Last reviewed: April 28, 2026
SchoolHero.io OÜ processes personal data to provide school management, education, communication, support, billing, and website services across products such as River SIS and Peekadoo. We use technical and organisational safeguards designed to protect personal data, limit access, support responsible retention, and help schools handle privacy obligations under the laws that apply to their use of our services.
| Classification | Description | Examples |
|---|---|---|
| PII | Personally identifiable information | School records, guardian contact details, user profile images |
| Confidential | Sensitive operational data | Workspace settings, integration settings, environment secrets |
| Audit | Access and activity records | Database audit logs, admin activity |
| Internal | Non-personal operational data | Application logs, deployment metadata, service health records |
| Data Category | Storage | Retention | Deletion |
|---|---|---|---|
| Customer files and images (current) | S3 | Indefinite | Manual on request |
| Customer files and images (superseded) | S3 | 30 days | Automatic (S3 Lifecycle) |
| Database backups | DocumentDB | 30 days | Automatic |
| Application logs | CloudWatch | 7 days | Automatic |
| Database audit logs | CloudWatch | 90 days | Automatic |
Individuals may request confirmation of whether personal data is being processed and, where applicable, ask for access to that data. When SchoolHero.io acts for a school customer, we may coordinate with that school so the request is handled through the correct record owner.
Individuals may request deletion of personal data where a lawful basis for erasure applies. Some records may need to be retained for security, legal, contractual, school-accountability, or fraud-prevention reasons before final deletion can occur.
Individuals may request correction of inaccurate or incomplete personal data. Change history, administrative controls, and school workflows help support verified corrections.
Where applicable, individuals may request a portable copy of certain personal data in a structured format. The available export path depends on the product context, customer relationship, and technical feasibility.
Depending on the circumstances, individuals may request restriction of processing or object to certain uses of personal data. Access controls, role restrictions, and workflow review support how such requests are assessed and implemented.
Review data classification, retention settings, access permissions, subprocessors, and operational changes that may affect privacy risk.
Conduct least-privilege access reviews, verify key security controls, and document material changes to processing activities, product workflows, or vendor arrangements.
Perform a fuller review of data inventories, test data-rights handling and deletion workflows, review incident-response readiness, and update this page.
To exercise any of your data rights or for privacy-related enquiries, please contact SchoolHero.io OÜ at info@schoolhero.io or by post at Harju maakond, Kuusalu vald, Pudisoo küla, Männimäe, 74626, Estonia. For school-managed records, we may direct the request to the relevant school administrator or institution.
