Privacy Policy
EduSphere processes personal data on behalf of schools (our customers). This policy explains what data we collect, how we use it, and what rights data subjects have under GDPR and the India DPDP Act.
1. Who we are
EduSphere is operated by EduSphere Technologies, headquartered in Bengaluru, India. For data-protection enquiries, contact privacy@edusphere.app.
2. Data we collect
Customer data (you control): student records, attendance, fees, exam results, staff details — uploaded by school administrators and staff.
Account data: name, email, role, hashed password, and login activity for users with EduSphere accounts.
Usage data: pages viewed, actions taken, IP address, user agent — used to operate, secure, and improve the service.
Payment data: handled by Razorpay; we store only the transaction reference and outcome.
3. How we use data
To provide and improve the service for your school.
To send transactional emails (password resets, invoice receipts, plan-renewal notices).
To prevent fraud, abuse, and security incidents.
To comply with legal obligations (e.g. tax records).
4. Lawful bases
For customers and their users: contractual necessity (to deliver the service you signed up for).
For visitors to our marketing site: legitimate interest (to understand traffic) and consent (for analytics cookies).
5. Sharing
We share data only with the subprocessors listed on the Security page (AWS, Razorpay, SendGrid, Cloudflare), each bound by appropriate data-protection contracts.
We do not sell personal data. We do not use student records for advertising.
6. Retention
Active tenant data is retained for the life of the subscription plus 30 days after cancellation, to support reactivation and export.
Audit logs are retained per your plan tier (30 days to unlimited).
Backups are retained for 30 days on a rolling window.
7. Your rights
You can request access, correction, or deletion of your personal data, subject to legal retention obligations. Contact privacy@edusphere.app and we will respond within 30 days.
You may lodge a complaint with your local data-protection authority if you believe we have not handled your data correctly.
8. International transfers
Customer data is primarily hosted in AWS Mumbai (ap-south-1). Some operational services (email delivery, CDN) run globally; transfers are covered by Standard Contractual Clauses where applicable.
9. Security
See our Security page for the technical and organisational measures we apply, including encryption, access control, and audit logging.