Home Features Pricing Blog About Us FAQ Contact Book Free Demo

Privacy Policy

Last Updated: 02 May 2026

This Privacy Policy explains what data Apna School (operated by Apna Infotech, Rajasthan, India) collects, how we use it, with whom we share it and the choices you have. We respect the privacy of every school, every staff member and every student / guardian whose data passes through our systems.

Jump to a section 1. Introduction 2. Data we collect 3. How we use it 4. Sharing 5. Storage & security 6. Retention 7. Your rights 8. Cookies 9. Children’s data 10. Third-party links 11. Changes 12. Contact

1. Introduction & Scope

This policy applies to all data collected through the Apna School website (apnaschool.site) and the Apna School software, accessed via the web panel and the Android app. It covers every category of user — school owners, school administrators, principals, teachers, accountants, staff, students and parents / guardians.

We are committed to protecting privacy in accordance with applicable Indian law, including:

  • The Information Technology Act, 2000 and the IT (Amendment) Act, 2008
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • The Digital Personal Data Protection Act, 2023 (DPDPA 2023)

By using our service, you consent to the practices described in this policy.

2. What Data We Collect

2.1 School / organisation data

  • School name, address, UDISE code, affiliation number, registration number
  • School phone, email, website
  • School logo, thermal-printer width preference

2.2 User account data

  • Full name, mobile number (used as login identifier), encrypted password hash
  • One-time passwords (OTP) used for forgot-password
  • Login timestamps, IP address, last-active session
  • Per-employee role permissions configured by the school admin

2.3 Student data (entered by the school)

  • Name, optional name in local script, father’s name, mother’s name
  • Date of birth, gender, caste category, religion, RTE flag
  • Admission number, admission date, class & section, roll number
  • Guardian mobile number(s), address
  • Photograph (optional)
  • Attendance records, exam marks, fee receipts, transport assignment

2.4 Staff data (entered by the school)

  • Name, father’s name, date of birth, gender, phone, email, address
  • Department, designation, qualification, date of joining
  • Salary structure (Basic, HRA, Other Allowance), payslip records
  • Daily attendance (Present / Absent / Half-Day / Leave)

2.5 Payment & subscription data

  • Subscription plan, subscription start & renewal dates
  • Transaction IDs, payment amount, payment date, payment status
  • SMS / WhatsApp wallet top-ups and debits
  • We do not directly store full credit-card or debit-card numbers. All card payments are processed by external PCI-DSS-compliant payment gateways (e.g. PayU, Razorpay, PhonePe).

2.6 Technical data

  • Browser type and version, device type, operating system
  • IP address, approximate region (derived from IP)
  • Pages visited, time spent, action timestamps
  • Server error logs (for debugging only)

3. How We Use Your Data

We use the data described above only to:

  • Provide, operate, maintain and improve the software service.
  • Send important service-related notifications (renewal, downtime, security alerts).
  • Provide technical support and resolve issues raised through phone, WhatsApp or email.
  • Process subscription payments and issue GST invoices.
  • Detect, prevent and respond to fraud, abuse and security incidents.
  • Comply with applicable laws, regulations, lawful court orders or government requests.
  • Run aggregate, anonymised internal analytics to improve features.

We do NOT use your data to:

  • Sell or rent personal data to any third party.
  • Run targeted advertising or build advertising profiles.
  • Profile individuals for political or commercial purposes outside the school’s administration.
  • Train external machine-learning models on identifiable student or staff data.

4. Data Sharing — Who We Share With

We share data only with:

  • Payment processors — to handle subscription billing and any optional online fee collection.
  • SMS, WhatsApp Business and email service providers — only to deliver utility messages such as fee reminders, attendance alerts and exam result notifications.
  • Cloud hosting providers — to physically store the data centres on which the application runs.
  • Legal authorities — only where disclosure is mandated by Indian law, a valid court order or a lawful government request.

