Privacy Policy
Effective July 10, 2026
1. What we collect
- Account information — your name, email, and password (stored only as a secure hash).
- School records your school enters — student names, grade levels, attendance, grades, assessments, discipline notes, health/emergency details, documents your school uploads (e.g., transcripts), and family contact information.
- Basic usage data — logs needed to keep the Service secure and reliable.
- Payment records — if your school turns on tuition payments, we record the amount, date, and status of each payment for your ledger. Card numbers and bank details go only to Stripe and never touch our servers.
We deliberately do not collect Social Security numbers, bank accounts, or card numbers.
2. How we use it
Only to provide the Service to your school: displaying your records to your authorized users, generating reports/transcripts you request, sending service emails (like password resets), and keeping the platform secure. We do not sell or rent personal information — ever, and we do not use student data for advertising.
3. Children’s privacy
Homebook is used by schools and parents; children do not create accounts or submit information to us directly. Student records are entered and controlled by the school (or parent, for a homeschool), which acts as the data controller. Families can view records only through a private access link their school shares.
4. Who can see your data
- Every school’s data is isolated at the database level — no other school on Homebook can ever see it.
- Within your school, access follows the roles your admins assign (staff vs. family access links).
- Our team accesses school data only when needed to support you or keep the Service running, never for any other purpose.
5. Service providers we rely on
| Provider | What they do |
|---|---|
| Supabase (on AWS, USA) | Database, authentication, and file storage — encrypted at rest |
| Vercel | Website hosting (gethomebook.com), TLS encryption in transit |
| Netlify | App hosting (app.gethomebook.com), TLS encryption in transit |
| Stripe | Subscription billing and optional tuition payments (Stripe Connect) — card details go to Stripe, never to us, and tuition funds settle directly to your school’s own Stripe account |
| Resend | Sends the Service’s emails (e.g., tuition reminders and early- access confirmations) |
6. Security
Data is encrypted in transit (TLS) and at rest (AES-256). Passwords are hashed. Uploaded documents live in private storage and are served only through short-lived, signed links. School isolation is enforced by database row-level security. No system is perfectly secure, but our core defense is simple: we hold as little sensitive data as possible.
7. Retention, export & deletion
We keep your school’s data for as long as your account is active. You may export your data (CSV) at any time. If you close your account, you may request an export for up to 30 days, after which data is permanently deleted. You can also ask us to delete specific records at any time.
8. If something goes wrong
If we ever discover a breach affecting your school’s personal information, we will notify you promptly with what happened, what data was involved, and what we’re doing about it, as required by applicable law.
9. Changes & contact
If we make material changes to this policy, we’ll post the update here with a new effective date. Questions or requests: sam@gethomebook.com.