Privacy Policy
This Privacy Policy explains how we collect, use, store and protect your information when you use Teacher Task Manager. By using the app, you agree to the practices described here.
Information We Collect
We collect only the information necessary for the app to function. The following data may be stored in Google Firestore or Firebase Storage depending on which features you use:
Account information
- Name and email address (provided at registration or via Google sign-in)
- Profile photo URL, if signing in with Google (supplied by Google)
- Account tier (Free or Pro) and subscription status
No passwords are stored by us. Authentication is handled by Firebase Auth (Google).
Task and productivity data
- Tasks: titles, descriptions, subtasks, due dates, priority, categories, recurrence settings, and assignment details
- Notes: title and body text of notes you create
- Timetable entries: class names, periods, and schedule information
- School calendar data: term dates, holiday periods, and INSET days you define or that are shared with you by a team
- Dashboard layout preferences (section order, sizes, and collapsed states)
- Task templates you save for reuse
Team and collaboration data
- Team names, join codes, and member lists (names, email addresses, and roles)
- Tasks assigned to or received from team members
- Team activity feed entries (e.g. task completions, members joining)
Chat and messaging data (Pro only)
- Messages sent in team chats and direct messages, including records of edits and deletions
- Emoji reactions, threaded replies, and pinned or bookmarked messages
- Draft messages saved per chat room
- Poll choices and per-user voting records
- Read receipts: which messages you have read and when
- Presence status (online, away, or busy): shared with your team members in real time
- Typing indicators: transmitted in real time only and not stored persistently
- Images you upload in chat: stored in Firebase Storage
Push notification tokens
- Firebase Cloud Messaging (FCM) device registration tokens: stored in your account to deliver push notifications for task assignments, due dates, and @mentions. These tokens identify your browser or device but contain no personal information beyond their association with your account.
Google Calendar data (optional, Pro only)
- If you connect Google Calendar, we store OAuth access and refresh tokens to create, update, or delete calendar events on your behalf. We only access events created by Teacher Task Manager and do not read your wider calendar history.
- You can revoke this access at any time from within the app or at myaccount.google.com/permissions.
Outlook (Microsoft) Calendar data (optional, Pro only)
- Outlook Calendar sync is available to Pro subscribers only. If you connect Outlook Calendar, you sign in with Microsoft and grant the delegated permissions
User.ReadandCalendars.ReadWrite. This lets Teacher Task Manager create and update calendar events on your behalf. - Sign-in is handled directly by Microsoft using a public-client (PKCE) flow. We do not use or store a Microsoft client secret, and the Microsoft access token is held only in your browser session (it is cleared when you sign out or disconnect); we do not store it on our servers.
- Task and event details needed to create or update an event are sent to the Microsoft Graph API. You can disconnect Outlook in Profile or revoke access at myaccount.microsoft.com/permissions.
How We Use Your Information
We use the information we collect to:
- Create and manage your account
- Sync and display your tasks, notes, timetable, and calendar data across sessions and devices
- Enable collaboration features such as team task boards, shared calendars, and team chat
- Send push notifications for task assignments, due dates, and @mentions (Pro only)
- Provide AI-powered features that process your task and context data (Pro only)
- Process your subscription payments via Stripe
- Sync events with Google Calendar or Outlook Calendar when you enable the integration (Pro only)
- Provide customer support
- Improve app functionality and user experience
- Communicate important information about the Service
We do not sell your data.
Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract performance: processing necessary to provide the Service and manage your account and subscription.
- Consent: for optional features such as Google Calendar and Outlook Calendar integration (Pro only), push notifications, and AI features. You may withdraw consent at any time by disconnecting the feature within the app.
- Legitimate interests: for security monitoring, abuse prevention, and service improvement, where these interests are not overridden by your rights.
- Legal obligation: where we are required by law to retain or disclose data (e.g. financial records for tax purposes).
How We Store and Protect Your Information
We use industry-standard security practices to protect your information, including encryption in transit (HTTPS/TLS) and access controls. Structured data is stored in Google Firestore and images are stored in Firebase Storage, both of which provide server-side encryption at rest.
