Your privacy matters. Here's how we protect your data.
Last updated: May 1, 2026
SchoolBreach.org, an initiative by OceanEd Inc. ("we," "us," or "our"), is committed to protecting the privacy and security of personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use:
We are committed to aligning with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its Implementing Rules and Regulations, as enforced by the National Privacy Commission (NPC), and with Republic Act No. 10175 (Cybercrime Prevention Act of 2012) for authorized security testing.
For Sonar users, a service-specific Privacy Policy is published at sonar.schoolbreach.org/privacy. Where the two policies differ in detail, the Sonar policy controls for matters specific to the Sonar service.
We use collected information for the following purposes:
We implement robust security measures to protect your data:
All sensitive data is encrypted at rest and in transit using industry-standard protocols. Authentication credentials provided for Sonar scans are stored using AES-256-GCM and accessed only by the scan worker for the duration of the scan.
Strict access controls ensure only authorized team members can manage breach data and scanner records.
Some school names may be withheld in the public tracker to protect affected institutions and students. Sonar scan reports are private to the school that requested them and are never published.
Social media monitoring may help identify potential incidents, but breach reports are verified using corroborating public records, media coverage, official disclosures, and NPC filings.
Sonar will not run a scan without verified school registration, principal authorization, and recorded consent. Active scans are restricted to schedules consented to by the school.
As a data subject, you have the following rights:
To exercise any of these rights, contact us using the details in §10. We will respond within 15 business days. Deletion requests will be processed within 30 days, subject to legal retention requirements.
We do not sell, rent, or trade personal information. We may share data in the following circumstances:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
When retention periods expire, data is securely deleted or anonymized.
Our websites use cookies and similar technologies to enhance your experience. These include:
You can control cookie preferences through your browser settings.
SchoolBreach.org and SchoolBreach Sonar are not directed at children. The breach tracker is a public awareness resource for educators, administrators, and parents. Sonar accounts are issued only to verified school staff. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it promptly.
Sonar scan results are processed by third-party AI models to generate security summaries, severity ratings, and remediation recommendations. When scan data is submitted for AI processing, it is handled under the AI provider's data processing terms. We do not permit AI providers to use your scan data to train their models.
AI-generated content may contain inaccuracies. Reports should be reviewed by qualified IT personnel. OceanEd is not liable for decisions made based on AI-generated report content.
If you have questions about this Privacy Policy or wish to exercise your data privacy rights, please contact our Data Protection Officer:
Email: contact@schoolbreach.org
General inquiries: hello@theoceaned.com
Organization:OceanEd Inc. — Data Protection Officer
Address:Las Piñas City, Philippines
You may also file a complaint with the National Privacy Commission at www.privacy.gov.ph.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date, and — for Sonar account holders — by email. We encourage you to review this policy periodically.