Privacy Policy

Overview
This application connects to Schoology on behalf of users to provide integrations and services. This Privacy Policy explains what Schoology-related data we collect, how we use and store it, and the safeguards we maintain. We do not provide legal advice; this document is intended to describe operational practices.

Data Collected
- Schoology Account Identifiers: user ID, display name, and other non-sensitive profile fields required to operate the integration.
- Access Tokens: OAuth access tokens or similar credentials issued by Schoology to enable API requests on your behalf.
- Minimal Usage Metadata: timestamps and basic operational logs to diagnose errors and support the service.

What We Do NOT Store
- Passwords: We do not receive, request, or store your Schoology password at any time.
- Sensitive Personal Data / PII: We do not store sensitive personal identifiers (such as Social Security numbers, full financial account numbers, or other classified PII) beyond basic profile fields required for the service.

How We Use Data
- Provide Service: Access tokens and account identifiers are used only to make authorized API calls to Schoology to fetch the data required for the application features you enable.
- Support & Debugging: Minimal metadata and logs may be used to investigate issues and improve reliability.

Storage & Retention
- Access tokens and any cached Schoology data are stored only as long as necessary to provide the service or where retention is required by configuration. You may request deletion of your stored data (see "Your Rights" below).
- We take reasonable measures to secure stored tokens and data. If access tokens are persisted to disk, they are stored in application-controlled storage. Administrators should ensure file system protections and backups follow your organizational policies.

Data Sharing & Third Parties
- We do not sell or lease Schoology user data to third parties.
- We may share data with service providers who assist in operating the application (e.g., hosting or logging providers). Such providers are contractually bound to protect the data and use it only for the purposes we specify.

Security Measures
- We implement reasonable administrative and technical safeguards appropriate to the sensitivity of data we handle. These measures include access controls, minimal retention, and secure transmission (HTTPS) for API calls.
- No system is perfectly secure; we continuously review and improve our security posture.

Your Rights
- Access: You may request a copy of data we hold about your Schoology account in relation to this application.
- Deletion: You may request deletion of stored tokens and cached Schoology data. Deleting tokens will revoke the application's ability to access your Schoology data until you re-authorize.
- Contact: For requests or questions, contact the application administrator at support@dm10k.com.

Changes to This Policy
We may update this policy periodically. The effective date at the top will reflect the last revision.

Contact
If you have questions, or would like to request deletion of stored data, email: support@dm10k.com