Access to your data is restricted by Firestore security rules that permit only authenticated users to read their own data or data explicitly shared with them. Third-party services used for authentication and storage are required to follow strong data protection practices consistent with UK GDPR.
Data Sharing and Third-Party Services
We do not sell your personal data. We share data with the following third-party services only to the extent necessary to provide the Service:
- Firebase / Google: authentication (Firebase Auth), database (Firestore), image storage (Firebase Storage), and push notifications (Firebase Cloud Messaging). Google Privacy Policy.
- OpenAI: AI-powered features (Pro only). Relevant task and context data is sent to OpenAI's API. Your data is not used to train OpenAI's models. See our AI & Data page and OpenAI Privacy Policy.
- Stripe: payment processing for Pro subscriptions. Stripe receives your email address and payment details. We do not store card numbers. Stripe Privacy Policy.
- GIPHY: GIF search in team chat (Pro only). When you search for GIFs, your search query is sent to the GIPHY API. No account-linked data is transmitted. GIPHY Privacy Policy.
- Google Calendar API: if you connect Google Calendar (Pro only), task data is sent to Google's Calendar API to create, update, or delete events on your behalf.
- Microsoft Graph: if you connect Outlook Calendar (Pro only), you sign in with Microsoft and task and event data is sent to the Microsoft Graph API to create or update events on your behalf. See Microsoft Privacy Statement.
- Legal disclosure: we may disclose data where required by law, court order, or to protect the rights, property, or safety of our users or the Service.
We never sell personal information to advertisers or data brokers.
Google API Services User Data
Teacher Task Manager's use and transfer to any other app of raw or derived user data received from Google APIs, including Google Workspace APIs, will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
AI Features and Automated Processing
Pro users can access AI-powered features. When these features are used, a minimal summary of relevant data (task titles, task context, school calendar context, team context, as appropriate) is sent to OpenAI's API to generate a response. Notes page content is not sent to OpenAI for summarisation. This data is not used to train AI models under our API agreement with OpenAI.
AI outputs, including priority suggestions, task descriptions, and follow-up recommendations, are advisory only and are never applied to your data without your explicit action. No automated decision-making within the meaning of UK GDPR Article 22 takes place; you remain in control at all times. See our AI & Data transparency page for a full feature-by-feature breakdown.
International Data Transfers
Some third-party services we use are based in the United States. Transfers of personal data to these services are made under appropriate safeguards:
- Google (Firebase, Google Calendar): Google LLC participates in the EU–US Data Privacy Framework and processes UK personal data under UK Standard Contractual Clauses (SCCs). Google may store data in globally distributed data centres.
- Microsoft (Outlook via Microsoft Graph): Microsoft Corporation participates in the EU–US Data Privacy Framework and processes UK personal data under SCCs. Microsoft may store data in globally distributed data centres.
- OpenAI: data is transferred to OpenAI's US-based infrastructure under SCCs included in OpenAI's API data processing addendum.
- Stripe: Stripe participates in the EU–US Data Privacy Framework and processes UK data under SCCs.
- GIPHY (Meta): GIF search queries are processed by GIPHY (a Meta company) in the US. Only the search text is transmitted; no account-linked data is sent.
If you have questions about international transfers or wish to review the applicable safeguards, please contact us at service@teacheradmin.com.
Data Retention
We retain your data for as long as you maintain an account. Specific retention periods are as follows:
- Account and profile data: retained until account deletion, then removed within 30 days.
- Tasks, notes, timetable, and school calendar data: retained until deleted by you or until account deletion, then removed within 30 days.
- Chat messages and uploaded images: retained until deleted by you or until account deletion, then removed within 30 days.
- FCM device tokens: retained until you sign out of a device or delete your account.
- Google Calendar OAuth tokens: retained until you disconnect Google Calendar from within the app or delete your account.
- Outlook Calendar (Microsoft) tokens: not stored on our servers. The Microsoft access token is held only in your browser session and is cleared when you sign out or disconnect.
- Stripe billing records: Stripe retains transaction records for up to 7 years for legal and financial compliance. We retain a reference to your subscription status for the same period.
