Privacy Policy for Educational Institutions

1. About Apna School Software

Apna School Software is a proprietary school management and administration platform developed, owned, and operated by Apna Infotech. The Software is designed to digitize and streamline the academic, administrative, financial, and communication operations of educational institutions.

The Software facilitates the storage, processing, and communication of educational data including student records, attendance, examination results, fee information, staff details, school notices, and parent communications, among other institutional operational data.

2. Information Collected Through the Software

In the course of providing Software services to the Institution, Apna Infotech may collect, receive, store, and process the following categories of information:

A. Institution & Administrator Information

• School or institution name, address, and registration details
• Authorized administrator names, designations, and contact information
• Administrator login credentials (passwords stored in encrypted form)
• Subscription and billing information
• Bank account or payment details for fee settlement (where applicable)

B. Student Information

• Student name, date of birth, gender, and photograph
• Admission number, class, section, and roll number
• Parent or guardian name, mobile number, and email address
• Address and emergency contact details
• Attendance records and leave history
• Examination marks, grades, and academic performance data
• Fee dues, payment history, and receipt records
• Transport, hostel, or library records (where applicable)

C. Staff & Faculty Information

• Staff name, designation, department, and employee ID
• Contact number and email address
• Attendance and leave records
• Salary and payroll information (where applicable)

D. Operational & Technical Information

• Login activity logs and session records for security purposes
• Device model, operating system, and browser information
• IP address and geographic location data
• Software usage patterns, feature interactions, and diagnostic data
• Crash reports and error logs for performance improvement

Information collected is limited to what is reasonably necessary for the provision of Software services, operational management, security, and service improvement purposes.

3. How Information Is Used

Information collected through the Software may be used for the following purposes:

• Delivering and maintaining Software features and services subscribed to by the Institution
• Enabling student, staff, and administrative management operations
• Processing fee transactions and generating financial reports
• Facilitating parent communication through the Apna School Parent App
• Sending push notifications, SMS alerts, and email communications to authorized users
• Authenticating users and maintaining account and platform security
• Generating academic reports, performance analytics, and institutional dashboards
• Providing technical support, troubleshooting, and issue resolution
• Improving Software performance, stability, and feature quality
• Complying with applicable legal, regulatory, or statutory obligations

Apna Infotech does not use Institution data for advertising, marketing to third parties, behavioral profiling unrelated to Software operations, or any purpose outside the scope of providing Software services to the Institution.

4. Data Ownership & Controller Relationship

4.1 Institution as Data Controller

The Institution is the data controller in respect of all student, parent, staff, and operational data entered into or managed through the Software. The Institution determines the purposes and means of processing such data and is solely responsible for ensuring that such processing complies with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (India).

4.2 Apna Infotech as Data Processor

Apna Infotech acts as a data processor on behalf of the Institution. The Company processes Institution data solely for the purpose of providing the Software services as instructed by the Institution and does not claim ownership of any Institution-specific data.

4.3 Institution’s Data Protection Obligations

The Institution, as data controller, is solely responsible for:

• Obtaining valid and informed consent from students, parents, and staff for the collection and processing of their personal data through the Software, as required by applicable law
• Ensuring that the personal data entered into the Software is accurate, relevant, and not excessive for the stated educational purpose
• Informing data subjects — including students, parents, and staff — about how their data is collected, used, and processed through the Software
• Responding to data subject access, correction, or deletion requests in accordance with applicable law
• Complying with all applicable data protection, privacy, and information security laws and regulations

Apna Infotech shall not be liable for any data protection violations, regulatory penalties, or third-party claims arising from the Institution’s failure to fulfill its obligations as data controller.

5. Data Security Measures

Apna Infotech implements commercially reasonable administrative, technical, and organizational security measures to protect Institution data stored on its infrastructure against unauthorized access, misuse, loss, alteration, or disclosure. Security measures may include:

• Encrypted storage of sensitive credentials and personal data
• Secure HTTPS data transmission protocols
• Role-based access controls limiting data access to authorized users
• Regular security audits and vulnerability assessments
• Activity logging and anomaly detection mechanisms
• Secure server infrastructure managed by reputable cloud hosting providers

The Institution acknowledges that no internet-based system, cloud-hosted platform, or electronic storage infrastructure can guarantee absolute, unconditional security. Apna Infotech shall not be held liable for any data breach, cyberattack, unauthorized access, or data loss that occurs despite the implementation of reasonable security measures.

The Institution is responsible for ensuring that its own administrators, staff, and authorized users maintain strong password practices, secure device usage, and responsible credential management.

6. Data Accuracy & Integrity

All data entered into the Software by the Institution or its authorized users — including student records, attendance entries, examination results, fee information, and staff data — is the sole responsibility of the Institution in terms of its accuracy, completeness, and legitimacy.

Apna Infotech does not independently verify, validate, audit, or monitor the correctness of any data submitted by the Institution. The Company assumes no liability for decisions made — academic, administrative, financial, or otherwise — based on data entered and managed by the Institution within the Software.

7. Data Sharing & Disclosure

7.1 No Sale of Data

Apna Infotech does not sell, rent, trade, lease, or otherwise commercially distribute Institution data, student data, parent data, or staff data to any third party for commercial, advertising, or unrelated purposes.

7.2 Sharing with Third-Party Service Providers

Apna Infotech may share limited and necessary data with trusted third-party service providers engaged for operational purposes, including:

• Cloud hosting and server infrastructure providers
• Payment gateway and financial transaction processors
• SMS, email, and push notification delivery service providers
• Analytics, performance monitoring, and crash reporting tools
• Security and data protection service providers

Such third-party providers are permitted to access Institution data only to the extent necessary to perform their designated service functions. Apna Infotech endeavors to engage providers that maintain reasonable data security and confidentiality standards.

