All Mighty Sync ("AMSync", "we", "us") is a school-management application operated by All Mighty Sync. This policy explains what personal data we process, why, and the rights you have.
Who controls the data
AMSync is used by educational organizations ("Schools"). For data entered by a School about its members, the School is the data controller and AMSync is the data processor acting on the School's instructions. For account-level data (your login, profile), AMSync is the controller.
Data we process
Depending on your role (Admin, Teacher, Parent, Student) we process:
- Account & profile: name, email, phone, role, profile picture, password (stored only as a secure hash by our auth provider).
- Organization data: school name, contact details, terminology, settings.
- Educational records: groups/classes, schedules, attendance records, materials, gallery media, checklists, incident reports.
- Messaging: announcements and inbox messages you send or receive.
- Financial: membership/payment status, submitted payment proofs, teacher pay settings and work logs (for organizations that enable payments).
- Technical: authentication tokens and basic device/session information needed to operate the service, including a push-notification token.
We do not sell personal data and we do not use it for advertising.
Children's data
AMSync is a tool for schools and is not directed to children for direct sign-up. Data about students (who may be minors) is entered and managed by the School and/or a parent/guardian. Schools are responsible for obtaining any consent required under applicable law (e.g. GDPR, GDPR-K, COPPA).
How we use data
To provide the service: authentication, attendance, scheduling, communication, materials/gallery sharing, payments tracking, reporting, and notifications.
Legal bases (GDPR)
Performance of a contract (providing the service), legitimate interests (securing and improving the service), legal obligation, and consent where required.
Storage & security
Your data is hosted on reputable, industry-standard cloud infrastructure. Access is restricted by organization- and user-level authorization controls, so each person can only access the data they are entitled to. Data is encrypted in transit (HTTPS) and at rest, and passwords are never stored in plain text — only as a salted hash.
Sub-processors
We rely on a small number of vetted third-party service providers to operate AMSync, in the following categories:
- Cloud hosting, database & authentication
- Push-notification delivery
- Transactional email (e.g. invitations and password resets)
These providers process data only on our instructions and are bound by data-protection terms. A current list of our named sub-processors is available to customer organizations on request and as part of our Data Processing Agreement — contact support@allmightysync.com.
Retention
We keep data for as long as your account/organization is active. When data is deleted (see below), it is removed from the production database; backups are purged on our provider's standard backup-rotation schedule.
Your rights
Subject to applicable law you may access, correct, export, or delete your data, and object to or restrict processing. Contact support@allmightysync.com.
Account & data deletion
You can delete your account in the app: Settings → Security → Delete account. This permanently removes your account and personal data.
- If you are the only administrator of an organization, you must delete the organization first (Organization Settings → Delete organization). This permanently removes all of its data and cannot be undone.
- Deleting an organization does not delete other members' accounts — they are detached from the organization.
If you cannot use the app, see our Account Deletion page.
Changes
We will update this policy as needed and revise the "Last updated" date.