👋 Introduction

Welcome to StXaviersOnline — the digital learning platform for St. Xavier's Junior Senior School, Muzaffarpur. We are committed to protecting the privacy of all users, especially students who are minors.

This Privacy Policy explains what information we collect, how we use it, and the rights you have over your data when you use StXaviersOnline.

📋 Information We Collect

When you sign in with your Google account, we collect:

• Your name and email address from your Google profile
• Your profile picture (optional, used only for display)
• Your Google OAuth tokens — used to verify your identity and access school Drive files on your behalf

During normal app use, we also store:

• Your class/section (selected by you)
• Files you upload — stored on the school's Google Drive account
• AI chat sessions — saved to Drive under a folder private to your email
• App preferences — theme, font size, AI voice, chat background (stored locally on your device)

🔐 How We Use Your Information

• To authenticate your identity and determine your role (student, teacher, or admin)
• To display your name and photo in the app interface
• To save and retrieve your AI chat history from Google Drive
• To store uploaded class materials in the school Drive folder
• To enforce role-based access — students see only their class files; teachers see all

☁️ Google Drive & Third-Party Services

StXaviersOnline uses the following third-party services:

• Google OAuth 2.0 — for secure sign-in. We never see your Google password.
• Google Drive API — all files (class materials, logbook photos, chat sessions) are stored on a school-managed Google Drive account. Files are accessed via a secure server-side token — your personal Google account is never granted Drive access.
• Groq API — powers the AI chat assistant (StXaviersOnline AI). Messages you send to the AI are processed by Groq's servers. Your Groq API key is stored locally on your device only. See Groq's Privacy Policy.

💾 Data Storage & Security

• Authentication tokens are stored in your browser's cookies via an HttpOnly, Secure session cookie managed by our Cloudflare Worker backend.
• App preferences and session cache are stored in your device's localStorage — they never leave your device.
• Drive files are encrypted in transit via HTTPS and stored on Google's infrastructure.
• Chat sessions are stored as JSON files in a private folder on the school Drive, accessible only to your email address.

👶 Children's Privacy

StXaviersOnline is used by school students, including minors under the age of 18. We take this seriously:

• We do not collect more personal data than necessary for the app to function.
• Student data is not shared with advertisers or commercial third parties.
• AI chat responses are filtered to remain appropriate for school-age users.
• Access is restricted to verified school email accounts only.

If you are a parent or guardian and have concerns about your child's data, please contact the school administration.

⚙️ Your Rights

• Access: You can view your data by signing in and browsing the app.
• Deletion: Sign out to clear your local session. Contact the school admin to request removal of Drive data.
• Correction: Update your class/section anytime from within the app.
• Portability: You can download your AI chat sessions directly from the app (long-press a chat → Download).

📬 Contact

For any questions about this Privacy Policy or your data, please contact:

🔄 Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be announced via the school's notice board in the app. Continued use of StXaviersOnline after changes constitutes acceptance of the updated policy.