Legal

Schooli Terms of Service (B2B)

These Terms govern access to and use of Schooli’s software service.

Effective date: 2026-01-25
Last updated: 2026-01-25
Website: myschooli.com

These Terms govern access to and use of Schooli’s software service (“Service”) by a school or educational institution (“Customer”, “you”).

Appendix A contains the DPA/AVV (GDPR Art. 28).Appendix B contains the Sub-processor List.

Table of contents

  1. Provider details
  2. Agreement structure
  3. The Service
  4. Accounts and security
  5. Messaging Credits, billing, refunds
  6. Acceptable use
  7. WhatsApp messaging addendum (shared “Schooli Bot” sender)
  8. Data and privacy
  9. Support
  10. Suspension, termination, export, backups
  11. Changes
  12. Disclaimers and limitation of liability
  13. Governing law and venue
  14. Contact
  15. Appendix A — DPA/AVV (GDPR Article 28)
  16. Appendix B — Sub-processor List

Provider details

Provider: Schooli (Einzelunternehmen; Kleinunternehmer i.S.d. § 19 UStG)

Address: Winzererstraße 158B, 80797 München, Germany

Email: contact@myschooli.com

Phone: +49 173 9857 043

Agreement structure

  1. Binding agreement. By creating an account or using the Service, you agree to these Terms.
  2. Orders / pricing. Paid usage (Messaging Credits) is governed by the pricing shown at top-up/checkout or invoice (“Order”). If there’s a conflict, the Order controls for pricing/usage and these Terms control otherwise.
  3. DPA/AVV. Where Schooli processes personal data on your behalf (typical), Appendix A (DPA/AVV) applies and forms part of the agreement.

The Service

  1. What we provide. Schooli is a cloud software platform for school operations and communications (features may change over time).
  2. We do not process funds. Schooli may generate invoices and track payment status, but Schooli does not collect, hold, transmit, or settle funds. You are responsible for payment collection and banking arrangements.
  3. No professional advice. Schooli does not provide legal, accounting, or tax advice. You are responsible for your compliance decisions.

Accounts and security

  1. Authorized Users. You may allow your staff (teachers/admins) to use the Service. You are responsible for your users’ access and activity.
  2. Credentials. You must keep credentials confidential and promptly disable access for users who no longer need it.
  3. Security cooperation. You will use reasonable security practices (e.g., strong passwords; limiting admin access).

Messaging Credits, billing, refunds

  1. What you pay for. The Service is currently free to use, but WhatsApp outbound template messaging is usage-based and requires Messaging Credits.
  2. Prepaid top-up. Credits are purchased in advance(prepaid top-up).
  3. Currency. Credits may be sold in USD or PKR, as displayed at purchase. You are responsible for any bank/FX fees charged by your bank/payment route (if any).
  4. No expiry (current). Credits do not expire for now, unless stated otherwise in a future Order.
  5. Refunds. Credits are non-refundable, except for a mistaken double charge confirmed by Schooli.
  6. Third-party pricing changes. WhatsApp/Meta may change message categories, pricing, limits, and enforcement. Schooli may update credit pricing and/or messaging behavior under Changes.

Acceptable use

You will not (and will not allow users to):

  • send spam, harassment, unlawful or deceptive content;
  • violate privacy, child protection, or communications laws;
  • bypass limits, scrape, reverse engineer, or interfere with the Service;
  • upload malware or exploit vulnerabilities.

We may restrict or suspend access to protect the Service, compliance, and other customers.

