Privacy Policy

Links: Exhibit A: COPPA Privacy Policy

Last updated: March 23, 2026

myOwl™ (“we,” “our,” or “us”) is committed to protecting the privacy and security of student data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform (the “Service”), including our browser extension. By accessing or using the Service, you consent to the practices described in this Privacy Policy.

This policy may change from time to time. Your continued use of the Service after we make changes is deemed acceptance of those changes, so please check the policy periodically for updates. If you have questions, contact us at [email protected].

Important: If you are a student under 13 or the parent/guardian of a student under 13, please also review Exhibit A: Privacy Policy for Children Under the Age of 13 (attached below as Exhibit A).

1. What Data We Collect

We collect only the data necessary to deliver the Service. Here’s exactly what:

1.1. Information You Provide Directly:

When you create a myOwl account, you provide:

  • Student: name, email address used to access school’s Learning Management System (LMS), student ID number, myOwl password (for logging into myOwl only), grade level, school name
  • Parent/Guardian: name, email address, myOwl password (for logging into myOwl only), relationship to student

Important: We never ask for or store your LMS, calendar, or athletic system passwords. When you connect myOwl to Google Classroom, Canvas, Schoology, TeamSnap, or other services, you log in directly to those services (not through myOwl). You grant myOwl permission to access your data, and we receive a secure token. Your password stays with that service.

1.2. Data We Retrieve from Your LMS and Calendar Systems 

When you authorize myOwl to connect to your school’s LMS or calendar system, we securely retrieve and store:

  • From LMS (Google Classroom, Canvas, Schoology, etc.):
    • Class names and course information
    • Assignment names, due dates, and descriptions
    • Grade data (only if visible to the student in their LMS)
    • Submission status (submitted, pending, missing)
    • We do NOT collect: teacher comments, detailed feedback, or other teacher-only data
  • From Calendar Systems (Google Calendar, Apple Calendar, Outlook, etc.):
    • Class schedules and meeting times
    • Assignment due dates
    • We do NOT collect: personal calendar events unrelated to school or athletics unless added manually by the student or parent
  • From Athletic Systems (TeamSnap, other team management platforms):
    • Practice and game schedules
    • We do NOT collect: parent contact info, payment data, or other unrelated information

How we access this data: We use OAuth 2.0 authentication, which means you log in directly to Google, Canvas, Schoology, TeamSnap, etc. (not through myOwl). You grant myOwl permission to access your data (you’ll see a permission screen asking what data myOwl can access and you can revoke that permission at any time). We receive a secure token; your password is never shared with myOwl.

You can revoke myOwl’s access in two ways:

  • Option 1 (Easiest): Log into myOwl, go to Settings → Connected Accounts, and click “Disconnect” next to the service you want to remove
  • Option 2: Log into your LMS or calendar (Google Classroom, Canvas, etc.), go to Settings → Connected Apps (or “Apps with Access”), find myOwl, and click “Disconnect”
  • Either way, myOwl will immediately lose access to your data

1.3. Automatically Collected Information

When you use the Service, we automatically collect:

  • Device information: IP address, browser type, operating system, device identifiers
  • Usage data: pages visited, features used, buttons clicked, time spent in the app, date and time of interactions
  • Performance data: study plan completion, assignment tracking, reward redemptions

1.4 Cookies and Similar Technologies:

We use cookies and similar technologies to:

  • Keep you logged in
  • Remember your preferences
  • Analyze how you use the Service to improve it

You can manage your cookie preferences through your browser settings.

Note: Disabling cookies may limit your ability to use certain features.

2. How We Use Your Data

We use the data we collect for these purposes only:

2.1. Deliver the Service

  • Create and maintain your myOwl account
  • Sync your LMS, calendar, and athletic schedule data to your dashboard
  • Generate AI-powered study plans based on your assignments and schedule
  • Track your progress and reward you for staying on track
  • Send you notifications about upcoming assignments

2.2. Communicate with You

  • Respond to your questions or support requests
  • Send service-related notifications (e.g., “Your LMS sync failed—please reconnect”)
  • Notify you of updates or changes to the Service

2.3 Improve the Service

  • Analyze usage patterns to identify which features students find most helpful
  • Monitor the performance and reliability of the Service
  • Fix bugs and improve user experience

2.4 Comply with Legal Obligations

  • Respond to lawful requests from law enforcement or government agencies
  • Comply with FERPA, COPPA, and state student data privacy laws
  • Enforce our Terms of Service