We do not sell, rent or trade personal data with:

  • Marketing, advertising or media companies
  • Insurance companies, banks or NBFCs
  • Other educational institutions, coaching centres or publishers
  • Any other commercial entity for monetary or non-monetary consideration

5. Data Storage & Security

  • Data is stored on cloud servers and protected by HTTPS / TLS in transit.
  • User passwords are stored as one-way password hashes — never as plain text.
  • Every form is protected with CSRF tokens; every database query is parameterised to defend against SQL injection.
  • Login attempts are rate-limited per mobile + IP per day.
  • Each request runs through a per-page role-based gate so that only authorised users see the data their role permits.
  • The system is multi-tenant: every record is isolated per school — one school’s users can never see another school’s data.
  • Access to production systems is limited to authorised engineering personnel under a need-to-know basis.
Important security disclaimers

No internet-facing system is 100% secure. We are not liable for breaches caused by: (a) sophisticated attacks beyond reasonable industry-standard protection; (b) the user sharing or weakly protecting credentials; (c) malware on the user’s own device; or (d) vulnerabilities in third-party components outside our control. In the event of a personal-data breach affecting you, we will notify you on a best-effort basis within 72 hours as required by DPDPA 2023.

6. Data Retention

  • Active subscription — data is retained for the entire duration of your subscription.
  • After subscription ends — data is retained for an additional 30 days so you can request an export.
  • After 30 days — production data may be permanently deleted; recovery is not possible.
  • Encrypted backups — may be retained for up to 90 days for disaster-recovery purposes, after which they are purged.
  • Legal hold — if a regulator, tax authority or court requires longer retention, we will comply.

It is the school’s responsibility to export data (student list, fee receipts, attendance register, payslips, accounting statements) before the subscription ends.

7. Your Rights (DPDPA 2023)

Under the Digital Personal Data Protection Act 2023 you have the right to:

  • Access the personal data we hold about you.
  • Correct or update inaccurate or out-of-date personal data.
  • Request deletion of your personal data (subject to legal-retention exceptions).
  • Withdraw consent for processing — this may affect availability of the service.
  • Nominate another individual to exercise these rights on your behalf in case of incapacity or death.
  • File a grievance with our Privacy Officer (see Section 12) and, if unresolved, with the Data Protection Board of India.

To exercise any right, email info@apnainfotech.com with subject “Data Rights Request”. Response time is up to 30 days. Some data may be retained where required by law (e.g. tax or audit records), in which case we will explain the legal basis.

8. Cookies Policy

We use cookies and similar technologies for limited, functional purposes:

  • Session cookies — to keep you logged in to the school panel.
  • Preference cookies — to remember small settings (e.g. selected academic session).
  • CSRF tokens — to protect every form submission.
  • Basic analytics — aggregate page-view counts and browser type, never tied to an individual.

We do not use cookies for cross-site tracking, retargeting or advertising profiling. You can disable cookies in your browser, but doing so may break parts of the software (you will not be able to stay logged in).

9. Children’s Data

  • The software stores data about students, including minors. This data is entered and controlled by the school itself, not by us directly.
  • Under DPDPA 2023, the school acts as the “Data Fiduciary” for student data; Apna School acts as the “Data Processor” on the school’s instructions.
  • It is the school’s responsibility to obtain any required consent from parents / guardians for the processing of their children’s data.
  • We do not directly collect data from children. We only process such data as instructed by the school for legitimate educational administration.
  • We do not use children’s data for any form of advertising, profiling or external sharing.

10. Third-Party Links

  • The website and software may contain links to third-party services (payment gateways, social-media pages, support tools).
  • We are not responsible for the privacy practices, content or downtime of those third-party sites.
  • We recommend reviewing the privacy policy of any third-party site you visit through our links.
  • We have no control over what cookies or trackers third-party services may set.

11. Changes to This Privacy Policy

  • We may update this policy at any time. The “Last Updated” date at the top of the page reflects the latest revision.
  • Significant changes may be communicated by email or in-app notification on a best-effort basis.
  • Your continued use of the service after a change constitutes acceptance of the updated policy.

12. Contact for Privacy Issues

  • Privacy Officer: Apna Infotech
  • Email: info@apnainfotech.com (subject: Privacy / Data Rights Request)
  • Phone: +91 952 972 1111 (Mon – Sat, 9 AM – 6 PM IST)
  • Postal: Apna Infotech, Rajasthan, India
  • Response time: within 30 business days
Also read: Terms & Conditions | Refund Policy | Contact Us