Privacy Policy

Last updated: May 2026

Overview

Tooo is designed with privacy in mind. We collect minimal data necessary to provide the service.

Tooo Lab Managed School Mode

Tooo Lab is different from the personal remote-control mode. It is intended for school-owned, MDM-managed macOS lab devices, with school authorization, student/parent notice, and administrator audit trails.

• Managed device data: machine name, device identifier, serial hash, OS/app version, MDM status, permission status, online status, and policy version
• Student session data: student roster reference, display name, grade, class, hashed student-card UID, login/logout time, and current machine session
• Identity and authorization data: teacher, administrator, and parent KeyLockr SafeIDs, nicknames, authorization scopes, and parent SafeID bindings on student profiles
• Audit data: administrator actions, remote commands, actor SafeID, IP address, User-Agent, timestamps, and related payload metadata
• Classroom archive data: screenshots, recordings, client logs, web/app activity events, command results, and related metadata according to school policy
• Safety analysis: blacklist matches and AI-assisted risk alerts may be generated for authorized school administrators and teachers

Raw student card UIDs are not displayed or logged by Tooo Lab. Student-card UIDs are HMAC-SHA256 hashed server-side using school scope and a server-side pepper before storage; the original UID is not written to logs, persistent records, or backups. Schools configure retention windows; the planned defaults are 30 days for screenshots/recordings, 180 days for logs/access records, and 1 year for alerts/audit logs, and the backend retention reaper removes expired data according to those windows.

In managed school mode, Tooo Lab does not show a per-event device notification for screenshots, recordings, log collection, or activity archiving. The school Acceptable Use Policy and parent/student notice disclose the monitoring scope before use. Lock-screen and restart commands may show a short countdown to help students save work; that countdown is not a monitoring notice.

The school's AUP/notice should clearly define the Lab computer use scope. By default, devices are assumed to stay on school premises; if the school allows take-home use or home Wi-Fi, the school needs to disclose which monitoring, filtering, and archiving controls remain active. Schools should also provide an opt-out or consent-withdrawal process, alternative learning arrangements, a COPPA school-authorization basis, and FERPA boundaries that limit data sharing to authorized educational purposes.

Parent or guardian access is available only when the school enables it and links a parent's KeyLockr SafeID to a student profile. Parents may sign in at /parent to view records associated with their child's student sessions.

Data We Collect

• Device ID: A random identifier generated on your device for pairing purposes
• Device Name: Your device name, used to identify devices during pairing
• Public Key: Used for secure encrypted communication

Data We Don't Collect

• Personal remote-control mode does not collect name, email, or phone number.
• Lab managed school mode stores necessary data such as student display name, teacher/admin/parent SafeID, IP address, and User-Agent according to the school's roster and authorization settings.
• Screen content or UI data in personal remote-control mode (transmitted directly between devices)
• Location data
• Usage analytics or telemetry

Data Storage

• Pairing codes are stored temporarily (5 minutes) and automatically deleted
• Connection information is kept only while devices are connected
• Personal remote-control mode does not permanently store screen content on our servers
• Lab managed school mode persistently stores managed-device records, student sessions, archives, alerts, and audit logs on the school's backend; expired data is removed by the retention reaper according to school configuration.

Third-Party Services

• KeyLockr is the default identity provider for Lab administrator, teacher, and parent sign-in. KeyLockr receives a sign-in request and returns an authenticated SafeID.
• Public CDN (cdnjs.cloudflare.com) serves CSS/JS framework files; Tooo does not intentionally send Lab usage data to the CDN.
• AI analysis or archive providers are used only when a school explicitly configures them; the school must provide the relevant notice before enabling them.

Contact

For privacy concerns, contact us at: [email protected]