7.3 Disclosure Under Legal Obligation

Apna Infotech may disclose Institution data to government authorities, regulatory bodies, law enforcement agencies, or courts of competent jurisdiction where required to do so by applicable law, court order, regulatory directive, or legal process. The Company will, where legally permissible, endeavor to provide reasonable notice to the Institution before such disclosure.

7.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of Apna Infotech’s business assets, Institution data may be transferred to the acquiring or successor entity as part of that transaction. The Institution will be notified of any such transfer where reasonably practicable.

8. Data Retention

Apna Infotech retains Institution data for as long as the Institution’s subscription remains active and for a reasonable period thereafter as necessary to:

• Fulfill the purposes described in this Privacy Policy
• Comply with applicable legal, regulatory, or statutory obligations
• Resolve disputes, enforce agreements, or address technical issues
• Maintain audit trails and operational records

Upon expiry or termination of the Institution’s subscription, Apna Infotech may retain Institution data for a defined period before permanent deletion in accordance with its internal data lifecycle and retention policies. The Institution may request a data export prior to or within a reasonable period after termination, subject to technical feasibility.

Certain categories of data may be retained for longer periods where required by applicable law or regulatory obligation.

9. Parent App Data & Cross-Platform Processing

Where the Institution uses the Apna School Parent App as part of its Software subscription, student and academic data entered by the Institution may be made accessible to parents or guardians through the Parent App in accordance with the Institution’s configuration and access settings.

The Institution is solely responsible for determining which data is shared with parents through the Parent App, and for ensuring that such sharing complies with applicable privacy laws and the Institution’s own policies.

The privacy practices applicable to end users of the Parent App are governed by the separate Apna School Parent App Privacy Policy.

10. Cookies & Technical Tracking

The web-based desktop platform of Apna School Software may use session cookies, authentication tokens, and similar technical mechanisms solely for the purposes of user authentication, session management, and platform security. These are not used for advertising, behavioral tracking, or cross-site profiling.

The Institution may configure browser settings to manage or restrict cookie usage, though this may affect the functionality of certain Software features.

11. Data Backup

Apna Infotech endeavors to maintain regular automated backups of data stored on its servers as part of its infrastructure management practices. However, the Company does not guarantee the completeness, frequency, or restorability of all data backups.

The Institution is strongly advised to maintain its own independent backups of all critical institutional data. Apna Infotech shall not be liable for any data loss arising from technical failures, server errors, accidental deletion by authorized users, or force majeure events.

12. Institution’s Rights Regarding Its Data

Subject to applicable laws and the terms of the subscription agreement, the Institution may:

• Access and review data stored within the Software through its administrator account
• Correct or update inaccurate or outdated records through the Software’s management interface
• Request a structured export of its data upon termination of subscription, subject to technical feasibility
• Request deletion of its account and associated data, subject to applicable legal retention obligations

Requests related to data access, correction, export, or deletion may be submitted to Apna Infotech at info@apnainfotech.com. The Company will respond to such requests within a reasonable timeframe.

13. Children’s Data & Special Obligations

The Software is used by educational institutions to manage data pertaining to students, who may include minors under the age of eighteen (18) years. The Institution, as data controller, is solely responsible for ensuring that the collection, storage, and processing of minor student data complies with all applicable laws, including the Digital Personal Data Protection Act, 2023, and any sector-specific educational data regulations.

Apna Infotech does not directly collect data from minors. All minor student data within the Software is submitted and managed by the Institution or its authorized staff. Apna Infotech processes such data solely in its capacity as data processor acting on the Institution’s instructions.

14. Third-Party Integrations & External Services

The Software may integrate with or rely upon third-party services including payment gateways, cloud infrastructure providers, SMS and email service providers, push notification platforms, and analytics tools. Each such third-party provider operates under its own terms of service and privacy policy.

Apna Infotech does not control and is not responsible for the data practices, security measures, availability, or compliance of third-party service providers. The Institution is encouraged to review the privacy policies of any third-party service it interacts with through the Software.

15. Updates to This Privacy Policy

Apna Infotech reserves the absolute right to modify, revise, or update this Privacy Policy at any time, with or without prior notice to the Institution. Revised versions shall take effect immediately upon publication within the Software or on associated platforms.

It is the sole responsibility of the Institution to review this Privacy Policy periodically. Continued use of the Software following any update constitutes unconditional acceptance of the revised Policy.

16. Governing Law & Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India, including the Digital Personal Data Protection Act, 2023; the Information Technology Act, 2000; the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and other applicable statutes.

Any disputes arising from or in connection with this Privacy Policy or the processing of data through the Software shall be subject to the exclusive jurisdiction of competent courts located in Bikaner, Rajasthan, India.

17. Contact Information

For privacy-related queries, data requests, security concerns, or formal communications, the Institution may contact:

• Apna Infotech
• Nokha, Bikaner, Rajasthan — India
• Email: info@apnainfotech.com

18. Acknowledgement & Consent

By subscribing to, accessing, or using Apna School Software, the Institution — through its authorized representative — acknowledges that it has read this Privacy Policy in its entirety, fully understands its terms, and unconditionally agrees to be bound by it.

The Institution further acknowledges its independent responsibility as data controller to comply with all applicable data protection and privacy laws in respect of the personal data of students, parents, staff, and other individuals whose information is entered into or managed through the Software.

© 2026 Apna Infotech. All Rights Reserved.