Privacy Policy
Last Updated: April 07, 2026
At SDive, we are committed to protecting the privacy and security of your data. This Privacy Policy outlines how we collect, use, and process personal information when you use our school management ecosystem. By using SDive, you consent to the practices described in this policy.
1. Data Collection and Sources
We collect information through three main channels: 1.1. Data You Provide: This includes registration details (name, work email, school name), billing information, and any data you upload regarding your students and teachers. 1.2. Automated Collection: We automatically capture technical data such as IP addresses, browser types, and interaction logs to ensure platform stability and security. 1.3. Third-Party Sources: We may receive information from integrated services (e.g., Google or Zoom) when you authorize connectivity.
2. Lawful Basis for Processing
We process your data under the following legal frameworks: - Performance of a Contract: To provide the CRM services you subscribed to. - Consent: Where you have given explicit permission for specific data uses. - Legitimate Interests: For security, fraud prevention, and improving user experience. - Legal Obligations: When required by law or regulatory authorities.
3. Platform Connectivity and Sub-processors
To provide a seamless experience, we engage trusted sub-processors: - Database & Infrastructure: Supabase (data storage and authentication). - Payments: Lemon Squeezy (secure billing and subscription management). - Communications: Resend (transactional emails and notifications). - Analytics: Vercel (performance monitoring). All sub-processors are vetted for compliance with global security standards.
4. Dive AI and Neural Processing
Our intelligent assistant, Dive AI, utilizes OpenAI's API. Your data is shared with OpenAI solely to fulfill your specific requests (e.g., automated notes or correspondence). IMPORTANT: We maintain a 'Zero Training' policy. Your school's data is never used by OpenAI to train their foundational models, ensuring complete architectural isolation.
5. International Data Transfers
SDive operates on a global infrastructure. Your data may be transferred to and processed in countries outside of your residence. We implement Standard Contractual Clauses (SCCs) and robust safeguards to ensure your data receives parallel protection regardless of geographic location.
6. Data Sharing and Disclosure
We do not sell your personal data. Disclosure occurs only in restricted scenarios: - Corporate Transactions: In the event of a merger or acquisition. - Legal Requirements: To comply with subpoenas or court orders. - Service Operation: With your authorized teachers and staff members.
7. Security Architecture
We implement multi-layered security measures: - Encryption: All data is encrypted using AES-256 at rest and TLS 1.3 in transit. - Physical Security: Our infrastructure is hosted in SOC 2 Type II certified data centers. - Access Control: We enforce strict principle of least privilege for all internal operations.
8. Data Retention and Deletion
We retain school data for the duration of an active subscription. Account Inactivity Policy: If a workspace remains inactive or without a paid plan for 30 consecutive days, we trigger a permanent deletion cycle for all associated school records, student profiles, and historical data to minimize data risk.
9. Your Rights and Control
Under GDPR and other global regulations, you have the following rights: - Right to Access: Request a copy of your personal data. - Right to Rectification: Correct inaccurate or incomplete records. - Right to Erasure: Request the 'Right to be Forgotten'. - Right to Portability: Move your data to another service provider. - Right to Object: Stop specific processing activities.
10. Children's Privacy
SDive is a business tool designed for educational administrators. While our system processes student data, the school (Customer) acts as the Data Controller. It is the school's sole responsibility to obtain necessary parental consent for students who are minors under local laws.
11. Changes to this Policy
We may update this Privacy Policy to reflect changes in our technology or legal obligations. We will notify you of material changes via the dashboard or email. Continued use of SDive constitutes acceptance of the updated terms.
12. Contact Information
For specific inquiries regarding data protection, DPA execution, or your privacy rights, please contact our Legal Office at legal@sdive.com.