Skip to content
← Back to Help Centre

Privacy & Security

Data Handling for Schools

2 min read

Data Handling for Schools

SchoolMorph is built with school safeguarding and compliance requirements in mind. This page covers the key points that school administrators, data protection officers, and teachers need to know.

Key data handling principles

  • Australian servers only -- All photos and data are stored on servers located in Australia.
  • No third-party sharing -- Student data is never shared with external parties.
  • No AI training -- Uploaded images are never used to train AI models.
  • Automatic deletion -- All photos and videos are permanently deleted 30 days after project completion.
  • Teacher control -- Teachers can delete any project and its associated data at any time.
  • Strict access control -- Only the teacher who uploaded the photos can access the project data.

Data roles

SchoolMorph operates as a data processor on behalf of the school, which acts as the data controller. This means:

  • The school decides what data is uploaded and why
  • SchoolMorph processes that data solely to deliver the morph video service
  • SchoolMorph does not make independent decisions about how student data is used

Staff access

No student names or photos are visible to SchoolMorph staff during normal operations. The system is designed so that support and maintenance can be performed without accessing individual project content.

For parents with questions

If parents ask about how their child's photos are handled, you can:

  1. Direct them to the SchoolMorph Privacy page at schoolmorph.com/privacy.
  2. Reassure them that photos are stored securely, never shared, and automatically deleted after 30 days.
  3. Let them know that the school retains full control and can delete data at any time.

Compliance summary

RequirementHow SchoolMorph meets it
Data minimisationOnly photos and names are collected; automatic 30-day deletion
Purpose limitationData used solely to create morph videos
Storage limitationAutomatic deletion after 30 days
SecurityEncrypted storage, signed URLs, row-level security
Access controlAuthentication + project ownership verification
Data subject rightsTeachers can delete all data at any time

For further details, visit our Privacy Policy or contact us with any questions.

Still have questions?

We're here to help. Reach out and we'll get back to you within 24 hours.

Contact Us