Privacy Policy
Last updated: March 24, 2025
At Cyber Square, we are committed to supporting schools and enhancing education while prioritizing the privacy and security of personal data. This Privacy Notice explains how we collect, use, and protect data when partnering with schools in the UK, especially those with young students. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring transparency, safety, and trust.
Cyber Square provides educational tools to support teaching and learning in schools. We act as a data processor, handling data only as instructed by the school (the data controller), and we do not use it for our own purposes beyond delivering our service.
We operate in the UK through our registered entity:
Oray Limited
10-12 Southernhay, Basildon, England, SS14 1EL
Cyber Square AI and Robotics Private Limited - India Office
Door No: 1507, 5th Floor, Cafit Square, Hilite Business Park, Hilite City, Kozhikode, Kerala, India, 673014
Contact Email: connect@cybersquare.org
Data Protection Officer: Sidan – sidan@cybersquare.org
Cyber Square is designed to function without collecting identifiable student data by default. We rely on schools to provide only the information required for our platform to support teachers and students effectively.
This may include:
- Non-identifiable student data: Generic identifiers like class codes, anonymized student numbers, or teacher-assigned labels (e.g., "Student A") that do not personally identify students.
- Usage data: Information about how students interact with our platform (e.g., activity logs, progress tracking), linked only to non-identifiable markers unless configured otherwise.
- Google login data: If a school integrates with Google Workspace for Education, we process login data (e.g., session ID) to authenticate users.
We do not require or collect sensitive personal data such as dates of birth, addresses, or health information unless explicitly directed by the school.
Cyber Square does not directly collect personal data from children. Schools act as data controllers and determine what data to share. Where parental consent is legally required—such as for children under 13—the school is responsible for obtaining it under UK GDPR Article 8.
We process this data solely to deliver our service to schools, including:
- Enabling teachers to monitor and support students' learning
- Providing a seamless login experience via Google (configured per school preferences)
- Supporting technical functionality and generating reports
We do not:
- Use any data for marketing, advertising, or profiling
- Collect more data than the school provides
- Process data beyond the school's explicit instructions
Cyber Square processes and stores data in India. When schools in the UK share data with us, it is transferred to India under the following safeguards:
- Standard Contractual Clauses (SCCs): Included in our Data Processing Agreements
- Transfer Risk Assessments (TRAs): Conducted to evaluate and mitigate risks
- Encryption: All data is encrypted in transit and at rest
- School's agreement: We only transfer data with explicit consent
Students, parents, and staff have rights under UK GDPR. Since the school is the data controller:
- All requests should be directed to your school's Data Manager
- Cyber Square will support the school in handling these requests
For general questions or concerns:
- Email us at connect@cybersquare.org
- Contact our Data Protection Officer at sidan@cybersquare.org
Cyber Square is proud to partner with schools to enhance learning. Our approach—offering flexible data configurations, secure integration with Google, and compliance-driven data handling in India—ensures simplicity, security, and peace of mind.
We're happy to sign a Data Processing Agreement (DPA) with your school to formalize our commitment to data protection.
We use the information we collect to:
- Provide and improve our services
- Communicate with you about your account or our services
- Analyze website usage and enhance user experience
We do not sell, trade, or otherwise transfer your personal information to outside parties, except when required by law or with your consent.
We implement a variety of security measures to protect your personal information, including:
- Encryption of data in transit and at rest
- Regular security audits and updates
- Strict access controls and authentication
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure.
We use cookies and similar technologies to enhance your experience on our website. These may include:
- Essential cookies for website functionality
- Analytics cookies to understand usage patterns
- Preference cookies to remember your settings
You can control cookie settings through your browser preferences. For more information, please see our Cookie Policy.