Privacy Policy
EduHelm is a school-administered focus app for Android. It helps students stay focused during school hours by limiting access to distracting apps on a fixed schedule and within a school geofence, with school staff able to unlock devices remotely. This policy explains what data EduHelm does and does not handle, and how it is protected. It is written to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Information Commissioner's Office (ICO) Age Appropriate Design Code (“the Children's Code”).
EduHelm is operated by Dale Stapleton (“we”, “us”). Contact: support@eduhelm.app.
Our core privacy principle: no student names
EduHelm is built so that no student names or other directly identifying personal details are ever stored on our servers. When the app is installed, the device generates an anonymous device code in the format EH-XXXX-XXXX. Our backend stores only:
- the anonymous device code;
- an optional year group (e.g. “Year 9”); and
- the current focus state of the device (e.g. locked, unlocked, extended lock).
The mapping between a device code and a named student is kept privately by the school, never by us. We cannot identify a student from the data we hold.
Data the app accesses on the device
To deliver its core function, EduHelm uses certain sensitive Android capabilities. In each case the data is used only on the device for the purpose described and is not collected, logged, or transmitted to us unless stated.
Accessibility Service
EduHelm uses Android's AccessibilityService API for a single, narrow purpose: detecting when someone attempts to disable an active focus session by force-stopping the app (for example via Settings → Apps → EduHelm → Force Stop), so that focus mode can be re-asserted. The service reads on-screen content only to recognise the system “Force stop” / “App info” screen for EduHelm itself. It does not read, collect, store, or transmit screen content, keystrokes, passwords, messages, or information about any other app. EduHelm is not an accessibility tool and does not represent itself as one.
Foreground service
While a focus session is active, EduHelm runs a foreground service (shown by a persistent notification) to keep the on-device blocking policy running and to receive remote unlock or extended-lock instructions from authorised school staff. This service processes only the device's own focus state. It does not collect personal data.
Location (including in the background)
EduHelm uses your location, including in the background and when the app is closed, for one purpose: an automatic school-grounds geofence that turns focus mode on when the device is at school and off when it is away. Location is used only to evaluate proximity to the configured school geofence. We do not store location history or coordinates, and we do not transmit location off the device for tracking. No location data leaves the device.
Data we store on our servers
| Data | Purpose | Retention |
|---|---|---|
| Anonymous device code (EH-XXXX-XXXX) | Identify the device for remote management | While the device is enrolled |
| Year group (optional) | Allow school staff to manage devices in groups | While the device is enrolled |
| Focus state | Apply and propagate lock/unlock instructions | While the device is enrolled |
| School login credentials (hashed) | Authenticate school staff to the admin panel | While the school account is active |
We do not store names, contact details, photos, messages, browsing history, app-usage logs, or location data on our servers.
How the data is used
The data above is used solely to operate the focus/lock feature and the school admin panel: enrolling a device, showing its current state, and letting authorised staff lock or unlock individual devices or whole year groups. We do not use any data for advertising, profiling, or analytics about individual students, and we do not sell or share data with third parties for their own purposes.
Legal basis and consent
EduHelm is deployed by schools under written parent/guardian consent obtained before installation, together with the school's authorisation as the body responsible for the student's device during school hours. The school acts as data controller for the device-to-student mapping it holds privately; we act as a processor for the limited anonymous data on our servers. The lawful bases relied on are consent (parent/guardian) and legitimate interests / public task as appropriate to the school's safeguarding and educational responsibilities.
Because EduHelm is used by children, we have designed it in line with the ICO Children's Code: we practise data minimisation (no names, minimal fields), we do not profile children, we do not use nudge techniques, and privacy-protective settings are the default.
Children's data
EduHelm is intended for use on devices belonging to or assigned to secondary-school students, installed with parent/guardian consent and under school administration. We deliberately avoid collecting directly identifying information about children. A parent, guardian, or the school may request information about, or deletion of, a device's record at any time via support@eduhelm.app.
Data security
School staff authenticate using per-school credentials stored only in hashed form (PBKDF2). Sessions use signed, time-limited tokens. Data in transit is encrypted via HTTPS. Server-side data is limited to the minimal anonymous fields described above.
Your rights
Under UK GDPR you (or a parent/guardian on a child's behalf, or the school) have the right to access, correct, or delete the data held about a device, to restrict or object to processing, and to lodge a complaint with the ICO (ico.org.uk). Because we hold no names, requests should reference the device code, which the school can provide. To exercise any right, contact support@eduhelm.app.
Changes to this policy
We may update this policy as the app evolves. Material changes will be reflected by the “Last updated” date above and, where appropriate, communicated to participating schools.