Effective date: 28 April 2026
SchoolTripMaster is operated by SchoolTripMaster Ltd (“we”, “us”). We act as data controller for schools subscribing directly and as data processor when acting on a school’s instructions. Questions can be sent to [email protected].
School details, staff contact data, DBS/qualification info, student demographics, medical/dietary needs, emergency contacts, parent contact details, trip documentation, consent responses, and technical logs. If you use Sign in with Google, we also receive the categories of information described in section 9.
Access is limited to authorised school users. Third-party processors (hosting, email, analytics) operate under GDPR-compliant agreements. Data is hosted in the UK/EU; transfers outside the UK/EU use recognised safeguards.
We retain data for the duration of the school’s subscription plus up to seven years to meet safeguarding and statutory requirements, after which it is securely deleted or anonymised unless law requires a longer period.
SchoolTripMaster uses technical and organisational controls including encryption in transit, role-based access controls, audit logging, vulnerability management, and secure operational processes appropriate to the service.
Data subjects can request access, correction, deletion, restriction, objection, portability, or withdraw consent. Requests may be submitted via the school or directly to [email protected]. We respond within one calendar month.
SchoolTripMaster (SchoolTripMaster Ltd) offers optional Sign in with Google. This section explains how we access, use, store, and share Google user data in line with Google’s requirements for app privacy disclosures.
When you choose Sign in with Google, we receive personal data from your Google account only as authorised by the OAuth scopes presented at login. This typically includes your email address, your name (or equivalent display fields returned by Google), and a stable identifier for your Google account used solely to associate your Google login with your SchoolTripMaster account. We do not request additional Google data beyond what is needed to authenticate you and provision your account.
We use Google user data only to provide and improve user-facing features of SchoolTripMaster: verifying identity, creating or accessing your account, maintaining secure sessions, and showing appropriate profile or contact information inside the application for educational trip management (for example where your role requires it). We do not use Google user data for purposes unrelated to operating the service for you and your school.
We do not sell Google user data. We do not disclose Google user data to data brokers, advertising networks, or for targeted or interest-based advertising. We may process Google-derived account data using subprocessors (such as cloud hosting or email delivery) under strict contractual safeguards. Within SchoolTripMaster, authorised staff at your organisation may see contact or profile details where necessary for trip planning, safeguarding, and communication, consistent with their role.
Google-derived account data is protected using the same technical and organisational measures described in section 7, including encryption in transit, role-based access controls, and audit logging appropriate to the sensitivity of education and safeguarding data.
We retain Google-derived account information for as long as your SchoolTripMaster account is active and thereafter as set out in section 6, including where retention is required for safeguarding or legal obligations. You may exercise deletion or other rights as described in section 8. When retention periods end, we delete or anonymise data in line with our retention practices.
We do not use Google user data for targeted advertising, selling to third parties, determining credit-worthiness, or building unrelated commercial databases. We do not use Google user data to train general-purpose artificial intelligence models unrelated to providing SchoolTripMaster; operational processing (such as security monitoring) is limited to running and securing the service.
If we materially change how we use Google user data, we will update this policy and notify users where appropriate (for example via the application or email).
Please contact us first. If unresolved, you can complain to the UK Information Commissioner’s Office at ico.org.uk.
Email: [email protected]