Dino & Bear

Privacy Policy

Dino & Bear

Last updated: May 2026

Introduction

We built Dino & Bear to make school life easier for busy parents. We know you're trusting us with important information — your emails, your children's school details, your calendar — and we take that responsibility seriously.

This Privacy Policy explains what information we collect, how we use it, and how we keep it safe. We've tried to keep it clear and straightforward, but if anything doesn't make sense, please get in touch at privacy@dinoandbear.com.

What We Collect

Information You Give Us

When you set up and use Dino & Bear, you may provide:

  • Your name and email address
  • Your children's names, schools, and year groups
  • Calendar and event preferences
  • Access to your school-related emails (when you choose to connect your email account)
  • Photos or uploads of school documents such as letters, notices, and printed schedules

Device Permissions

Dino & Bear may request access to your device camera and photo library. This is used solely to let you photograph or select school documents (such as printed letters or notices) for event and task extraction. Photos are sent to our servers for AI processing and are treated the same as email content — they are used only for extraction, not stored permanently, and never shared with third parties for advertising, marketing, or analytics.

Information We Collect Automatically

When you use the app, we automatically collect some technical information like device type and how you use the app. This helps us fix bugs and improve the experience.

How We Use Your Information

Everything we do with your data is about making Dino & Bear work for you:

  • Reading your school emails to find events, dates, deadlines, and action items
  • Adding school events to your calendar, when you ask us to
  • Sending you reminders so you don't miss anything
  • Improving the app and personalising your experience
  • Keeping you informed about new features and updates

We will never use your information for advertising, and we will never sell your data to anyone.

Your Connected Email

Dino & Bear works by connecting to your email account (Gmail, Yahoo Mail, or Microsoft Outlook) to find school communications. Here's how we handle your emails:

  • We only look at emails from senders you've approved — you choose which school domains we monitor, and we don't touch anything else
  • Your emails are processed using AI to pick out the important school dates and events — see "How AI Works in Dino & Bear" below for more on this
  • We never sell or share your emails with anyone for advertising, marketing, or analytics
  • No one at Dino & Bear reads your emails unless you specifically ask us to (for example, if you need help with a particular email) or unless required for security or legal reasons
  • You can disconnect your email at any time in your account settings. We'll immediately stop accessing your emails. Any events we've already extracted will stay in your account unless you choose to delete them

Gmail (Google API)

When you connect Gmail, we use the Google Gmail API with the gmail.readonly scope. This means we can only read your emails — we cannot send, delete, or change anything in your Gmail account.

On top of everything above, we want to be extra clear about Gmail:

  • We never use your Gmail data for any kind of advertising
  • We never use your Gmail data for credit checks or lending decisions

Google's Limited Use Disclosure

Dino & Bear's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained through Google APIs is used exclusively to provide and improve user-facing features that are visible and prominent in the Dino & Bear application. We do not transfer this data to third parties except as necessary to provide the service (with your consent), for security purposes, or to comply with applicable law.

Yahoo Mail

When you connect Yahoo Mail, we access your email using read-only IMAP with OAuth 2.0 authentication. We request only the mail-r (read-only) scope — we cannot send, delete, or modify anything in your Yahoo Mail account.

Your Yahoo Mail data is subject to the following protections:

  • We access only emails from sender domains you have explicitly approved for monitoring
  • Email content is used solely to extract school events, dates, deadlines, and action items for your use within the app
  • We do not sell, share, or disclose Yahoo Mail data to any third party for advertising, marketing, analytics, or any other independent purpose
  • Email content is processed by our contracted data subprocessors acting solely under our documented instructions and bound by data processing agreements (see "Data Processors and Subprocessors" below)
  • Raw email content is retained for a limited period (up to 30 days) to allow you to review the source email alongside extracted events, then automatically deleted
  • Extracted event data (dates, titles, school names, and relevant details) is retained for the duration of your account
  • You can disconnect your Yahoo Mail account at any time in your account settings. We will immediately stop accessing your emails and will delete any stored email content within 30 days

Microsoft Outlook

When you connect Outlook, all of the same protections described above apply. We treat your Outlook emails with exactly the same care.

