Squincy Sdn Bhd (“we,” “us” or “our”) operates the Oodlins school management system. We are committed to protecting the privacy of students, parents and school administrators who use Oodlins. This privacy policy explains what information we collect, why we collect it, how we store and share it, and the rights available to parents and other users. It applies to our website, our school app and our parent app (collectively, the “Services”).

1. Information We Collect

We collect different kinds of information about students, parents and school administrators to enable education delivery and school management.

1.1 Information provided by parents and guardians

• Personal contact details – names, addresses, email addresses and phone numbers.
• Payment and billing information – such as invoicing details and transaction records needed for tuition and school fees.
• Communication content – messages and feedback you send through the Services.
• Preferences and consents – including consent for your child’s participation and communications choices.

1.2 Information about students

• Enrollment and profile data – student name, age, class, enrollment dates and school ID.
• Academic records – grades, assignments, attendance, performance reports and learning progress.
• Health and emergency details – allergies, dietary needs or medical information provided to schools for safety.
• Device and usage data – log files, IP addresses and device identifiers collected when students use the Services.
• Multimedia – photos, audio or video of classroom activities used for legitimate educational purposes (e.g., school announcements or progress reports), subject to parental consent.

1.3 Information about teachers and school administrators

• Account information – names, job titles, school affiliation and contact details.
• Professional records – training records, teaching schedules, attendance and communications.
• Usage data – IP addresses, log information and technical diagnostics when interacting with the Services.

We also receive limited information from third-party service providers (such as payment processors) necessary to operate our Services.

2. How We Use Your Information

We use the information we collect to provide safe and effective school management services:

• Education delivery – managing student enrollment, attendance, assignments, progress tracking and communication between teachers, students and parents.
• Communication – sending notices, announcements, event reminders, progress reports and responding to inquiries.
• Billing and administration – preparing invoices, processing payments and accounting.
• Service improvement – analysing usage trends and feedback to improve functionality and user experience.
• Safety and compliance – ensuring appropriate classroom conduct, fulfilling legal obligations and protecting users against fraud or misuse.

We do not use personal information to build marketing profiles or deliver targeted advertising to children. Data is never sold to third parties.

3. How We Share and Disclose Information

We respect your privacy and only disclose information as necessary:

• Schools and teachers – authorised teachers and school administrators will have access to students’ information needed to manage classes and communicate with parents.
• Parents and guardians – parents can see their own child’s academic records and communications.
• Service providers – we engage trusted third parties (e.g., cloud hosting providers, payment processors) to help operate the Services. They process data on our behalf under strict confidentiality agreements and cannot use personal data for their own purposes.
• Legal and safety requirements – we may disclose information if required by law or to protect the rights, safety or property of users, the school community or the public. Under Malaysia’s Personal Data Protection Act (PDPA), disclosure to parties not listed in our notice requires consent or falls within limited exceptions.
• Business transfers – if we are involved in a merger, acquisition or asset sale, your information may be transferred as part of that transaction, subject to continued protection under this policy.

We do not allow unauthorised access by advertisers or marketing networks.

4. Data Storage and Security

We employ technical and organisational measures to protect personal data from loss, misuse and unauthorised access, alteration or destruction, as required by the PDPA’s Security Principle and by similar obligations in the EU’s GDPR. Our measures include:

• Secure servers and encryption – data is stored on servers located in secure facilities and is encrypted in transit and at rest.
• Access controls – only authorised personnel with a legitimate educational need can access personal data. We maintain access logs and role-based permissions.
• Regular backups – we backup data regularly and have disaster recovery plans to ensure continuity of service.
• Retention periods – personal data is kept only as long as needed to achieve the purposes described in this policy and will be deleted when no longer required, consistent with PDPA’s retention principle and COPPA’s requirement to retain information only as long as necessary to fulfill the purpose for which it was collected.
• Incident response – if we become aware of a data breach, we will notify affected users and, where applicable, regulators in a timely manner, in line with GDPR’s 72-hour notification rule.

5. Parental Rights and Choices

We recognise that parents and guardians should have control over their children’s personal information. Under the Children’s Online Privacy Protection Act (COPPA), operators must obtain verifiable parental consent before collecting personal information from children under 13. They must provide parents with the ability to review and delete their child’s information and to refuse any further collection. The Malaysian PDPA gives individuals the right to access and correct their personal data, and the EU’s GDPR grants data subjects rights to access, rectify, erase and restrict processing.

Accordingly, parents and guardians using Oodlins may:

• Access and review your child’s data – you can view your child’s profile, grades, attendance, messages and other information within the parent app.
• Request corrections – if any data is inaccurate or incomplete, contact us to have it corrected.
• Request deletion – you can ask us to delete your child’s information. We will remove it unless we must keep it for legal or legitimate educational purposes (for example, compliance with record-keeping obligations).
• Withdraw consent – you may withdraw consent for data collection or stop certain communications at any time. Withdrawals of consent do not affect past processing that was lawful before the withdrawal.
• Restrict processing or object – if you are covered by the GDPR, you may ask us to restrict processing or object to how your data is used.

To exercise these rights, please see the Contact Us section below.

6. International Compliance

Our primary operations are in Malaysia and we comply with local law through the Personal Data Protection Act 2010 (PDPA). The PDPA requires data users to obtain consent before processing personal data and to provide clear notice of what data is collected, how it is used, with whom it is shared, and the right to access and rectify personal data. We follow these principles in our privacy notices.

For children under 13, we comply with the U.S. Children’s Online Privacy Protection Act (COPPA). COPPA prohibits collecting personal information from children without verifiable parental consent and requires clear policies, parental access, deletion rights and security measures. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete it promptly.

For users in the European Union or whose data is processed on their behalf, we follow the General Data Protection Regulation (GDPR). The GDPR requires lawful, fair and transparent processing, purpose limitation, data minimization, storage limitation and security. Data subjects have rights to be informed, access, rectify, erase, restrict processing, data portability, object and avoid automated decision-making. We will honor these rights where applicable.

7. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable laws. When we make a material change, we will provide notice through our website or apps and indicate the date it was last updated.

8. Contact Us

If you have any questions, concerns or requests regarding this privacy policy or your child’s information, please contact us using the details below:

Squincy Sdn Bhd
Address: A-05-02 Empire Office, Empire Subang, 47500 Selangor, Malaysia
Email: [email protected]

We appreciate your trust in Oodlins and are committed to protecting the privacy and security of your family’s educational information.