Privacy Policy¶
Effective date: March 17, 2026 Operator: DocGuy Training Contact: privacy@docguytraining.com
This Privacy Policy describes how DocGuy Training ("we", "us", or "our") collects, uses, stores, and shares information when you use Master Schedule ("the app"). It also describes the rights available to you under applicable law, including the Family Educational Rights and Privacy Act (FERPA) and the European Union General Data Protection Regulation (GDPR).
Please read this policy carefully. By using the app, you agree to the practices described here.
1. Who this policy applies to¶
This policy applies to all users of the Master Schedule web application, including:
- School administrators and primary administrators
- Scheduling staff
- Support engineers at DocGuy Training who access a school's data through the Support Access program
The app is designed for use by school staff. It does not create accounts for, or collect personal information from, K–12 students.
2. What information we collect¶
2.1 Account information¶
When you sign in, you authenticate using your Google account through Firebase Authentication. We receive and store:
- Your email address
- A unique user identifier assigned by Google
We do not receive or store your Google account password.
2.2 School affiliation and role¶
We store your association with a school and the role you hold within it (for example, staff or admin). This is required to control access to school data.
2.3 School operational data¶
School administrators manage the following data within the app on behalf of their school:
- Course catalog (course codes, names, categories, seat counts, block assignments)
- Teacher roster (names, IDs, block capacity)
- School configuration (name, block types, grade levels, supported languages)
- Student types and requirement groups (categories of students and the course requirements assigned to them)
- Master schedule files uploaded for validation
This data is entered and controlled by the school. DocGuy Training processes it solely to provide the scheduling service.
2.4 Audit log¶
Every change made within the app is recorded in an audit log. Each log entry contains:
- The email address and role of the user who took the action
- A description of the action and the data affected
- A timestamp
- Whether the action occurred during a Support Access session
Audit log entries are retained for 13 months and then automatically deleted.
2.5 Technical and usage data¶
We do not collect IP addresses, browser fingerprints, or behavioral analytics. Standard infrastructure logs maintained by our hosting provider (Google Firebase) may record request metadata for security and reliability purposes. These logs are governed by Google's Privacy Policy.
3. How we use information¶
We use the information described above to:
- Authenticate users and control access to school data
- Provide the scheduling features of the app
- Maintain audit records of data changes for accountability and security purposes
- Respond to support requests
- Comply with legal obligations
We do not sell, rent, or share personal information with third parties for marketing purposes.
4. Legal basis for processing (GDPR)¶
If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:
| Data | Legal basis |
|---|---|
| Account information | Performance of a contract — necessary to provide access to the app |
| School affiliation and role | Performance of a contract — necessary to enforce role-based access |
| School operational data | Performance of a contract — processed on behalf of the school |
| Audit log entries | Legitimate interests — maintaining accountability and security records |
5. FERPA¶
Master Schedule is designed for use by school staff to manage course scheduling. The app processes scheduling and roster information entered by school administrators. It does not directly process individual student education records as defined by FERPA.
When schools use Master Schedule, DocGuy Training acts as a service provider performing functions that would otherwise be performed by school officials. DocGuy Training:
- Accesses school data only to provide the scheduling service and related support
- Does not use school data for any purpose other than providing the service
- Does not disclose school data to unauthorized third parties
- Maintains appropriate safeguards for data in its custody
Schools remain responsible for determining that their use of Master Schedule complies with applicable FERPA obligations and any applicable state privacy laws.
6. Support Access¶
DocGuy Training support engineers may access a school's data only when a school administrator explicitly requests support and creates a Support Access invitation within the app. Support access is:
- Invitation-only — a support engineer cannot enter support access for a school without an active, unexpired invitation from that school's administrator
- Time-limited — invitations expire after 48 hours
- Fully logged — every support access session is recorded in the school's audit log with the engineer's email address, the start and end time, and the actions taken
School administrators can view all support access history in Settings → Audit Log.
7. Data sharing and sub-processors¶
We use the following service providers to operate the app:
| Provider | Purpose | Location |
|---|---|---|
| Google Firebase (Authentication, Firestore, Hosting) | User authentication, data storage, and web hosting | United States |
All sub-processors are bound by contractual obligations that require them to protect personal data in a manner consistent with this policy. Data processed on Google infrastructure is subject to Google's Data Processing Terms.
We do not share personal data with any other third party except as required by law.
8. Data retention¶
| Data type | Retention period |
|---|---|
| Account information and school affiliation | Until you request deletion or your school is removed from the app |
| School operational data (courses, teachers, configuration) | Until deleted by a school administrator or the school is removed |
| Audit log entries | 13 months from the date of the entry |
| Google infrastructure logs | As governed by Google's data retention policies |
9. Data security¶
We implement the following measures to protect personal data:
- All data is transmitted over HTTPS
- Access to school data is enforced by role-based Firestore security rules — users can only read and write data for schools they belong to
- Support access requires a school administrator invitation and is limited to 48 hours
- All data changes are logged and attributable to a named user
No method of electronic storage or transmission is completely secure. We take reasonable steps to protect your data but cannot guarantee absolute security.
10. Your rights¶
For all users¶
You may request that we:
- Provide a copy of the personal data we hold about you
- Correct inaccurate personal data
- Delete your account and associated personal data
To make a request, contact privacy@docguytraining.com.
Additional rights for EEA residents (GDPR)¶
If you are in the EEA, you also have the right to:
- Restriction of processing — request that we limit how we use your data in certain circumstances
- Data portability — receive a copy of your data in a structured, machine-readable format
- Object to processing — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing
You also have the right to lodge a complaint with your local data protection authority. A list of EEA data protection authorities is available at https://edpb.europa.eu/about-edpb/board/members_en.
FERPA rights¶
Under FERPA, eligible students and parents have rights with respect to education records held by their school. Because Master Schedule processes scheduling data on behalf of schools, requests relating to FERPA rights should be directed to the school, not to DocGuy Training.
11. Children's privacy¶
The app is intended for use by school staff and administrators. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information through the app, please contact us at privacy@docguytraining.com.
12. International data transfers¶
Our infrastructure is hosted in the United States. If you access the app from outside the United States, your data will be transferred to and processed in the United States. For EEA users, such transfers are made subject to appropriate safeguards, including Standard Contractual Clauses where applicable.
13. Changes to this policy¶
We may update this policy from time to time. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this policy periodically.
14. Contact us¶
If you have questions or concerns about this policy, or wish to exercise your privacy rights, please contact:
DocGuy Training Email: privacy@docguytraining.com