MySched

Privacy

MySched handles account, schedule, and reminder data using the privacy model described in its architecture documentation. This page is limited to information published in the architecture reference, including privacy compliance, data encryption, permissions, local storage, offline sync, session management, and account deletion behavior.

Contact and scope

For privacy concerns, contact privacy@getmysched.com. This summary follows the documented product architecture rather than adding unsupported claims outside the published reference.

What MySched collects

The documented data model covers only the information needed to run the product.

  • Full name for profile display and notifications.
  • Email for authentication, verification, and account recovery.
  • Student ID for section matching.
  • Class schedule, custom classes, reminders, settings, and avatar photo for the core product experience.

The same architecture docs also state that MySched does not collect:

  • Location.
  • Contacts.
  • Browsing history.
  • Biometric data handled by Apple or Android outside the app itself.

How data is processed

OCR scanning is processed on-device through Google ML Kit. The architecture docs say scanned images are never uploaded and are deleted after processing.

Cloud processing is limited to authentication, schedule sync, and profile storage through Supabase. The published docs describe those flows as encrypted in transit over HTTPS, with profile and database data encrypted at rest.

Optional provider sign-in can use Google or Apple. The docs describe that flow as receiving authentication information only, not sharing additional app data beyond authentication.

Permissions and local storage

MySched requests only the permissions documented as necessary for core features: camera for OCR scanning, notifications for class reminders, exact alarms on Android, and photo library access for optional image import.

Local storage uses a mix of SharedPreferences for simple device preferences and secure storage for sensitive data such as session tokens, cached schedules, reminders, and the offline mutation queue.

The encryption docs specify EncryptedSharedPreferences on Android, Keychain Services on iOS, and in-memory only storage on the web for secure values.

Retention and deletion

The published retention model keeps profile data, schedule data, custom classes, and reminders until you delete them or delete your account.

Offline queue items are retained for up to 14 days before pruning, dead-letter items for up to 30 days, and cached schedule data stays on device until logout or cache expiry.

When an account is deleted, the docs say MySched removes profile data, schedule data, reminders, settings, avatar storage, and auth records, then clears local device state and signs the user out.

Security measures

The architecture docs describe HTTPS-only production connections, TLS 1.2+, encrypted storage for secure values, hashed passwords, and row-level security on the app's data tables.

Session tokens are stored in platform-secure storage, refreshed when needed, and cleared on logout. Password changes sign out other sessions, and the app supports login history and device management for active sessions.

Your controls

  • Access profile, schedule, and settings data inside the app.
  • Correct your profile name, student ID, email address, password, and class schedule.
  • Delete your account in Settings → Account → Delete Account.
  • Export your schedule as PDF, CSV, or plain text before deletion.

The privacy documentation also states that analytics are limited to telemetry such as screen names, action counts, load times, and error traces, and that private schedule contents are not included in that telemetry.