Privacy Policy

System Privacy Policy

Effective Date: 01/01/2026
Last Updated: 01/01/2026

This System Privacy Policy (“Privacy Policy”) governs the collection, use, processing, storage, disclosure, and protection of information by BharatSiksha (“BharatSiksha”, “we”, “our”, or “us”) through its web-based and mobile-based school management platform, applications, and related services (collectively, the “Platform”).

BharatSiksha is committed to maintaining the highest standards of data protection, privacy, confidentiality, and information security in accordance with applicable laws, industry best practices, and institutional expectations.

By accessing, registering for, or using the Platform, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.

1. Purpose and Applicability

This Privacy Policy is designed to:

  • Clearly define how institutional and personal data is handled

  • Establish transparency in data processing practices

  • Protect the rights and interests of schools, users, and stakeholders

  • Demonstrate BharatSiksha’s commitment to responsible data governance

This Policy applies to all users of the Platform, including but not limited to:

  • Educational institutions and their authorized representatives

  • Super administrators and system operators

  • School administrators and academic coordinators

  • Teachers, staff members, and employees

  • Students and parents or legal guardians

  • Visitors accessing public sections of the Platform

2. Definitions

For the purpose of this Privacy Policy:

  • “Institution” refers to any school, academy, or educational organization registered on the Platform.

  • “User” refers to any individual authorized to access the Platform under an assigned role.

  • “Personal Data” means any information relating to an identifiable individual.

  • “Institutional Data” means academic, administrative, operational, or financial data belonging to an Institution.

  • “Processing” includes collection, storage, use, modification, transmission, or deletion of data.

3. Principles of Data Processing

BharatSiksha processes data in accordance with the following core principles:

  • Lawfulness and Fairness: Data is processed only for legitimate educational and administrative purposes.

  • Purpose Limitation: Data is collected solely for defined, explicit, and lawful purposes.

  • Data Minimization: Only data necessary for platform functionality is collected.

  • Accuracy: Reasonable measures are taken to ensure data accuracy and integrity.

  • Security and Confidentiality: Robust technical and organizational safeguards are implemented.

  • Accountability: Data processing activities are governed by internal controls and audit mechanisms.

4. Categories of Information Collected

4.1 Institutional Information

We may collect and process the following institutional details:

  • Institution name, address, and official contact details

  • Academic structure including classes, divisions, subjects, and mediums

  • Authorized administrative users and hierarchy

  • Configuration settings and operational preferences

4.2 User Personal Information

Depending on assigned roles, the Platform may collect:

  • Full name, designation, and role within the institution

  • Contact details such as email address and mobile number

  • System-generated user identifiers

  • Authentication credentials (securely encrypted and protected)

4.3 Student and Academic Information

Under the authority of the institution, the Platform may process:

  • Student admission and enrollment records

  • Parent or guardian details

  • Attendance records, assessments, examination results

  • Academic progress, assignments, and learning activities

4.4 Financial and Transactional Data

Where applicable:

  • Fee structures and payment records

  • Transaction references and receipts

  • Financial logs for institutional accounting purposes

BharatSiksha does not store sensitive payment card details.

4.5 Technical and Usage Information

To ensure platform security and performance, we may collect:

  • IP address and device identifiers

  • Browser type, operating system, and session data

  • Login timestamps, activity logs, and audit trails

5. Legal Basis for Data Processing

BharatSiksha processes data based on one or more of the following lawful grounds:

  • Performance of contractual obligations with the institution

  • Legitimate educational and administrative interests

  • Compliance with applicable legal or regulatory requirements

  • Explicit authorization provided by the institution

6. Purpose of Data Usage

Data collected by BharatSiksha is used exclusively for:

  • Delivering and maintaining platform services

  • Academic administration and record management

  • Institutional communication and coordination

  • System security, monitoring, and fraud prevention

  • Technical support and issue resolution

  • Service improvement and feature enhancement

Data is never used for unauthorized commercial exploitation.

7. Data Ownership and Control

All institutional and academic data entered into the Platform remains the sole and exclusive property of the respective Institution.

