Trust & Safety Center

Built for children, schools and parent trust.

Oyku is designed around school approval, parent visibility controls, consent-ready workflows and secure handling of children's photos and school content.

School-approvedParent-trustedConsent-awareSecure by design
Four trust pillars

How Oyku stays safe by default.

Pillar

School control

Schools decide what is shared, with whom, and what becomes public.

Pillar

Parent visibility

Parents see approved memories intended for them.

Pillar

Consent-ready

Designed to support parent permissions, opt-outs and school policies.

Pillar

Security basics

Role-based access, encryption, retention controls and incident response.

Overview

Transparent by design.

Product
OYKU
Operator
Edustack Technologies Pvt Ltd
Registered address
B130, AFOCHS, Sainikpuri, Hyderabad, Telangana, India - 500094
Last updated
14 May 2026
Important: This page is intended to give schools and parents a transparent view of how Oyku is designed. Final legal terms, school agreements and privacy wording should be reviewed by counsel before publication in each market.
What Oyku helps with

Daily school moments, parent-visible memories, teacher recognition and school-approved content drafts.

What Oyku avoids

No public posting without school approval. No behavioural advertising to children. No uncontrolled parent access to other children's private content.

01
Privacy Policy

What we collect and why.

Oyku collects and processes information needed to provide the service to schools, teachers, parents and students. This may include school account details, approved classroom photos or videos, class/activity metadata, parent contact details, teacher/staff account details, approval records and basic engagement logs.

Purpose of processing

  • To organise and share approved school memories with authorised parents.
  • To help schools prepare school-approved content drafts for public channels.
  • To support teacher and student recognition features.
  • To maintain security, access controls, audit logs and support workflows.

Children's information

Children's photos, videos and related school activity data are handled with additional care. Oyku is designed to support school approval, parent permission, visibility controls, opt-outs and deletion requests.

Contact

Privacy contact: privacy@oyku.app · General contact: hello@oyku.app

Before publishing: replace emails and add jurisdiction-specific wording for India, UAE, UK/US or other markets you launch in.
02
School Data Processing Agreement

School decides. Oyku supports.

For school deployments, the school is expected to decide the purpose and scope of use, including which classes, teachers, parents and content types are enabled. Oyku processes data only to provide the agreed service and support approved school workflows.

School responsibilities

  • Define rollout scope, authorised users and approval roles.
  • Obtain or manage parent consent where required by law or school policy.
  • Maintain an opt-out list for students whose parents do not permit photo/video sharing.
  • Approve public sharing before content is posted externally.

Oyku responsibilities

  • Process school data only for agreed purposes.
  • Maintain reasonable technical and organisational safeguards.
  • Support access correction, deletion and export requests where feasible.
  • Notify the school of relevant security incidents according to the incident response process.
04
Photo, Video & Approval Policy

School-approved. Always.

Oyku is designed around the principle that schools remain in control of sharing. Classroom photos and videos should be reviewed under the school's approval workflow before being shared with parents or drafted for public channels.

Content that should not be shared

  • Children on opt-out lists, unless cropped/removed or otherwise permitted.
  • Images involving injury, distress, disciplinary situations or private information.
  • Content showing sensitive documents, addresses, medical information or personal records.
  • Anything that could embarrass, target or unfairly single out a child.

Approval standard

Before sharing, staff should ask: Is this safe? Is it kind? Is it school-approved? Is it appropriate for the intended audience?

05
Data Retention, Deletion & Export

Keep only what's needed.

Oyku should retain school content only as long as needed for the service, legal requirements, school instructions and parent memory features. Schools should be able to request export and deletion according to agreed terms.

Data typeSuggested retentionNotes
School account dataWhile school account is activeDeleted or archived after termination per agreement.
Approved photos / videosDuring active school use or parent subscription periodSubject to school/parent deletion requests.
Audit logsLimited operational periodUseful for approvals, access review and incident investigation.
Support messagesAs needed for support and legal recordkeepingShould avoid unnecessary child data.
Before publishing: decide exact retention periods, e.g. 30 / 60 / 90 days after termination, and align with product architecture.
06
Subprocessor list

Vendor governance.

Oyku may use carefully selected third-party service providers to host, process, secure, communicate or support the service. Each vendor should be reviewed for security and data protection suitability before use.

VendorPurpose
AWS / Google Cloud / cloud providerHosting, storage, infrastructure
Google Gemini / OpenAI / AI providerOptional AI features such as captions or enhancement
WhatsApp / email providerSchool and parent communication
Analytics / logging providerService reliability and basic engagement analytics
Before publishing: replace this placeholder table with your actual vendor list, regions, and subprocessors.
07
Security Overview

Practical security, school-grade.

Oyku should use practical security controls appropriate for a school platform handling children's photos and parent access.

Access controls

Role-based permissions for school owners, principals, admins, teachers and parents.

Encryption

Encryption in transit using HTTPS/TLS and encryption at rest where supported by infrastructure.

Approval logs

Records of key approval and sharing actions for accountability.

Least privilege

Staff and systems should only access data needed for their role.

SOC 2 is not required for early pilots, but the controls on this page can become the foundation for SOC 2 or ISO 27001 readiness later.
08
Incident Response

Calm, clear, accountable.

Oyku should maintain an incident response process for suspected unauthorised access, accidental disclosure, system compromise, data loss or misuse of school content.

Response steps

  1. 1Identify and triage the incident.
  2. 2Contain affected systems or access.
  3. 3Assess affected schools, users, data types and severity.
  4. 4Notify affected schools according to legal and contractual obligations.
  5. 5Remediate, document lessons learned and improve controls.
09
Role-Based Access Control

Different roles, different access.

Different users should have different levels of access. A parent should not have the same visibility as a teacher, and a teacher should not have the same approval rights as a principal or authorised admin.

RoleTypical access
School Owner / PrincipalSchool-level settings, approval workflows, user management, public sharing approval.
Admin / Marketing LeadContent drafts, school communication and approved public sharing.
TeacherCapture/upload moments for assigned classes or activities.
Parent / GuardianApproved memories intended for their child or permitted group context.
Oyku SupportLimited support access, controlled and logged where possible.
10
School Approval Before Public Sharing

Nothing public without approval.

Oyku may help prepare public content drafts for official school channels, but public sharing should require approval from the school's authorised person.

Recommended workflow

  1. 1Teacher or staff captures a school moment.
  2. 2Oyku organises and prepares parent/social-ready content.
  3. 3System checks visibility rules and opt-outs.
  4. 4Authorised school user reviews the draft.
  5. 5Content is approved, edited, rejected or rescheduled.
  6. 6Only approved content is posted or exported for public sharing.
Public sharing principle: Nothing goes public without school approval.
Questions or feedback?

We'd love to hear from your school.

Privacy and safety questions, school agreements, or pilot enquiries — reach us anytime.

privacy@oyku.apphello@oyku.app
← Back to Oyku pilot