Privacy Policy

Glassroom is a tuition-centre management platform built for Singapore — a “tuition operating system” that helps a centre run its leads, students, classes, attendance, billing and WhatsApp messaging from one place.

This Privacy Policy explains how we handle personal data. It is governed by the laws of Singapore, including the Personal Data Protection Act 2012 (PDPA). It applies to our marketing site, the Glassroom operator application, and the messaging features delivered through it.

Glassroom is currently offered as a free alpha / pilot. We may update this policy as the product matures; the “Last updated” date above reflects the current version.

Personal data flows through Glassroom in two distinct ways, and our role differs between them.

Data a centre inputs about its students, guardians and leads

For the personal data that a tuition centre (the “operator”) enters about its own students, guardians/parents and leads, Glassroom acts as a data intermediary (processor), processing that data only on the centre’s behalf and on its instructions. The tuition centre is the organisation responsible for that data — including obtaining the necessary consent from, and giving the required notice to, the individuals concerned.

The operator’s own account data

For the personal data of the operator and its staff who sign up for and use Glassroom (account data), Glassroom is the organisation responsible for that data (the controller).

(a) Account / operator data

Name, email address, phone number, business details about the tuition centre, and login credentials.

(b) Data the centre inputs

Information about the centre’s students, guardians/parents and leads, including names, contact numbers, email addresses, class enrolment, attendance records, and billing & payment records.

(c) WhatsApp messaging data

Phone numbers and the content of messages exchanged over WhatsApp between the centre and its contacts. Inbound messages may be handled by Caitlin, our automated assistant (see the WhatsApp & Meta section below).

(d) Usage & technical data

Server and access logs, device and browser information, and cookies used to keep you signed in and to operate the service.

Consistent with the PDPA’s purpose-limitation principle, we use personal data only for purposes a reasonable person would consider appropriate, including:

• providing, operating and securing the Glassroom service;
• managing classes, attendance, billing and invoicing (in SGD, including PayNow references);
• delivering WhatsApp messages between a centre and its contacts;
• operating Caitlin, an automated assistant that answers inbound WhatsApp messages from a centre’s published FAQs and helps book trial sessions (booking/support only);
• providing customer support;
• maintaining security and audit logging;
• improving and developing the service.

Where we are the responsible organisation, we collect and use personal data on the basis of express or deemed consent under the PDPA, or as otherwise permitted by law.

Where a centre inputs data about its students, guardians or leads, the centre is responsible for obtaining the necessary consent from those individuals before entering their data into Glassroom, and for honouring any withdrawal of consent. Individuals may withdraw consent at any time on reasonable notice; doing so may affect the centre’s ability to provide certain services to them.

Messaging in Glassroom is delivered over WhatsApp and is therefore also subject to WhatsApp’s and Meta’s terms and policies, including the WhatsApp Business platform policies.

• Recipients must have opted into being contacted. Centres are responsible for ensuring they have a lawful basis and the recipient’s consent before messaging.
• Data obtained through WhatsApp is used only as reasonably necessary to support messaging with that person — not for unrelated purposes.
• Caitlin operates strictly as an automated booking and support assistant, grounded in the centre’s own published FAQs. It is not a general-purpose chatbot, consistent with Meta’s WhatsApp Business platform policies.
• WhatsApp messages are end-to-end encrypted in transit. Meta handles and retains certain data in accordance with its own policies, which are outside Glassroom’s control.

This section is the most relevant to questions about the PDPA in the context of messaging; please also read the consent, retention and cross-border sections below.

We may share personal data with:

• cloud hosting and infrastructure providers that run the service on our behalf;
• Meta / WhatsApp, in order to deliver messaging;
• payment processing for payment references (e.g. PayNow), where applicable.

We do not sell personal data. Where we engage service providers, we require them to protect personal data and to use it only for the purposes we specify.

Some personal data may be processed or stored outside Singapore (for example by our cloud providers or by Meta). Where we transfer personal data overseas, we take reasonable steps so that it receives a standard of protection comparable to that under the PDPA, in line with the PDPA’s Transfer Limitation Obligation.

We retain personal data only for as long as it is needed for the purposes set out in this policy or as required to meet legal or business obligations, after which it is deleted or anonymised. WhatsApp-derived identifiers are retained only for as long as reasonably necessary to support messaging with the relevant person.

We apply reasonable security arrangements to protect personal data against unauthorised access, use or disclosure — including encryption in transit, access controls, and audit logging of sensitive actions. No system is perfectly secure, but we work to protect data appropriately for an alpha-stage product and to improve our safeguards over time.

Under the PDPA you may request access to, or correction of, the personal data we hold about you. Where the data is held by Glassroom on behalf of a tuition centre (for example, a student’s or guardian’s records), please direct your request to that centre, which is the responsible organisation. For account data for which Glassroom is responsible, contact our Data Protection Officer at the address below.

If a data breach occurs, we will assess it and, where required under the PDPA’s mandatory breach-notification regime, notify the affected individuals and the Personal Data Protection Commission (PDPC) within the timeframes set by law.

We use essential cookies to keep you signed in and to maintain your session. These are necessary for the service to function.

We may update this policy from time to time as Glassroom develops. Material changes will be reflected in the “Last updated” date at the top of this page.

For privacy questions, or to reach our Data Protection Officer, contact titus@glassroom.cloud. This contact address may be updated as the product matures.