BharatSiksha:

  • Acts only as a technology service provider and data processor

  • Does not claim ownership over institutional or personal data

  • Processes data strictly in accordance with institutional instructions

8. Access Control and User Authorization

Access to data within the Platform is governed by:

  • Role-based access control (RBAC) mechanisms

  • Hierarchical permission structures defined by the institution

  • Secure authentication and session management

Users may access only the data necessary for their assigned role.

9. Information Security Measures

BharatSiksha employs enterprise-grade security practices, including:

  • Secure system architecture and infrastructure controls

  • Encryption of data in transit

  • Controlled administrative access and monitoring

  • Regular system audits and vulnerability assessments

  • Logging and monitoring of critical activities

Despite best efforts, no system can guarantee absolute security. However, BharatSiksha continuously evaluates and enhances its security posture.

10. Data Storage and Hosting Practices

BharatSiksha stores and processes data using secure, professionally managed infrastructure designed to support high availability, reliability, and institutional continuity.

Key principles governing data storage include:

  • Data is stored in a structured and logically segregated manner.

  • Institutional data is isolated to prevent unauthorized cross-access.

  • Access to infrastructure is restricted to authorized personnel only.

  • Storage systems are continuously monitored for integrity and availability.

Where applicable, data may be hosted within data centers located in compliance with applicable jurisdictional requirements and institutional agreements.

11. Data Retention Policy

BharatSiksha retains data only for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, contractual obligations, and applicable legal requirements.

11.1 Institutional Data Retention

  • Academic and administrative records are retained for the duration of the institution’s active use of the Platform.

  • Institutions may request retention extensions or early deletion, subject to legal and operational constraints.

  • Upon service termination, institutions may request data export in a reasonable and commonly used format.

11.2 Log and Audit Data

  • System logs, access records, and audit trails are retained for security, compliance, and troubleshooting purposes.

  • Retention periods for logs may vary based on security requirements and regulatory expectations.

12. Data Backup and Recovery

To ensure business continuity and data integrity, BharatSiksha maintains structured data backup mechanisms.

12.1 Backup Practices

  • Regular backups are performed to protect against data loss.

  • Backups are stored securely and protected against unauthorized access.

  • Backup processes are designed to support timely restoration in the event of system failure.

12.2 Disaster Recovery

BharatSiksha maintains procedures to restore system functionality and data availability in the event of:

  • Hardware or infrastructure failure

  • System malfunction or corruption

  • Security incidents impacting availability

While absolute prevention of disruptions cannot be guaranteed, BharatSiksha is committed to minimizing downtime and restoring services in a reasonable timeframe.

13. Business Continuity and System Availability

BharatSiksha is designed with continuity and reliability as core objectives.

  • System architecture supports stable and consistent operation.

  • Monitoring mechanisms are in place to detect and respond to issues.

  • Maintenance activities are planned to minimize service interruption.

Temporary downtime may occur due to upgrades, security updates, or unforeseen technical events. Where practicable, advance notice is provided to institutions.

14. Data Deletion and Service Termination

14.1 Institution-Initiated Termination

Upon written request by the institution:

  • Data may be exported or deleted after verification.

  • Deletion requests are processed within a reasonable timeframe.

  • Certain records may be retained where legally required.

14.2 Platform-Initiated Termination

BharatSiksha reserves the right to suspend or terminate access in cases of:

  • Breach of terms or misuse of the Platform

  • Legal or regulatory requirements

  • Security threats or system abuse

In such cases, reasonable steps will be taken to protect institutional data.

15. Data Integrity and Accuracy

BharatSiksha implements measures to preserve data accuracy and integrity; however:

  • Institutions are responsible for the correctness of data entered.

  • Authorized users must ensure timely updates and corrections.

  • BharatSiksha is not responsible for inaccuracies arising from user input.

16. Data Portability

Upon request and subject to contractual terms:

  • Institutions may request export of their data.

  • Data will be provided in a structured and commonly used digital format.

  • Requests may require identity and authorization verification.

17. Data Sharing Principles

BharatSiksha follows a strict data-non-commercialization policy.

  • Institutional and personal data is never sold, rented, leased, or monetized.

  • Data is shared only when strictly necessary for platform operations, legal compliance, or institutional authorization.