Where we are required by law to retain data beyond these periods, we will do so only to the extent required.
Your Rights
Under UK GDPR and the Data Protection Act 2018, you have the right to:
- Access: request a copy of the personal data we hold about you
- Rectification: request correction of inaccurate data
- Erasure: request deletion of your data (subject to legal retention obligations)
- Data portability: request your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interests
- Restriction: request that we limit how we process your data in certain circumstances
- Withdraw consent: withdraw consent at any time for processing based on consent (e.g. Google Calendar, Outlook Calendar, push notifications)
- Automated processing: not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. All AI suggestions in this app require your explicit action to take effect and do not constitute automated decision-making under Article 22.
To exercise any of these rights, contact us at service@teacheradmin.com.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection. Visit ico.org.uk/make-a-complaint or call 0303 123 1113.
Children's Privacy
Teacher Task Manager is intended for school staff only and is not designed for use by students. We do not knowingly collect information from anyone under the age of 16. If you believe a person under 16 has created an account, please contact us and we will remove it promptly.
Institutional Use
This app is designed for individual teacher professional use. Schools, multi-academy trusts, or other organisations wishing to deploy Teacher Task Manager at an institutional level should carry out their own Data Protection Impact Assessment (DPIA) in accordance with UK GDPR Article 35 before doing so.
We are not currently a registered data processor under a formal data processing agreement with schools or local authorities. Individual teachers using the app are responsible for ensuring their use is consistent with their school's data protection policies. If your organisation wishes to discuss a formal data processing arrangement, please contact us.
Cookies and Local Storage
When you first visit Teacher Task Manager we ask for your consent to use cookies and local storage. Below is a full explanation of what we use and why.
Essential storage (required for the app to work)
- Authentication tokens: set by Firebase Auth (Google) to keep you signed in across sessions. Without these you would be signed out on every page load.
- App preferences: values stored in
localStoragesuch as your timetable view, notification preferences, and display settings, so the app remembers your choices between visits. - Cookie consent record: a single
localStorageentry (ttm_cookie_consent) that records your response to the consent banner. It stores the valueaccepted-v2ordeclinedwhen you choose, so the banner is not shown again on your next visit.
Optional analytics cookies (only with your consent)
- Google Analytics: if you choose “Accept analytics” on the consent banner, we use Google Analytics 4 on our public marketing pages (the home page, features, pricing, the blog and similar public pages) to understand how visitors find and use them. It sets cookies such as
_ga. It is never loaded inside the app itself, and it is never loaded if you choose “Essential only”. See Google's Privacy Policy.
What we do not use
- We do not use advertising cookies or retargeting cookies.
- We do not use analytics or tracking cookies inside the app, and no analytics cookies are set anywhere without your consent.
- We do not share browsing data with advertisers or data brokers.
Third-party services that may set storage
- Firebase / Google: used for authentication and the Firestore database. See Google's Privacy Policy.
- Stripe: used for Pro subscription payments. Stripe may set cookies on payment pages for fraud prevention and security. See Stripe's Privacy Policy.
- GIPHY: used for GIF search in team chat (Pro only). GIPHY may set cookies or use browser storage for its own analytics when the GIF picker is opened. No account-linked data is transmitted. See GIPHY's Privacy Policy.
Managing cookies
You can clear cookies and local storage at any time through your browser settings. Clearing authentication storage will sign you out of the app. If you decline the cookie consent banner, strictly necessary storage (such as keeping you signed in once you log in) may still be used because it is essential for the service to function.
To withdraw cookie consent at any time, clear your browser's local storage for this site. The consent banner will reappear on your next visit.
Changes to This Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app or by email.
Data Controller
Teacher Task Manager is operated by the developer of teacheradmin.com. For the purposes of UK GDPR, the operator of teacheradmin.com is the data controller for personal data collected through this Service.
Contact Us
If you have questions or requests related to this Privacy Policy or wish to exercise your data rights, please contact:
Service: Teacher Task Manager (teacheradmin.com)
Email: service@teacheradmin.com