HomeFeaturesPricingAboutContact
LoginContact Us

Privacy Policy

Last updated: 3/27/2026

Schutes ("we", "us", "our") is committed to protecting the privacy and personal data of all users of our school bus management platform. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR), the Australian Privacy Act, and other applicable data protection laws.

1. Data Controller

Schutes acts as the data processor on behalf of schools (data controllers) that use our platform. For questions about how your school handles your data, please contact your school administration. For questions about our platform, contact us at [email protected].

2. Information We Collect

We collect the following categories of personal data:

  • Account information: Name, email address, phone number, role (administrator, driver, parent), and school affiliation.
  • Student information: Student names, assigned bus routes, stop locations, and parent/guardian associations. This data is provided by school administrators.
  • Location data: Real-time GPS coordinates of buses during active trips, used exclusively for trip tracking and safety.
  • Usage data: Login timestamps, feature usage patterns, and session information for service improvement and security.
  • Communication data: Messages sent through the platform between authorised users (e.g. parents and drivers).
  • Device information: Device type, operating system, and app version for mobile app users.

3. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the bus management service as agreed with your school.
  • Legitimate interest: Service improvement, security monitoring, and fraud prevention.
  • Consent: Analytics and marketing cookies (which you can manage via our cookie consent banner).
  • Legal obligation: Compliance with applicable laws and regulations.

4. How We Use Your Information

  • Providing real-time bus tracking, route planning, and trip management services.
  • Sending automated notifications (e.g. bus arrival, delays, absences).
  • Enabling communication between authorised school personnel and parents.
  • Ensuring security through authentication, access controls, and audit logs.
  • Improving our platform based on aggregated, anonymised usage data.
  • Complying with legal obligations and responding to lawful requests.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. Data is shared only:

  • Within your school's authorised users (administrators, drivers, parents) as required for the bus management service.
  • With infrastructure providers (hosting, email delivery) under strict data processing agreements.
  • When required by law, regulation, or valid legal process.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy. Active account data is retained for the duration of the school's subscription. GPS trip data is retained for the current school year plus one additional year for safety and compliance purposes. Upon account deletion or subscription termination, personal data is deleted within 90 days, except where retention is required by law.

7. Your Rights (GDPR)

Under the GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
  • Restriction: Request restriction of processing in certain circumstances.
  • Data portability: Receive your data in a structured, commonly used, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest.
  • Role-based access controls ensuring users only see data relevant to their role.
  • School-level data isolation preventing cross-school data access.
  • Rate limiting and input validation to prevent abuse.
  • Regular security reviews and updates.

9. Cookie Policy

Our website uses the following types of cookies:

  • Essential cookies: Required for the website to function (e.g. session management, cookie consent preferences). These cannot be disabled.
  • Analytics cookies: Help us understand how visitors interact with our website. Only loaded with your consent.
  • Marketing cookies: Used to deliver relevant advertisements. Only loaded with your consent.

You can manage your cookie preferences at any time using the cookie consent banner or by clearing your browser cookies.

10. Children's Privacy

Our service processes student data on behalf of schools. We do not knowingly collect personal data directly from children. All student data is provided and managed by authorised school administrators and parents. Schools are responsible for obtaining necessary parental consent for student data processing.

11. International Data Transfers

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent protections required by applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify affected users of material changes via email or in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact and Complaints

For privacy-related inquiries, data access requests, or complaints:

  • Email: [email protected]
  • Mail: Schutes Privacy Team, PO Box 123, Sydney NSW 2000, Australia

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (e.g. the Office of the Australian Information Commissioner or a European Data Protection Authority).