least 30 days in advance.

We do not sell, rent, or trade personal data.

5. International transfers (EU / UK / US)

Production data is processed in the EU (Frankfurt) by default. For US schools we offer a US-region deployment on request. Where personal data is transferred outside the UK or EEA we rely on Standard Contractual Clauses (SCCs) and, for US transfers, the EU-US Data Privacy Framework where applicable. Sub-processor SCC addenda are maintained on request — email [email protected].

6. Retention

Retention is per-school configurable; defaults are listed below. Schools may tighten retention through Workspace settings or extend it where regulatory requirements demand it.

  • Active accounts: retained for the life of the school subscription
  • Cancelled school accounts: exported on request, then permanently deleted 30 days after cancellation
  • Demo / trial accounts: 30 days from trial expiry, then permanently deleted
  • Backups: 30-day rolling window
  • Audit logs: 7 years (regulatory default)
  • Inbox add-in lookups: not persisted — request/response is in-memory only

7. Security measures

  • Encryption in transit (TLS 1.2+ for all traffic)
  • Encryption at rest (AES-256 for database and object storage)
  • bcrypt password hashing with per-user salts
  • Role-based access control (RBAC) with school-level isolation
  • Multi-factor authentication (TOTP + backup codes)
  • Comprehensive audit logging (7-year retention)
  • Rate limiting and bot detection on all endpoints
  • Security headers (Helmet.js) and Content Security Policy
  • Continuous vulnerability scanning and annual penetration tests

8. Your rights

Under UK GDPR, EU GDPR, and equivalent regimes you have the right to:

  • Access: request a copy of your data
  • Rectification: correct inaccurate data
  • Erasure: request deletion (the “right to be forgotten”)
  • Portability: receive your data in a machine-readable format
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: at any time, without affecting prior lawful processing
  • Lodge a complaint: with the ICO (UK) or your local supervisory authority

For school-controlled data, contact your school directly (they are the controller). For data we control (marketing site visitors, add-in installations), email [email protected].

9. Children's data

The Service processes data about children as a necessary part of school operations. Data about children under 16 is collected only with guardian consent or under the school's public-task / legitimate-interest legal basis. We do not knowingly accept direct registrations from children. For United States schools, we comply with COPPA where applicable and act as a “school official” under FERPA with a legitimate educational interest.

10. Cookies & similar technologies

  • Essential: authentication tokens, CSRF protection, session management (always active)
  • Analytics: page-view metrics (only with explicit consent)
  • Marketing: conversion tracking (only with explicit consent; not used on the platform itself)

Manage cookie preferences via our cookie banner or your browser. Full detail at /cookies.

11. Updates to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email to school administrators and the platform changelog at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

12. Contact us — Data Protection Officer

EdHub AI Limited
Data Protection Officer
Email: [email protected]
General privacy enquiries: [email protected]
Website: https://edhubai.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you are based in the UK, or with your local supervisory authority in the EU.

13. FERPA notice (United States schools)

For schools located in the United States, EdHub AI complies with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g. EdHub AI acts as a school official with a legitimate educational interest, processing student education records solely on behalf of the school under their direction. Parents and eligible students may request access to or amendment of records by contacting their school directly. We do not disclose education records without written consent except as permitted by FERPA. Complaints may be filed with the U.S. Department of Education's Student Privacy Policy Office at studentprivacy.ed.gov.

14. EdHubAI Gateway inbox add-in (Gmail & Outlook)

The EdHubAI Gateway inbox add-in is a thin lens over Gateway. When you install the add-in for Gmail (via Google Workspace Marketplace) or Outlook (via Microsoft AppSource):

  • What we receive when you open a message: the sender email address, your authenticated EdHubAI user ID, and the active school context. We use this to look up matched admissions applications in your school's Gateway database.
  • What we do NOT receive automatically: the email subject, body, attachments, recipient list, headers, or message metadata beyond the sender address. The add-in does not scan or index your mailbox.
  • What we store when you click “Log to Gateway”: the subject, plain-text body, sender address, message timestamp, and the application ID you log it against. Attachments are NOT uploaded; they remain in Gmail / Outlook.
  • OAuth scopes (Gmail): gmail.addons.execute, gmail.addons.current.message.metadata, and gmail.addons.current.message.readonly — used only to read the open message when you explicitly invoke the add-in.
  • OAuth scopes (Outlook): Mailbox.Read.User with ReadWriteMailbox restricted to the active message context per Office.js semantics.
  • Data flow: the add-in calls the EdHubAI API at api.edhubai.com over TLS using your existing JWT session. No third-party endpoint is contacted.
  • Uninstall: removing the add-in from Gmail or Outlook revokes our OAuth grant immediately. No data is retained on uninstall beyond messages you previously logged to Gateway (those remain attached to the application record per your school's retention policy).
  • Data Processing Agreement: add-in usage is covered by the same DPA between your school and EdHub AI Limited that governs the Gateway service. No separate contract is required.

Detailed add-in documentation, troubleshooting, and OAuth scope justification is published at /inbox-addin.