WhatsApp messaging addendum (shared “Schooli Bot” sender)

  1. Third-party platform. WhatsApp messaging is delivered via the WhatsApp Business Platform / Cloud API (Meta/WhatsApp). Rules, pricing, delivery behavior, and enforcement are controlled by Meta/WhatsApp and may change.
  2. Shared sender model. Messages are sent using Schooli’s shared WhatsApp Business Account (WABA) (“Schooli Bot”). This means:
    • recipients may see Schooli as the sender identity; and
    • one customer’s messaging behavior may impact deliverability or enforcement risk for others.
  3. Your opt-in + permissions. You must obtain and maintain all permissions/consents required to:
    • share recipients’ phone numbers with Schooli/WhatsApp to deliver messages; and
    • message recipients via WhatsApp using the Service.
    Your notices/opt-in should clearly communicate WhatsApp communication and that messages may be sent via Schooli’s sender on the school’s behalf.
  4. Opt-out handling. You must honor opt-outs promptly and stop messaging opted-out recipients (except where permitted by law for necessary communications).
  5. Templates and windows. Some messages require approved templates and may be restricted by WhatsApp rules (including timing). Schooli does not guarantee delivery, timing, or classification.
  6. Enforcement / throttling. If your messaging causes high block/complaint rates or policy risk, Schooli may throttle, restrict, or suspend your WhatsApp messaging immediately to protect compliance and platform health.

Data and privacy

  1. Your data. You retain ownership of data you upload to the Service.
  2. License to operate. You grant Schooli a limited right to host, process, and transmit your data solely to provide, secure, and support the Service and as described in Appendix A (DPA/AVV).
  3. Admin portal analytics. We may collect product usage analytics in admin portals for reliability and product improvement. We do not intentionally include student/parent personal data or message content in analytics telemetry.

Support

Support is best effort, with no guaranteed response timesand no fixed support hours.

Suspension, termination, export, backups

  1. Suspension. We may suspend access (in whole or in part) for security, legal compliance, third-party platform compliance, non-payment for Messaging Credits, or material breach.
  2. Termination. You may stop using the Service at any time. We may terminate for material breach not cured within 30 days (or immediately for unlawful use/security risk).
  3. Export. After termination, we will provide a 30-dayexport window (where feasible). Export formats: CSV, XLSX.
  4. Backups. Backups may be retained up to 90 days on a rolling basis.

Changes

  1. Service changes. We may change the Service to improve it, comply with law/platform rules, or protect security/reliability.
  2. Pricing/credits changes. We may update credit pricing and rules (including introducing expiry or paid plans) by updating the Order/pricing shown at purchase. Changes apply prospectively and do not retroactively increase charges for already-used credits.
  3. Terms changes. We may update these Terms by posting a new version on myschooli.com and updating the “Last updated” date. For material changes, we will try to provide reasonable notice.

Disclaimers and limitation of liability

  1. Disclaimer. The Service is provided “as is” and“as available”.
  2. No indirect damages. To the maximum extent permitted by law, Schooli is not liable for indirect, incidental, special, consequential, or punitive damages.
  3. Liability cap. To the maximum extent permitted by law, Schooli’s total liability is capped at the Messaging Credits amount paid by you in the12 months before the event giving rise to liability (orUSD 100 / PKR equivalent if you paid nothing).
  4. Non-excludable liability. Nothing limits liability that cannot be limited under applicable law.

Governing law and venue

These Terms are governed by German law. Exclusive jurisdiction isMunich, Germany, unless mandatory law provides otherwise.

Contact

For notices or questions: contact@myschooli.com.

Appendix A — DPA/AVV (GDPR Article 28)

Effective date: 2026-01-25

Last updated: 2026-01-25

This DPA/AVV forms part of the agreement between:

  • Controller (Customer): [School legal name], [Address], [Country]
  • Processor: Schooli (Einzelunternehmen; Kleinunternehmer i.S.d. § 19 UStG), Winzererstraße 158B, 80797 München, Germany
    Contact: contact@myschooli.com

A1) Subject matter and duration

  1. Processor processes personal data on behalf of Controller to provide the Service, including WhatsApp message delivery where enabled.
  2. Processing lasts for the term of the main agreement and until deletion/return is completed under A10.

A2) Nature and purpose of processing

Hosting, storage, organization, retrieval, reporting, transmission (including to WhatsApp/Meta for message delivery), authentication, support, security monitoring, and deletion.

A3) Controller instructions

Processor will process personal data only on documented instructions from Controller, unless required by EU/Member State law.

A4) Confidentiality

Processor ensures persons authorized to process personal data are bound by confidentiality obligations.

