mydocs.school

Privacy policy

We don't store your files.

The short version: your files travel from Microsoft, through our service, to your browser without being kept anywhere. Nothing is kept, nothing is read, nothing is shared.

Last updated: 1 May 2026

The principle

We hold the minimum data needed to make a download work — and nothing more.

We are not in the analytics business, the AI training business, or the data-resale business. We are a focused tool that turns a Microsoft 365 sign-in into a download of your own files. Anything we don't need to do that, we don't collect.

What we don't do with your files

  • We don't store the files. Your zip is built in memory as it travels to your browser. Once the download finishes (or is cancelled), nothing remains on our servers.
  • We don't log file contents. Our records note that a download happened (who, when, which notebook, how many bytes) — never any file content, never page text, never image data, never filenames.
  • We don't save your files to disk. Your download passes through our service in pieces and goes straight to your browser. Nothing is written to disk along the way.
  • We don't look inside your files. Our service knows how big each file is (to decide whether to include it) and its name (to put it in the zip). It never reads the contents.
  • We don't share your data with anyone. Your files go from Microsoft to us to you, and stop there. No third parties, no analytics services, no AI providers.
  • We don't use your content to train AI models. Not ours, not anyone else's.

What we do hold

To make sign-in and licensing work, we hold a small amount of data about you (not your files). Specifically:

While you're signed in

  • An encrypted sign-in cookie that lets us speak to Microsoft on your behalf during your session. It's cleared when you sign out or the session expires.
  • Your Microsoft display name, your school email address, and Microsoft's permanent identifier for your account. These come from the Microsoft sign-in itself — we don't ask for them separately.

Saved in our database

  • A row recording that you've started a download — your Microsoft identifier, the start time, and a 60-day expiry. This is how your school's licence count works. Your name and email are encrypted at rest with a key the database server itself doesn't hold.
  • A log entry per download — who, when, which notebook (by id) — but never any file contents. School admins use this to confirm whether a download happened if you raise a question.
  • For school admins only: school name, billing contacts, current subscription. None of this is collected from students.

How long we hold it

  • Sign-in cookie: until you sign out, the cookie expires, or you clear it from your browser.
  • Seat record: 60 days from your first download, then automatically deleted.
  • Download log: 12 months, then aggregated into anonymous totals and the original entries are deleted.
  • Microsoft identifiers: only kept while a seat or log entry refers to them. Once both expire, there's nothing left tying back to you.

Where it lives

Our service runs on DigitalOcean's London servers. The database where school admin records live is also in London, with encrypted nightly backups kept for 7 days.

Your files only ever travel between Microsoft, our service in London, and your browser. We don't use any other companies in between — no content delivery network, no analytics provider, no advertising network.

Cookies

We use exactly one cookie — your encrypted sign-in session. It only travels over secure connections, can't be read by scripts on the page, and isn't shared with other sites. No analytics cookies. No tracking cookies. No advertising cookies.

What we ask Microsoft for

When you sign in, Microsoft shows you the exact permissions we're asking for. We keep this list as small as possible:

  • Your name and school email, so the dashboard can greet you.
  • Read access to your OneDrive (your own files only).
  • Read access to class notebooks — Microsoft only ever shows you the section named after you, so other students' sections aren't available to us.
  • The list of classes you're in, so we know which class notebooks to offer.
  • Permission to keep your sign-in alive long enough for a download to finish, so you don't get logged out mid-zip.

We cannot write anything to your account. We cannot read your email, your calendar, your Teams chats, or anything outside OneDrive and OneNote. You see the full list on the Microsoft sign-in screen, every time.

Your rights (and how to use them)

Under UK GDPR you can ask us for a copy of any data we hold about you, ask us to correct it, or ask us to delete it. In practice the only personal data we hold is the seat record and audit log described above. To exercise any right, email [email protected] from your school address (so we can identify your account). We respond within 30 days.

You can sign out of mydocs.school at any time using the button in the dashboard, which immediately invalidates the session cookie. To revoke the app's consent in your tenant entirely, your IT administrator can remove it from your school's Microsoft 365 admin portal → mydocs.school → Permissions → Remove.

Data controller

mydocs.school is operated by Muon Works Ltd, a UK-registered company. For the purposes of UK GDPR, your school is the controller of your personal data and Muon Works Ltd is the processor. Muon Works Ltd will sign a data processing agreement with any school on request — see the IT administrators page for details.

Changes to this policy

If we change this policy, we'll update the date at the top and post a note on the dashboard. Material changes will be notified to school admins by email at least 30 days in advance.

Contact

Privacy questions: [email protected]. General support: [email protected].