Privacy Notice
The short version: Groundskeeper runs on your own server. All monitoring data stays on your network and never reaches us. The only personal data we receive is your name and email when you request a licence key, plus anonymous technical telemetry from the running installation.
Who we are
Data controller: EJJ Software Ltd
Contact: hello@ejjsoftware.com
Website: ejjsoftware.com
What data we collect and why
1. Community key request
When you request a free Community licence key, we collect:
| Data | Why | Lawful basis |
|---|---|---|
| Your name | To address licence communications | Legitimate interest |
| Email address | To deliver your key and send important product updates | Legitimate interest |
| School name | To understand our user base and provide appropriate support | Legitimate interest |
| School URN | To identify the school the licence is issued to and prevent abuse | Legitimate interest |
This data is stored in Cloudflare D1 (EU-hosted) and is only accessed by EJJ Software when processing key requests.
Retention: Key request records are kept for as long as your licence is active. On a deletion request, your name and email are removed within 30 days. An anonymised record that a key was issued is retained.
2. Licence heartbeat
When Groundskeeper is running with an active licence, it sends a daily check-in to api.ejjsoftware.com containing:
| Data | Why | Lawful basis |
|---|---|---|
| School URN | Verify the licence and detect out-of-scope use | Contract performance |
| Install ID (anonymous UUID) | Count distinct installations | Contract performance |
| Groundskeeper version | Identify installations needing security updates | Legitimate interest |
| Active connector count | Verify connector limits for your licence tier | Contract performance |
| IP address | Included automatically by Cloudflare; used for abuse detection only | Legitimate interest |
We do not receive any usernames, device names, event logs, Active Directory data, or any other monitoring data in heartbeats.
Retention: Heartbeat records are retained for 13 months and automatically deleted thereafter, or within 30 days of a deletion request.
3. Email delivery
Licence keys and product communications are sent via Resend (resend.com), our email delivery provider. Resend processes your email address as a data processor under our instruction. We have a Data Processing Agreement in place with Resend.
Data we do not collect
- No monitoring data — everything Groundskeeper collects from your infrastructure (device health, event logs, AD data, backup results) stays entirely on your school’s server and is never transmitted to EJJ Software.
- No student data — Groundskeeper does not collect, process, or store any data relating to students.
- No payment data — we do not process card payments or hold any financial information.
So the “nothing leaves your network” promise is complete, there is one other outbound connection to note. Groundskeeper periodically checks whether a newer version is available by reading the public release information published on GitHub — for the application itself (github.com/ejjsoftware/groundskeeper) and, if you use the optional local Ollama AI, for Ollama (github.com/ollama/ollama). These are ordinary public version checks: they send no school data, no monitoring data, and no personal data — only the standard outbound web request needed to read a public “latest release” page, which necessarily includes your server’s public IP as the source (as with any website it contacts). GitHub is not our data processor; the request goes from your server directly to GitHub. You can prevent these checks entirely by blocking outbound access to github.com / api.github.com at your firewall — the only effect is that Groundskeeper will not tell you when an update is available.
Cloud AI providers
If you configure Groundskeeper to use a cloud AI provider (OpenAI, Azure OpenAI, Anthropic Claude, or Google Gemini), feed event data will be sent to that provider. In this case:
- Your school is the data controller for this processing.
- Groundskeeper applies automatic PII scrubbing to string values before sending to cloud providers.
- For UK schools, Azure OpenAI with UK/EU data residency is the most straightforward option for GDPR compliance.
- Ollama (the default) runs entirely on your server and sends nothing externally.
EJJ Software is not responsible for data processed by third-party AI providers you configure.
Third-party processors
| Processor | Purpose | Location |
|---|---|---|
| Cloudflare | Database (D1) and API infrastructure | EU data residency; Privacy Shield certified |
| Resend | Transactional email delivery | US-based with EU data handling; DPA in place |
Your rights under UK GDPR
You have the right to access, rectify, erase, restrict, object to, or receive a portable copy of the personal data we hold about you. To exercise any right, email hello@ejjsoftware.com. We will respond within one calendar month.
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner’s Office at ico.org.uk.
Security
All data in transit uses HTTPS/TLS. Cloudflare D1 data is encrypted at rest. The admin panel is protected by authentication and accessible only to EJJ Software personnel. We do not share data with any party not listed in this notice.
Changes to this notice
If we make material changes, we will update the date above and notify active licence holders by email. The current version is always available at groundskeeper.ejjsoftware.com/privacy.