Privacy

Privacy Policy

Last updated: 23.06.2026

This Privacy Policy explains how we handle your personal data when you visit schuly.dev or use the Schuly app and its backend. It is written to satisfy both the Swiss Federal Act on Data Protection (revDSG, in force since 01.09.2023) and the EU General Data Protection Regulation (GDPR).

1. Controller

Niclas Erismann, Switzerland
Email: [email protected]

2. What data we process

2.1 When you visit the website

The site is served via Cloudflare Pages (Cloudflare Inc., USA). On each request Cloudflare processes: IP address, date and time, user agent, referrer, requested resource, response status. These are required for delivery and are retained per Cloudflare's log retention (typically up to 30 days). Cloudflare is certified under the Swiss-US Data Privacy Framework (in force since 15.09.2024), which provides an adequate level of protection within the meaning of Art. 16 revDSG. Legal basis: legitimate interest in secure operation of the site (Art. 31(2)(d) revDSG).

Backend servers: The SchulyBackend used by the app is hosted at IONOS SE in France. The stored app data is not transferred to a third country and stays in the EU/EEA. A data processing agreement under Art. 28 GDPR / Art. 9 revDSG is in place with IONOS.

The Inter font is self-hosted. No request is sent to Google Fonts.

On page load, the public GitHub API (api.github.com) is called to fetch star count and release-download statistics. Your IP is transmitted to GitHub Inc., USA. Legal basis: legitimate interest in project transparency.

No cookies, no trackers, no analytics, no ads, no social-media widgets.

2.2 When you use the Schuly app

When you sign in, the following data is processed:

  • Schuly-account identity, issued by our Pocket ID OIDC provider: email, display name, profile picture, subject identifier.
  • School-account credentials you add inside the app per school system. How they authenticate depends on the relevant plugin; tokens are only processed inside that plugin. For Schulnetz, your school email and password are sent via SchulwareAPI to your school's Microsoft sign-in to obtain a session; the email and password are not stored, but the resulting session and refresh tokens are kept by the plugin so it can sync without you signing in again. For OdaOrg, username and password are stored in the plugin's isolated database.
  • School data, where your school system provides it: first and last name, private and school email, phone, address, date of birth, entry/leave date, class, role (student, teacher).
  • Academic data: grades, weightings, semester reports, promotion decisions, schedule, agenda, exams.
  • Absences: date, type (excused/unexcused), and the reason recorded by the school. Since this may include health information, it is treated as a special category of personal data (Art. 5(c) revDSG, Art. 9 GDPR).
  • Student documents: files and metadata your school stores for you, kept in S3-compatible object storage.

Legal basis: contract performance (Art. 31(2)(a) revDSG, Art. 6(1)(b) GDPR) and - for absence reasons - your explicit consent at first app login (Art. 6(7) revDSG, Art. 9(2)(a) GDPR).

2.3 What we do not process

  • For your Schuly account: no password, since authentication runs through our Pocket ID OIDC provider.
  • For school accounts: credentials are handed to the relevant plugin only and not stored centrally in the Schuly core.
  • For your Schuly account: no refresh token stored server-side; the OIDC access token is verified per request. School-system session and refresh tokens, by contrast, are stored by the relevant plugin (see §2.2).
  • No push-notification tokens (FCM/APNs) in the backend.
  • No analytics or telemetry SDK in production.
  • No request-body logging in production.

3. Recipients / processors

  • Cloudflare Inc. (USA) - website hosting. Swiss-US Data Privacy Framework (certified).
  • IONOS SE (Montabaur, Germany) - SchulyBackend hosting in France, ISO 27001 certified, Art. 28 GDPR DPA in place.
  • GitHub Inc. (USA) - source-code and release hosting; source of the stats shown on the site.
  • Pocket ID OIDC provider (operated by us on IONOS France) - authentication for your Schuly account.
  • The school system(s) you have added in the app - their endpoints (as implemented in the relevant plugin) are called during sync.
  • SchulwareAPI (operated by us) - bridges Schulnetz sign-in and data retrieval; credentials passed through are processed only transiently for login.
  • Microsoft (Entra ID) (USA / global) - your school's identity provider for Schulnetz sign-in. School email and password are sent to Microsoft to authenticate; this concerns the login step only, not the data stored in Schuly.

4. Retention

Cloudflare server logs: up to 30 days. App data: as long as your account is active. On request (email [email protected]) we delete your account and all linked data within 30 days. A self-service deletion endpoint is in progress (see Issue #79).

5. Who is responsible for what?

Schuly is not a school system - at heart it's a data cache with sync. Your grades, absences, schedule, and personal master data are recorded and maintained by your school in their school system (e.g. Schulnetz). Schuly syncs that data on your behalf and keeps a copy on the backend (IONOS, France) so the app is fast and works offline.

This creates two distinct areas of responsibility:

  • Your school is controller for the original data (e.g. grades, absence reasons, class membership, master data). Only the school can correct anything that is wrong or out of date there.
  • Schuly is controller for the copy of that data on the backend, plus the small amount of data Schuly itself collects (your OIDC identity: email, display name, profile picture, login timestamp).

6. Your rights

You have the following rights under revDSG and GDPR. Where you exercise them depends on what you want:

6.1 Rights you exercise with Schuly

You can exercise these directly with us:

  • Access to the copy of your data on the Schuly backend (Art. 25 revDSG, Art. 15 GDPR)
  • Erasure of the copy on the Schuly backend (Art. 32 revDSG, Art. 17 GDPR) - the original data at your school remains untouched
  • Data portability of what we hold (Art. 28 revDSG, Art. 20 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Withdrawal of consent, with effect going forward

Contact: [email protected].

6.2 Rights you exercise with your school

Exercise these directly with your school, since they hold the original data:

  • Rectification of inaccurate data (Art. 32(1) revDSG, Art. 16 GDPR) - e.g. a wrongly recorded grade or absence. Schuly cannot change what the school system delivers; as soon as the school corrects it, Schuly picks up the correction on next sync.
  • Access to the complete original record
  • Complaints about the collection of school data as such

7. Right to lodge a complaint

You may complain to the Federal Data Protection and Information Commissioner (EDÖB), Feldeggweg 1, 3003 Bern - edoeb.admin.ch. If you reside in an EU/EEA state, you may additionally contact your national supervisory authority.

8. Security

All transport uses TLS. Databases run on encrypted volumes. Column-level encryption for especially sensitive fields (grades, absence reasons) is in progress (see Issue #79 above). Backend plugins run against isolated per-plugin databases and cannot access other plugins' data or the core tables.

9. No automated decision-making

We do not engage in automated individual decision-making within the meaning of Art. 21 revDSG / Art. 22 GDPR. Schuly does not score you or make automated decisions about you.

10. Changes

We may update this policy when features, providers, or legal requirements change. Material changes are published here with an updated "last updated" date.