What we do NOT do with your data:

  • ❌ We do NOT sell, rent, or share your data with marketing companies or data brokers
  • ❌ We do NOT use your data for interest-based advertising or behavioral targeting
  • ❌ We do NOT use LMS or calendar data for any purpose other than Service delivery
  • ❌ We do NOT combine your data with third-party data for profiling or analytics

3. Who We Share Your Data With

We are extremely selective about data sharing. Here’s exactly who has access:

3.1 Service Providers (Bound by Strict Agreements)

We use the following vendors to operate the Service. Each is bound by a written Data Processing Agreement requiring them to use your data only for specified purposes and to maintain industry-standard security:

  • Cloud Hosting: Amazon Web Services (AWS) — stores encrypted student data
  • LMS/Calendar Authentication: Your LMS or calendar provider (Google, Canvas, Schoology, TeamSnap, etc.) — handles secure login via OAuth 2.0
  • Email/Notifications: smtp.com — sends service notifications only

All vendors maintain their own privacy policies, which you can review. We do not allow vendors to use student data for their own marketing or advertising purposes.

Analytics: We do not use any third-party analytics software on student data. We analyze usage patterns internally to improve the Service, but we do not share or sell this data to external analytics providers.

3.2 Schools and School Districts

If you use myOwl through your school, your school may have administrative access to:

  • Aggregate usage data (e.g., “how many students in this school use myOwl”)
  • Your student profile (name, grade, school)
  • Your school does NOT have access to: individual study plans, grades from your LMS, or athletic data

Schools can request a Data Processing Agreement (DPA) outlining these terms.

3.2.1 School IT and Network Security

myOwl is designed to work within school security frameworks:

  • OAuth 2.0 Compliance: We use OAuth 2.0, which is the industry standard for secure third-party access. Schools can audit our OAuth integration.
  • No Passwords Stored: We never store student LMS passwords. Schools can verify this in our Data Security Addendum.
  • Network Blocking: Schools can block myOwl at the firewall or through LMS settings if desired. IT directors can contact us for a Data Processing Agreement and security documentation before whitelisting.
  • No Data Exfiltration: We sync only the specific data students authorize (assignments, schedules, grades). We don’t pull contact lists, payment info, or other sensitive data.

Schools that want to restrict myOwl access can:

  • Disable third-party OAuth access in their LMS
  • Block the myOwl domain at the firewall
  • Require students to use myOwl only outside school networks

Contact [email protected] for school IT security reviews and Data Processing Agreements.

3.3 Legal Obligations

We may disclose your information if required by law or legal process, such as:

  • Court orders or subpoenas
  • Government or regulatory requests
  • Investigations into public safety or child safety
  • Protecting our legal rights or the rights of others

We will notify you of such requests unless legally prohibited.

3.4 Business Transfers

If myOwl is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the buyer. We will notify you of any such change and any choices you may have regarding your data.

4. Your Rights and Choices

You have full control over your data.

4.1 Access and Correction

You can access and update your personal information at any time by logging into your account and visiting your profile settings. If you need help, email [email protected].

4.2 Data Portability

You can request a copy of your data in a structured, machine-readable format (CSV or JSON). Email [email protected] with your request, and we will provide it within 10 business days.

4.3 Deletion

You can delete your myOwl account and all associated data at any time. Upon deletion:

  • Your account, profile, and study plans are permanently deleted
  • Your LMS and calendar data is permanently deleted
  • All backups are purged within 30 days
  • We retain no personal information about you

Note: We may retain anonymized, aggregated data for analytics purposes (e.g., “X% of students improved their GPA”), but this data cannot be linked back to you.

To delete your account, log in and select “Delete Account” in settings, or email [email protected].

4.4 Revoke LMS/Calendar/Athletic System Access

You can disconnect myOwl from your LMS, calendar, or athletic system at any time. You have two options:

Option 1: Disconnect through myOwl (Recommended)

  • Log into your myOwl account
  • Go to Settings → Connected Accounts
  • Click “Disconnect” next to the service (Google Classroom, Canvas, TeamSnap, etc.)
  • myOwl will immediately stop syncing data from that service

Option 2: Disconnect through your LMS/Calendar Provider

  • Log into your LMS, calendar, or athletic system (Google, Canvas, Schoology, TeamSnap, etc.)
  • Go to Settings → Connected Apps (or “Apps with Access”)
  • Find myOwl in the list
  • Click “Disconnect” or “Revoke Access”
  • The provider will immediately revoke myOwl’s access

Important: Disconnecting myOwl does NOT delete data already synced to your myOwl dashboard. To permanently delete all your data, use the deletion process in Section 4.3.