  • All data handling is governed by confidentiality, purpose limitation, and security controls.

18. Third-Party Service Providers

To operate and maintain the Platform efficiently, BharatSiksha may engage limited third-party service providers (“Service Providers”) for specific operational purposes, such as:

  • Infrastructure and hosting services

  • System monitoring and security services

  • Communication delivery (e.g., notifications, emails)

  • Technical support and maintenance

18.1 Third-Party Safeguards

All Service Providers are:

  • Contractually bound by confidentiality and data protection obligations

  • Granted access strictly on a need-to-know basis

  • Prohibited from using data for independent or unauthorized purposes

BharatSiksha remains accountable for data protection even when third-party services are involved.

19. No Unauthorised External Access

Except as expressly stated in this Policy:

  • No external entity is granted access to institutional or personal data.

  • Marketing, advertising, or profiling use of data is strictly prohibited.

  • Data is not shared with advertisers or analytics platforms for commercial exploitation.

20. Legal and Regulatory Disclosure

BharatSiksha may disclose data where required to do so under applicable law, regulation, court order, or governmental request, including but not limited to:

  • Compliance with statutory or regulatory obligations

  • Response to lawful subpoenas or judicial directives

  • Cooperation with law enforcement authorities

In such cases:

  • Disclosure is limited to the minimum data legally required

  • Reasonable efforts are made to notify the affected institution, unless prohibited by law

21. Protection of Platform Rights and Security

Data may be accessed or disclosed when necessary to:

  • Investigate security incidents or system abuse

  • Prevent fraud, misuse, or unauthorized access

  • Protect the rights, safety, and integrity of BharatSiksha, institutions, and users

  • Enforce platform policies, terms, or agreements

Such access is strictly controlled, documented, and reviewed.

22. Institutional Authorisation for Data Sharing

Institutions may explicitly authorize data sharing in specific scenarios, including:

  • Integration with external academic or administrative systems

  • Government reporting requirements

  • Board, trust, or regulatory submissions

BharatSiksha acts solely on documented institutional instructions in such cases.

23. Cross-Border Data Transfer

Where cross-border data transfer is required for operational reasons:

  • Transfers are conducted in compliance with applicable laws

  • Adequate data protection safeguards are maintained

  • Data access remains restricted and monitored

BharatSiksha does not engage in uncontrolled or unnecessary international data transfers.

24. Confidentiality Obligations

All BharatSiksha employees, contractors, and authorized personnel are:

  • Bound by confidentiality agreements

  • Trained in data protection and security practices

  • Subject to internal disciplinary action for violations

Confidentiality obligations survive termination of access or employment.

25. Aggregated and Anonymized Data

BharatSiksha may use aggregated or anonymized data for:

  • Platform performance analysis

  • System improvement and optimization

  • Statistical and operational insights

Such data:

  • Does not identify any individual or institution

  • Cannot be reverse-engineered to reveal personal information

26. Children’s and Minor Data Protection

BharatSiksha is a platform designed exclusively for use by educational institutions. A significant portion of the data processed through the Platform relates to students, including minors.

BharatSiksha acknowledges the heightened responsibility associated with processing children’s data and implements safeguards to ensure such data is handled with the highest level of care, confidentiality, and security.

27. Institutional Authority and Responsibility

All student data, including data of minors, is processed by BharatSiksha solely under the authority, instruction, and control of the respective Institution.

The Institution is responsible for:

  • Lawful collection of student and parent data

  • Obtaining necessary parental or guardian consent where required

  • Defining internal access policies for student information

  • Ensuring compliance with applicable education and data protection laws

BharatSiksha does not independently collect student data outside institutional authorization.

28. Parental and Guardian Rights

Parents or legal guardians may exercise rights over student data through the Institution, including:

  • Access to student academic and attendance records

  • Review of personal information maintained by the school

  • Request for correction of inaccurate or outdated data

  • Receipt of institutional communications and notifications

All such requests are processed in accordance with the Institution’s policies and applicable legal requirements.

29. Limitations on Direct Parental Requests

As BharatSiksha operates as a data processor, it does not independently respond to direct data requests from parents or guardians without institutional authorization.

