1. Introduction
School Timetable Generator ("Jadual Waktu Sekolah") is a web-based application designed to assist educational institutions in creating and managing class timetables. This Privacy Policy explains how we collect, use, store, and protect your personal information when you access and use our Service.
2. Information We Collect
Google Account Information
When you sign in with Google, we collect:
- Your name
- Your email address
- Your profile picture (if available)
- Google User ID (for authentication)
Timetable Data
We store information you create:
- School name and logo
- Session configurations (morning/afternoon schedules)
- Subject names and teacher assignments
- Timetable layouts and assignments
- Custom footer text
3. How We Use Your Information
We process your information for the following purposes:
- Authenticate your identity via Google Sign-In
- Save and retrieve your timetables across devices
- Display your name and profile picture in the application
- Provide personalized timetable management features
- Improve application performance and user experience
4. Data Storage and Security
Storage & Encryption
- Database: All data stored in Google Firebase Firestore
- Encryption in Transit: SSL/TLS protection
- Encryption at Rest: Firebase automatic encryption
- Authentication: Google OAuth 2.0 industry standard
- Access Control: Firestore security rules limit access to user data only
5. Your Data Rights and Choices
You have the following rights regarding your personal information:
- Access: View all your saved timetables at any time
- Modify: Edit or update your timetables and information
- Delete: Remove any or all of your timetables
- Export: Download your timetables as PDF files
- Account Deletion: Request complete account and data deletion
6. Data Sharing and Disclosure
We Do NOT
- Sell your personal information to third parties
- Share your data with advertisers
- Use your data for marketing purposes
- Share your timetables with other users
We Share Data With
- Google Firebase: For hosting, authentication, and database services
- Google OAuth: For secure authentication only
7. Cookies, Tracking, and Similar Technologies
We employ the following technologies to enhance service functionality and user experience:
- Authentication cookies to maintain your login session
- Local storage to temporarily cache application data
- Firebase Analytics (if enabled) for anonymous usage statistics
8. Data Retention Periods
We retain personal information according to the following schedule:
- Active accounts: Data retained while account is active
- Inactive accounts: May be deleted after 2 years of inactivity (with notice)
- Deleted timetables: Permanently removed within 30 days
9. Legal Compliance and Regulatory Obligations
This Service complies with the following data protection regulations:
- General Data Protection Regulation (GDPR)
- Personal Data Protection Act (PDPA) - Malaysia
- Children's Online Privacy Protection Act (COPPA)
10. Policy Updates and Modifications
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated date. Your continued use of the Service following notice of such changes constitutes your acceptance of the updated Privacy Policy.
11. Contact and Data Protection Officer
For questions, concerns, requests to access your data, or to exercise your data rights, please contact your school administrator or IT department. We endeavor to respond to all inquiries within seven (7) business days.
12. Third-Party Service Providers
Our Service integrates the following third-party platforms and services:
- Google Firebase: Database and hosting
- Google OAuth: Authentication service
- Google Fonts: Typography
- Google Analytics: Anonymized usage statistics
13. European Union Data Subject Rights
For users located in the European Union, the following additional rights apply under the General Data Protection Regulation (GDPR):
- Right to access your personal data
- Right to correct inaccurate data
- Right to request deletion (right to be forgotten)
- Right to restrict processing
- Right to data portability
- Right to object to processing