4.5 Marketing Communications

myOwl sends only service-related communications (e.g., assignment reminders, notifications). We do not send marketing emails. If you receive any unsolicited marketing, email [email protected].

5. Data Security

We take data security seriously and use industry-standard technical, administrative, and physical safeguards.

5.1 Encryption

  • In Transit: All data transmitted between your device and myOwl servers is encrypted using TLS 1.2 or higher (HTTPS)
  • At Rest: All student data stored on our servers is encrypted using AES-256 encryption
  • LMS/Calendar Passwords: We never store your LMS or calendar passwords. We use OAuth 2.0 to authenticate securely
  • OAuth Tokens: OAuth tokens we receive from LMS and calendar providers are encrypted at rest using AES-256 and transmitted over TLS 1.2+

Passwords: We never store your LMS, calendar, or athletic system passwords. We use OAuth 2.0 tokens for authentication, which are:

  • Encrypted at rest using AES-256
  • Transmitted over TLS 1.2+
  • Regularly rotated for security
  • Revocable at any time by you

5.2 Access Controls

  • Only myOwl employees who need access to student data for support or operations can view it
  • All employees sign strict confidentiality agreements
  • Access is logged and monitored
  • Students can only see their own data; parents can only see their child’s data

5.3 Security Monitoring and Testing

  • We conduct regular security audits and penetration testing
  • We monitor for unauthorized access attempts
  • We maintain incident response procedures

SOC 2 Type II Certification

We are pursuing SOC 2 Type II certification to provide additional assurance of our security and data handling practices. Our target is to complete the audit within 12 months of achieving product-market fit and securing initial pilots.

In the interim, we maintain industry-standard security practices including those described in this section. Schools and districts can request our current security documentation, incident response plan, and audit progress at any time by contacting [email protected].

5.4 Limitations

No security system is 100% secure. While we use reasonable measures to protect your information, we cannot guarantee absolute security against all threats. Any transmission of personal information is at your own risk. If you believe your data has been compromised, contact us immediately at [email protected].

5.5 Data Breach Notification

If we discover a data breach involving student personal information, we will:

  • Notify affected students and parents within 30 days
  • Notify relevant school districts
  • Cooperate with law enforcement if required
  • Describe the breach, the data affected, and steps we’re taking to prevent future breaches

6. Data Retention

We retain data only as long as necessary to provide the Service or comply with legal obligations.

6.1 Retention Schedule

Data Type

Retention Period

Notes

Account Information (name, email, etc.)

Until account deletion

Deleted within 30 days of account deletion

LMS/Calendar/Athletic Data

Until account deletion

Deleted within 30 days of account deletion

Usage Logs (pages visited, features used)

12 months

Automatically deleted after 12 months

Study Plans and Progress Data

Until account deletion

Deleted within 30 days of account deletion

Support Tickets and Communications

2 years

Deleted after 2 years unless legally required

Anonymized, Aggregated Analytics

Indefinite

Cannot be linked back to you

 

6.2 Deletion Process

When you delete your account, we:

  1. Immediately mark your account for deletion
  2. Remove your data from all active systems within 24 hours
  3. Purge all backups within 30 days
  4. Provide written confirmation of deletion

7. Compliance with Laws

7.1 FERPA (Family Educational Rights and Privacy Act)

myOwl is a “service provider” under FERPA. We:

  • Treat student records as confidential
  • Do not disclose student records to third parties without authorization
  • Comply with all FERPA requirements
  • Provide schools with a Data Processing Agreement upon request

7.2 COPPA (Children’s Online Privacy Protection Act)

For students under 13, we comply with COPPA requirements (see as Exhibit A below).

7.3 State Student Data Privacy Laws

myOwl complies with all applicable state student data privacy laws, including:

  • California (SOPIPA)
  • New York (Education Law 2-d)
  • Virginia (VMPPA)
  • Colorado (CPA)
  • And other state laws

We will provide schools with compliance documentation upon request.

8. Third Party Links and Services

The Service may contain links to other websites or services (e.g., LMS login pages, TeamSnap). We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of every website you visit.

myOwl is not affiliated with or endorsed by Google, Canvas, Schoology, TeamSnap, or any other third-party service.

9. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or other operational reasons. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending you an email notification
  • Requiring you to accept the updated policy before continuing to use the Service

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

Email: [email protected]
Mailing Address: [Your Address]
Response Time: We will respond to all privacy inquiries within 10 business days

Exhibit A

Privacy Policy for Children Under the Age of 13

Last modified: March 23, 2026

Overview

The Children’s Online Privacy Protection Act of 1998 and its rules (collectively, “COPPA”) require us to inform parents and legal guardians about our practices for collecting, using, and disclosing personal information from children under the age of 13 (“children”).

This policy supplements our general Privacy Policy above. Terms defined in the general policy have the same meanings here. This policy only applies to children under 13; students 13 and older are covered by the general Privacy Policy.

What Information We Collect From Children

Children can use many features of myOwl without providing personal information. However, some features require us to collect information, including personal information.

Information We Collect Directly

To register with myOwl, a child must provide:

  • Child’s name
  • Child’s email address (school or parent’s email)
  • Child’s student ID number
  • Password (created by child, for logging into myOwl only)

We may request additional optional information (e.g., athletic team, grade level), but we clearly mark what is required vs. optional.

We collect only as much information as is reasonably necessary for the child to use myOwl.

Information We Retrieve from LMS, Calendar, and Athletic Systems

When a parent authorizes myOwl to connect to their child’s LMS, calendar, or athletic system, we collect:

  • Class names, assignment names, and due dates
  • Grade data (only if visible to the student)
  • Class schedules
  • Athletic schedules

(See Section 1.2 of the general Privacy Policy for complete details.)

Automatically Collected Information

We automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)

We use cookies to keep children logged in and to improve the Service. Parents can manage cookie settings through their browser.

How We Use Children’s Information

We use children’s personal information only for:

  1. Registering and maintaining their account
  2. Delivering the Service: syncing LMS/calendar/athletic data, generating study plans, sending notifications
  3. Improving the Service: analyzing usage patterns to make myOwl better
  4. Complying with legal obligations

We do NOT:

  • ❌ Sell, rent, or share children’s information with third parties
  • ❌ Use children’s data for marketing or advertising
  • ❌ Use children’s data for any purpose other than Service delivery and improvement

How We Disclose Children’s Information

We disclose children’s personal information only in these circumstances:

  1. To service providers who help us operate myOwl and who are contractually required to keep information confidential and use it only for specified purposes
  2. To schools (if myOwl is used through a school) for administrative purposes (aggregate usage, student profile)
  3. As required by law (court orders, government requests, child safety investigations)
  4. In business transfers (merger, acquisition, bankruptcy)

We do not share children’s information with marketing companies, data brokers, or other third parties.

Parental Rights and Consent

How We Obtain Parental Consent

Before we collect personal information from a child under 13, we obtain verifiable parental consent. Here’s how:

  1. Account Registration: When a child registers, we ask for a parent’s email address
  2. Verification Email: We send the parent an email asking them to verify they are the parent/guardian and consent to:
    • Data collection (name, email, student ID)
    • Connection to LMS/calendar/athletic systems
    • Use of that data to deliver myOwl
  3. Parent Clicks “I Consent”: The parent clicks a link in the email to confirm consent
  4. Account Activation: The child’s account is activated only after parental consent is verified
What Parents Can Do

Access and Review: Parents can log into their child’s myOwl account and review:

  • Child’s profile information
  • Connected LMS/calendar/athletic accounts
  • Study plans and progress

Correct Information: Parents can update or correct their child’s information at any time through account settings.

Revoke Consent: Parents can revoke consent at any time, which will:

  • Disconnect myOwl from the child’s LMS/calendar/athletic systems
  • Delete all the child’s data from myOwl (within 30 days)
  • Deactivate the child’s account

To revoke consent, email [email protected] with the child’s name and account email.

Request Deletion: Parents can request deletion of their child’s data at any time. We will delete all information within 30 days.

Children’s Rights

Children under 13 can:

  • Access their data: Log into their account to see their profile and study plans
  • Delete their account: Request account deletion through account settings
  • Disconnect services: Disconnect their LMS, calendar, or athletic system at any time

Contact Us

If you are a parent or guardian with questions about our privacy practices for children under 13:

Email: [email protected].
Response Time: We will respond within 10 business days