A5) Security (TOMs)

Processor implements appropriate technical and organizational measures designed to protect personal data, including (baseline):

  • logical tenant separation by school
  • role-based access control and least privilege
  • encryption in transit (TLS)
  • monitoring and alerting for availability and security events
  • backup and recovery procedures
  • vulnerability/patch management process
  • incident response and breach notification workflow

A6) Sub-processors

  1. Controller grants general authorization for Processor to use sub-processors listed in Annex A (below) and Appendix B (Sub-processor List).
  2. Processor remains responsible for sub-processor performance under this DPA/AVV.
  3. Processor will provide reasonable advance notice of material sub-processor changes (e.g., by updating the public sub-processor list and notifying Customer admins where practicable).

A7) International transfers

Some sub-processors/platform providers may process data outside the EEA. Where required, Processor will rely on appropriate safeguards (e.g., EU Standard Contractual Clauses) via the relevant provider terms/contracts.

A8) Data subject rights assistance

Processor will reasonably assist Controller (considering the nature of processing) in responding to data subject requests. If Processor receives a request directly, it will forward it to Controller without undue delay.

A9) Personal data breaches

Processor will notify Controller without undue delay after becoming aware of a personal data breach affecting Controller’s data and provide available information reasonably required for Controller’s GDPR obligations.

A10) Deletion/return at end of service

  1. Within 30 days after termination/expiration, Processor will (at Controller’s choice) return personal data in a commonly used export format (CSV, XLSX) and/or delete it.
  2. Personal data may persist in backups for up to 90 days on a rolling basis, provided backups are protected and deleted in the ordinary course.
  3. Processor may retain data where required by law.

A11) Audits and compliance information

Controller may request reasonable information to confirm Processor’s compliance.

Audits (if needed) should be:

  • no more than once per year (unless incident-driven),
  • scheduled with reasonable notice,
  • scoped to the Service and relevant controls,
  • subject to confidentiality and security constraints.

A12) Liability

Liability follows the limitation of liability in the main agreement, unless GDPR requires otherwise.

Annex A — Processing details

A) Categories of data subjects

  • Students (including minors)
  • Parents/guardians
  • School staff (teachers, administrators)

B) Categories of personal data (typical)

  • Identification: name, student ID, class/section
  • Contact: phone number (including WhatsApp), email (optional)
  • Admin/academic: attendance, class assignments, notes, reports (if enabled)
  • Finance/admin: invoices, discounts/scholarships, payment records (recorded, not processed)
  • Messaging: message content sent by Controller; delivery metadata; opt-out flags
  • Account/security: usernames, roles, audit logs, limited technical identifiers

C) Special categories of data

Not intended by default. If Controller configures processing of special categories (e.g., health), Controller is responsible for lawful basis and additional safeguards.

D) Sub-processors (current, Service scope)

Sub-processorPurposeProcessing locationNotes
Contabo GmbHHosting infrastructureGermany (Munich)Primary hosting
Meta/WhatsApp (Cloud API)WhatsApp message deliveryGlobalProcesses data as required for delivery
Google (Gmail SMTP)Transactional emailsGlobalLogin links and operational emails
SentryError monitoringGlobalObfuscated/minimized telemetry

Appendix B — Sub-processor List

Last updated: 2026-01-25

Contact: contact@myschooli.com

This list identifies third parties that may process personal data in connection with Schooli.

B1) Sub-processors for the Schooli Service (Customer Data)

Sub-processorPurposeProcessing locationNotes
Contabo GmbHHosting infrastructureGermany (Munich)Primary hosting
Meta/WhatsApp (Cloud API)WhatsApp message deliveryGlobalRequired for WhatsApp delivery
Google (Gmail SMTP)Transactional emailsGlobalLogin links and operational emails
SentryError monitoringGlobalObfuscated/minimized telemetry

B2) Vendors for myschooli.com (landing site)

VendorPurposeProcessing locationNotes
MixpanelWebsite analyticsEEAUsed on myschooli.com

We may update this list from time to time and will provide reasonable notice of material changes where practicable.