Privacy

Privacy is part of the operating model, not a footer afterthought.

SchoolPilot handles school, student, guardian, staff, and academic data. Privacy expectations therefore have to be enforced in product structure, access control, and tenant separation from the beginning.

Data separation

Each school tenant is treated as a separate data boundary. School-level records are scoped so that one tenant cannot view or operate on another tenant’s data through normal application use.

Role-based visibility

Users do not all see the same things. Staff roles, parent roles, student roles, and platform roles are separated so the product can limit access to what is relevant for each surface.

Operational data usage

SchoolPilot uses operational data to enable the workflows the platform advertises: publishing results, generating fee records, routing notifications, building role-specific dashboards, and keeping school operations synchronized.

School responsibility

Schools remain responsible for how they onboard users, what communications they send, how they structure internal access, and the accuracy of the records they manage inside the platform.

Data separation

Each school tenant is treated as a separate data boundary. School-level records are scoped so that one tenant cannot view or operate on another tenant’s data through normal application use.

This matters for all sensitive records, including student profiles, guardian links, fee records, attendance, messages, and report data.

Role-based visibility

Users do not all see the same things. Staff roles, parent roles, student roles, and platform roles are separated so the product can limit access to what is relevant for each surface.

Parents see their own wards. Students see their own records. Staff access is tied to role and school context.

Operational data usage

SchoolPilot uses operational data to enable the workflows the platform advertises: publishing results, generating fee records, routing notifications, building role-specific dashboards, and keeping school operations synchronized.

The platform does not present public pages as a channel for exposing private student or tenant data. Public routes are intentionally limited and scoped.

School responsibility

Schools remain responsible for how they onboard users, what communications they send, how they structure internal access, and the accuracy of the records they manage inside the platform.

If a school gives access to a staff member, guardian, or student, that school is responsible for its internal authorization decisions and account management practices.