Schedule of Data &school data practices.
Effective April 22, 2026
This page is incorporated by reference into the I Can Tell Time Data Privacy Agreement and the NY Ed Law §2-d Parents' Bill of Rights Supplement. It lists every category of student data covered by the SDPC National DPA, our subprocessors, and our practices for retention, security, and breach response.
Summary
I Can Tell Time is an offline, on-device learning application. In its default deployment:
- No student name, email, contact info, or identifier is collected by the app.
- No student in-app activity (lesson progress, scores, interaction events) is transmitted to Provider. All progress is stored locally on the student's device.
- No subprocessor receives student data, because no student data leaves the device.
- No advertising or behavioral profiling takes place in the app.
- Educator and administrator contact information is collected only when an educator voluntarily submits the quote or DPA request form on the marketing website, and it is never linked to any student.
Schedule of Data
Data categories below are those enumerated in the SDPC National DPA Exhibit “Schedule of Data.”
| Data Category | Data Elements | Collected? | Purpose / Notes |
|---|---|---|---|
| Application Technology Metadata | IP address, device identifiers, browser or OS metadata | No | Not applicable — app is offline after install |
| Application Use Statistics | App usage timestamps, session duration, in-app events | No | Analytics disabled by default in school MDM profile; no server transmission |
| Assessment | Standardized test scores, results of assessments | No | Not applicable |
| Attendance | Student class attendance | No | Not applicable |
| Communications | Student email, IM, chat, texts | No | Not applicable |
| Conduct | Student discipline and conduct records | No | Not applicable |
| Demographics | Date of birth, gender, ethnicity, race, language | No | Not applicable |
| Enrollment | Student school enrollment, grade level | No | Not applicable |
| Parent/Guardian Contact Info | Parent/guardian name, phone, email, address | No | Not applicable |
| Parent/Guardian ID | Parent/guardian ID number | No | Not applicable |
| Parent/Guardian Name | First/last name | No | Not applicable |
| Schedule | Student scheduled courses, teacher names | No | Not applicable |
| Special Indicator | English language learner, low-income, IEP status | No | Not applicable |
| Student Contact Info | Student address, email, phone | No | Not applicable |
| Student Identifiers | Local, State, or Federal student ID | No | Not applicable |
| Student Name | First/last name | No | Not applicable |
| Student In-App Performance | Progress through lessons, level completion | No | Stored locally on device only; never transmitted |
| Student Program Membership | Academic or extracurricular programs | No | Not applicable |
| Student Survey Responses | Student responses to surveys/questionnaires | No | Not applicable |
| Student Work | Student-generated content, essays, artwork | No | Not applicable |
| Transportation | Student bus assignments | No | Not applicable |
| Educator Contact Info | Educator or administrator email, name, district | Only if provided | For educator-initiated contact (quote requests, support inquiries); never student-linked |
| Biometric Information | Fingerprints, facial scans, voice prints | No | Not applicable |
| Health Records | Health or medical information | No | Not applicable |
Subprocessors
Provider uses the following subprocessors in connection with the broader business. As noted in the Schedule of Data, none of these subprocessors receive student PII.
| Vendor | Role | Data involved | Location |
|---|---|---|---|
| Apple Inc. | Application distribution via App Store and Apple School Manager | No student PII. Anonymous app download and MDM deployment only. | United States |
| Resend, Inc. | Transactional and marketing email delivery | Educator/administrator email addresses and names that were voluntarily submitted through the website contact or DPA request forms. No student PII. | United States |
| Datafast | Privacy-focused website analytics (marketing site only) | Aggregate page views on icantelltime.com. Does not track students. Does not run inside the app. | European Union |
Retention & deletion
Student progress: Stored locally on the student's device and retained there until the app is uninstalled or the device is re-provisioned by the LEA. Because the data never leaves the device, Provider has nothing to retain or delete on its own systems.
Educator contact data: Retained for the duration of the contractual or support relationship. Educator contact data is deleted within 45 days of a written deletion request to hello@icantelltime.com.
Diagnostic / support emails: Retained only as long as needed to resolve the support request, and not more than 24 months.
Security practices
- Encryption in transit (TLS 1.2 or higher) for all data flowing to or from Provider systems.
- Encryption at rest (AES-256 or equivalent) on any Provider-controlled infrastructure that holds data.
- Multi-factor authentication required for employee access to systems that could access educator contact information.
- Annual privacy and security training for all personnel with access to operator data.
- Documented access provisioning and revocation processes; access reviewed at least annually.
- Vendor infrastructure hosted in SOC 2 Type II–certified facilities located in the United States.
Breach response
In the event of a confirmed or reasonably suspected breach involving any data covered by a DPA, Provider shall notify the LEA's designated data privacy contact without unreasonable delay, and in any event within the shorter of:
- 72 hours of discovery (Provider's default commitment);
- 7 calendar days where the LEA is a New York educational agency subject to NY Ed Law §2-d / Part 121;
- the timeframe required by any other applicable state data-breach statute.
Notice will include the nature of the breach, the categories of data involved, the approximate number of individuals affected, containment steps taken, and recommended remedial actions.