Any request related to:

  • Data access

  • Data correction

  • Data deletion

must be routed through the respective Institution to ensure proper verification and authorization.

30. Use of Student Data

Student data is used strictly for:

  • Academic administration and record maintenance

  • Attendance, examinations, and performance tracking

  • Institutional communication and engagement

  • Operational and regulatory requirements

Student data is never used for marketing, advertising, profiling, or non-educational purposes.

31. Restrictions on Student Data Visibility

BharatSiksha enforces role-based visibility restrictions to ensure:

  • Teachers access only students relevant to their assigned classes

  • Parents access only their own child’s information

  • Students access only permitted academic content

  • Administrative users access data strictly as per assigned authority

Unauthorized access attempts are logged and monitored.

32. Institutional Accountability Framework

Institutions using BharatSiksha are accountable for:

  • Assigning appropriate user roles and permissions

  • Monitoring internal access and usage

  • Preventing misuse or unauthorized disclosure

  • Ensuring responsible and ethical use of the Platform

BharatSiksha provides technical controls, but institutional governance remains essential.

33. Breach Response and Incident Management

In the event of a data security incident affecting student or institutional data:

  • BharatSiksha will take prompt measures to contain and assess the incident

  • Affected institutions will be notified where appropriate

  • Reasonable steps will be taken to minimize impact and restore services

Incident handling follows internal response procedures aligned with industry practices.

34. Educational Use Limitation

The Platform is intended solely for legitimate educational and administrative purposes.

Any attempt to use BharatSiksha for:

  • Unauthorized surveillance

  • Discriminatory practices

  • Non-educational exploitation

is strictly prohibited and may result in suspension or termination of access.

35. Ethical Data Handling Commitment

BharatSiksha is committed to ethical data handling practices that respect:

  • Student dignity and privacy

  • Parental trust

  • Institutional integrity

Our approach prioritizes responsibility, transparency, and long-term trust in the education ecosystem.

36. Cookies and Similar Technologies

BharatSiksha uses cookies and similar technologies solely to ensure secure operation, functionality, and performance of the Platform.

36.1 Types of Cookies Used

The Platform may use the following categories of cookies:

  • Essential Cookies:
    Required for user authentication, session management, and system security.

  • Functional Cookies:
    Enable system preferences and improve user experience.

BharatSiksha does not use cookies for behavioral advertising, third-party marketing, or intrusive tracking.

37. Purpose of Cookies

Cookies are used exclusively for:

  • Maintaining secure login sessions

  • Ensuring system stability and performance

  • Enhancing usability and navigation

  • Preventing unauthorized access

Users may restrict or disable cookies via browser settings; however, doing so may affect platform functionality.

38. Tracking and Analytics

BharatSiksha may collect limited usage analytics strictly for:

  • System performance monitoring

  • Feature optimization and improvement

  • Security and operational diagnostics

All analytics data is:

  • Aggregated or anonymized where possible

  • Used internally only

  • Not shared with advertisers or data brokers

39. User Rights and Data Transparency

BharatSiksha recognizes and supports data transparency and accountability.

Subject to applicable laws and institutional authority, users may have the right to:

  • Request access to personal data

  • Request correction of inaccurate information

  • Request deletion or restriction of processing

  • Request information on data usage practices

All such requests must be submitted through the respective Institution or authorized administrator.

40. Institutional Mediation of User Rights

As a data processor, BharatSiksha does not independently adjudicate user rights.

  • Institutions act as the primary point of contact for user data requests

  • BharatSiksha supports institutions in fulfilling legitimate requests

  • Identity verification and authorization are required before action

This structure ensures controlled and lawful data management.

41. Right to Object and Restrict Processing

Users may object to certain data processing activities; however:

  • Core educational and administrative processing is mandatory for platform operation

  • Restriction requests may impact service availability

  • Final decisions are governed by institutional policy and legal requirements

42. Consent Management

By using the Platform under institutional authorization:

  • Users acknowledge and consent to data processing as outlined in this Policy

  • Consent is managed at the institutional level

  • Withdrawal of consent may affect access to services

43. Automated Decision-Making

BharatSiksha does not engage in automated decision-