Privacy Policy

1. Information We Collect

We collect the following categories of information:

a) Information Provided by Institutions

• Student details: name, date of birth, class, section, roll number, parent/guardian contact information, address, photograph, medical information (if provided).
• Staff details: name, employee ID, designation, contact details, qualification, salary information.
• Institutional details: school name, affiliation number, address, management details.

b) Information Collected Automatically

• Device information: device type, operating system, browser type, IP address.
• Usage data: pages visited, features used, session duration, interaction patterns.
• Location data: GPS coordinates from IoT devices (Bueagle trackers) and mobile apps (with explicit consent).
• Biometric data: facial recognition templates for attendance (Facy) — stored as encrypted mathematical representations, not raw images.

c) Information from Third Parties

We may receive information from payment gateways (transaction status), SMS/WhatsApp providers (delivery reports), and biometric hardware partners (device health data).

2. How We Use Your Information

• Providing and maintaining our educational technology services.
• Processing fee payments, generating invoices, and financial reporting.
• Sending notifications about attendance, grades, transport updates, and school events.
• Enabling real-time GPS tracking and geofencing alerts for student transport safety.
• Processing facial recognition for touchless attendance marking.
• Powering AI-driven features like Simi chatbot responses and predictive analytics.
• Improving product quality through anonymized usage analytics.
• Communicating service updates, security alerts, and support responses.
• Complying with legal obligations and regulatory requirements.

3. Student Data Protection

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Control: Role-based access control (RBAC) with multi-factor authentication for administrative accounts.
• Infrastructure: Hosted on enterprise-grade cloud infrastructure with ISO 27001 compliance.
• Monitoring: 24/7 security monitoring, intrusion detection, and automated threat response.
• Backups: Regular automated backups with geographic redundancy and disaster recovery protocols.
• Auditing: Comprehensive audit logs for all data access and modifications.

5. Data Sharing & Disclosure

We do not sell personal data. We may share data only in the following limited circumstances:

• With service providers (payment gateways, SMS/email providers, cloud hosting) who process data on our behalf under strict contractual obligations.
• With the subscribing institution — schools retain full access to their institutional data.
• When required by law, regulation, legal process, or enforceable government request.
• To protect the rights, safety, or property of Edship, its users, or the public.

6. Location & IoT Data

Our transport and fleet management services (Bueagle, Nora Transit) collect real-time GPS data from IoT devices installed in vehicles. This data is used exclusively for student safety — tracking vehicle locations, triggering geofence alerts, and optimizing routes. Location data is retained for 90 days for operational purposes and then automatically archived. Parents can view their child's transport location only during active trip hours.

7. Cookies & Analytics

Our websites and web applications use essential cookies for authentication, session management, and security. We may use analytics tools to understand usage patterns and improve our services. We do not use cookies for advertising or cross-site tracking. You can manage cookie preferences through your browser settings.

8. Data Retention

We retain institutional data for the duration of the active service agreement plus an additional 90-day grace period. After this period, data is securely deleted unless the institution requests an extension or data export. Student academic records may be retained longer if required by educational regulations. Biometric templates are deleted within 30 days of a student's de-enrollment or upon institutional request.

9. Your Rights

Depending on your role and applicable laws, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you or your child.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Deletion: Request deletion of personal data (subject to legal and contractual obligations).
• Right to Data Portability: Request your data in a structured, commonly used format.
• Right to Withdraw Consent: Withdraw consent for specific data processing activities.
• Right to Restrict Processing: Request limitation of data processing in certain circumstances.

10. Children's Privacy

Our services are designed for use by educational institutions and are not directed at children under the age of 13 without institutional and parental oversight. We collect student data only through authorized institutional channels and with appropriate consent. If we become aware that we have collected personal data from a child without proper authorization, we will take immediate steps to delete such data.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, or legal requirements. Material changes will be communicated via email notification to institutional administrators and through an in-app banner at least 15 days before taking effect.

12. Contact Us