Your Connected Calendar

When you choose to add school events to your Google Calendar, we use the Google Calendar API with the calendar.events scope. Here's what that means:

  • We only create events from school dates that the app has found in your emails
  • We check for duplicates so you don't end up with the same event twice
  • We don't read, change, or delete any of your existing calendar events
  • We never use your calendar data for advertising or any other purpose beyond providing the service
  • You can disconnect your calendar at any time in your account settings

How AI Works in Dino & Bear

We use AI to read through your school emails and extract the events, dates, and tasks that matter. Here's what you should know:

  • Your emails are processed by our AI subprocessor for the sole purpose of extracting school events — nothing else
  • Our AI subprocessor is contractually prohibited from using your email content for model training or any independent purpose
  • Our AI subprocessor retains data for up to 30 days solely for security and abuse-prevention purposes, after which it is permanently deleted
  • Our AI subprocessor is required to maintain strong security measures and comply with data protection law
  • We do not use any other AI service to process your emails

Before you connect your email, we'll ask you to confirm that you're comfortable with your school emails being processed by AI. You're always in control.

Data Processors and Subprocessors

Dino & Bear uses a limited number of subprocessors to provide the service. All subprocessors act solely under our documented instructions and are bound by data processing agreements that require them to:

  • Process data only for the purposes we specify
  • Not use data for any independent purpose, including model training, advertising, or analytics
  • Maintain appropriate technical and organisational security measures
  • Delete or return data upon termination of the processing relationship
  • Not further subcontract processing without our prior written authorisation
SubprocessorLocationPurposeData Processed
AI Processing ProviderUnited Kingdom / EUExtraction of school events from email contentEmail body text from approved sender domains only
Cloud InfrastructureUnited Kingdom / EUApplication hosting and data storageAll service data
Payment ProcessorUnited Kingdom / EUSubscription management and billingSubscription status; no email content

For specific subprocessor names, security certifications, and data processing agreement details, contact privacy@dinoandbear.com.

How Long We Keep Your Data

We retain your data only for as long as it is needed to provide the service or as required by law. Here is a breakdown of our retention periods:

Data TypeRetention PeriodDeletion Trigger
Account details (name, email)Duration of accountAccount deletion
Extracted school events (dates, titles, details)Duration of accountUser deletion of event or account deletion
Raw email contentUp to 30 days after extractionAutomatic purge after retention window, or upon account deletion
AI subprocessor retentionUp to 30 daysAutomatic deletion by subprocessor per DPA terms
Internal quality assurance dataUp to 90 days (pseudonymised)Automatic purge after retention window
Google Calendar eventsManaged by GoogleUser manages via Google Calendar

If you delete your account or disconnect your email, we will delete your personal data, stored email content, and extracted events within 30 days. Data held by our subprocessors will be deleted in accordance with their respective data processing agreements and retention schedules as described above.

Keeping Your Data Safe

We use industry-standard measures to protect your data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • OAuth 2.0 authentication for all email provider connections — we never see or store your email password
  • Access controls limiting who within our team can access production data
  • Regular review of our security practices and subprocessor agreements

No system is 100% secure, and we can't make absolute guarantees — but we take every reasonable step to protect your data.

Your Rights

You're in control of your data. Under data protection law, you can:

  • See what personal data we hold about you
  • Correct anything that's wrong
  • Ask us to delete your data
  • Object to how we're processing your data
  • Ask for a copy of your data in a portable format
  • Withdraw your consent at any time

Just email us at privacy@dinoandbear.com and we'll take care of it.

A Note About Children's Data

Dino & Bear is designed for use by parents and guardians, not children. While the app processes information about children's school activities (such as event names, dates, and school details), this information is provided by parents through their own email accounts. Children do not create accounts, provide data directly, or interact with the app. Parents have full control over their children's information and can delete it at any time.

Cookies

We use cookies and similar technologies to keep the app running smoothly. You can set your browser to refuse cookies or let you know when one is being sent.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make any significant changes, we'll let you know in the app and update the date at the top. If you keep using Dino & Bear after a change, that counts as accepting the updated policy.

Get in Touch

If you have any questions about this Privacy Policy — or anything else — we'd love to hear from you. Drop us an email at privacy@dinoandbear.com.

← Back to Home