1. Overview
Yeshiva Management System (“YMS”) is an administrative system used by participating schools to manage
tuition accounts, financial ledgers, statements, and related communications.
This Privacy Policy explains how YMS accesses, uses, and protects data when authorized through Google OAuth.
2. Information We Access
When authorized by a school administrator, YMS may access the following Google services:
- Google Sheets — Used to store and manage tuition, account, and ledger data maintained by the school.
- Google Drive — Used to create and store PDF statements and supporting documents in folders controlled by the school.
- Gmail (optional, if enabled by the school) — Used solely to send administrative emails and financial statements on behalf of the school.
YMS does not access personal Google user data beyond what is necessary to perform these functions.
3. How Information Is Used
Data accessed through Google APIs is used only to:
- Generate tuition and financial statements
- Maintain school-controlled account records
- Send emails explicitly initiated or configured by the school
- Organize documents in school-owned Drive folders
YMS does not:
- Sell user data
- Use data for advertising or marketing
- Share Google user data with third parties
4. Data Storage
- Tuition and account data remains in Google Sheets owned or controlled by the school.
- Generated PDFs are stored in Google Drive folders owned or controlled by the school.
- OAuth access tokens are stored securely within the Google Apps Script environment and are used only to perform authorized actions.
5. Data Sharing
YMS does not share Google user data with third parties. Access is limited to authorized school
administrators and the systems required to operate YMS.
6. User Control
School administrators:
- Choose which Google account is connected
- Control which spreadsheets, folders, and Gmail accounts are used
- May revoke OAuth access at any time through their Google Account settings
7. Security
Reasonable technical and organizational safeguards are used to protect access to data, including: