Privacy Policy

1. About Apna School Software

Apna School Software is a proprietary school management and administration platform developed, owned and operated by Apna Infotech. The Software is designed to digitise and streamline the academic, administrative, financial and communication operations of educational institutions.

The Software facilitates the storage, processing and communication of educational data including student records, attendance, examination results, fee information, staff details, school notices and parent communications, among other institutional operational data.

2. Information Collected Through the Software

In the course of providing Software services to the Institution, Apna Infotech may collect, receive, store and process the following categories of information:

A. Institution & Administrator Information

• School or institution name, address and registration details
• Authorised administrator names, designations and contact information
• Administrator login credentials (passwords stored in encrypted form)
• Subscription and billing information
• Bank account or payment details for fee settlement, where applicable

B. Student Information

• Student name, date of birth, gender and photograph
• Admission number, class, section and roll number
• Parent or guardian name, mobile number and email address
• Address and emergency contact details
• Attendance records and leave history
• Examination marks, grades and academic performance data
• Fee dues, payment history and receipt records
• Transport, hostel or library records, where applicable

C. Staff & Faculty Information

• Staff name, designation, department and employee ID
• Contact number and email address
• Attendance and leave records
• Salary and payroll information, where applicable

D. Operational & Technical Information

• Login activity logs and session records for security purposes
• Device model, operating system and browser information
• IP address and geographic location data
• Software usage patterns, feature interactions and diagnostic data
• Crash reports and error logs for performance improvement

Information collected is limited to what is reasonably necessary for the provision of Software services, operational management, security and service improvement purposes.

3. How Information Is Used

Information collected through the Software may be used for the following purposes:

• Delivering and maintaining Software features and services subscribed to by the Institution
• Enabling student, staff and administrative management operations
• Processing fee transactions and generating financial reports
• Facilitating parent communication through the Apna School Parent App
• Sending push notifications, SMS alerts and email communications to authorised users
• Authenticating users and maintaining account and platform security
• Generating academic reports, performance analytics and institutional dashboards
• Providing technical support, troubleshooting and issue resolution
• Improving Software performance, stability and feature quality
• Complying with applicable legal, regulatory or statutory obligations

Apna Infotech does not use Institution data for advertising, marketing to third parties, behavioural profiling unrelated to Software operations, or any purpose outside the scope of providing Software services to the Institution.

4. Data Ownership & Controller Relationship

4.1 Institution as Data Controller

The Institution is the data controller in respect of all student, parent, staff and operational data entered into or managed through the Software. The Institution determines the purposes and means of processing such data and is solely responsible for ensuring that such processing complies with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (India).

4.2 Apna Infotech as Data Processor

Apna Infotech acts as a data processor on behalf of the Institution. The Company processes Institution data solely for the purpose of providing the Software services as instructed by the Institution and does not claim ownership of any Institution-specific data.

4.3 Institution's Data Protection Obligations

The Institution, as data controller, is solely responsible for:

• Obtaining valid and informed consent from students, parents and staff for the collection and processing of their personal data through the Software, as required by applicable law
• Ensuring that the personal data entered into the Software is accurate, relevant and not excessive for the stated educational purpose
• Informing data subjects — including students, parents and staff — about how their data is collected, used and processed through the Software
• Responding to data subject access, correction or deletion requests in accordance with applicable law
• Complying with all applicable data protection, privacy and information security laws and regulations

Apna Infotech shall not be liable for any data protection violations, regulatory penalties or third-party claims arising from the Institution's failure to fulfil its obligations as data controller.

5. Data Security Measures

Apna Infotech implements commercially reasonable administrative, technical and organisational security measures to protect Institution data stored on its infrastructure against unauthorised access, misuse, loss, alteration or disclosure. Security measures may include:

• Encrypted storage of sensitive credentials and personal data (AES-256 at rest, TLS in transit)
• Strict Content-Security-Policy on every page, CSRF tokens on every form
• Parameterised SQL queries throughout the application stack
• Role-based access controls limiting data access to authorised users
• Regular security audits and vulnerability assessments
• Activity logging and anomaly detection mechanisms
• Secure server infrastructure managed by reputable cloud hosting providers
• Rate-limited login per mobile + IP per day

The Institution acknowledges that no internet-based system, cloud-hosted platform or electronic storage infrastructure can guarantee absolute, unconditional security. Apna Infotech shall not be held liable for any data breach, cyberattack, unauthorised access or data loss that occurs despite the implementation of reasonable security measures.

The Institution is responsible for ensuring that its own administrators, staff and authorised users maintain strong password practices, secure device usage and responsible credential management.

6. Data Accuracy & Integrity

All data entered into the Software by the Institution or its authorised users — including student records, attendance entries, examination results, fee information and staff data — is the sole responsibility of the Institution in terms of its accuracy, completeness and legitimacy.

Apna Infotech does not independently verify, validate, audit or monitor the correctness of any data submitted by the Institution. The Company assumes no liability for decisions made — academic, administrative, financial or otherwise — based on data entered and managed by the Institution within the Software.

7. Data Sharing & Disclosure

7.1 No Sale of Data

Apna Infotech does not sell, rent, trade, lease or otherwise commercially distribute Institution data, student data, parent data or staff data to any third party for commercial, advertising or unrelated purposes.

7.2 Sharing with Third-Party Service Providers

Apna Infotech may share limited and necessary data with trusted third-party service providers engaged for operational purposes, including:

• Cloud hosting and server infrastructure providers
• Payment gateway and financial transaction processors (e.g. PayU)
• SMS, email and push notification delivery service providers (DLT-registered for India)
• Analytics, performance monitoring and crash reporting tools
• Security and data protection service providers

Such third-party providers are permitted to access Institution data only to the extent necessary to perform their designated service functions. Apna Infotech endeavours to engage providers that maintain reasonable data security and confidentiality standards.

7.3 Disclosure Under Legal Obligation

Apna Infotech may disclose Institution data to government authorities, regulatory bodies, law enforcement agencies or courts of competent jurisdiction where required to do so by applicable law, court order, regulatory directive or legal process. The Company will, where legally permissible, endeavour to provide reasonable notice to the Institution before such disclosure.

7.4 Business Transfers

In the event of a merger, acquisition, restructuring or sale of all or part of Apna Infotech's business assets, Institution data may be transferred to the acquiring or successor entity as part of that transaction. The Institution will be notified of any such transfer where reasonably practicable.

8. Data Retention

Apna Infotech retains Institution data for as long as the Institution's subscription remains active and for a reasonable period thereafter as necessary to:

• Fulfil the purposes described in this Privacy Policy
• Comply with applicable legal, regulatory or statutory obligations
• Resolve disputes, enforce agreements or address technical issues
• Maintain audit trails and operational records

Upon expiry or termination of the Institution's subscription, Apna Infotech may retain Institution data for a defined period (typically 90 days as a courtesy buffer) before permanent deletion in accordance with its internal data lifecycle and retention policies. The Institution may request a data export prior to or within a reasonable period after termination, subject to technical feasibility.

Certain categories of data may be retained for longer periods where required by applicable law or regulatory obligation.

9. Parent App Data & Cross-Platform Processing

Where the Institution uses the Apna School Parent App as part of its Software subscription, student and academic data entered by the Institution may be made accessible to parents or guardians through the Parent App in accordance with the Institution's configuration and access settings.

The Institution is solely responsible for determining which data is shared with parents through the Parent App, and for ensuring that such sharing complies with applicable privacy laws and the Institution's own policies.

The privacy practices applicable to end users of the Parent App are governed by the separate Apna School Parent App Privacy Policy, which is communicated to parents through the app at the time of registration.

10. Cookies & Technical Tracking

The web-based desktop platform of Apna School Software may use session cookies, authentication tokens and similar technical mechanisms solely for the purposes of user authentication, session management and platform security. These are not used for advertising, behavioural tracking or cross-site profiling.

The Institution may configure browser settings to manage or restrict cookie usage, though this may affect the functionality of certain Software features (including the ability to remain logged in).

11. Data Backup

Apna Infotech endeavours to maintain regular automated backups of data stored on its servers as part of its infrastructure management practices. Backups are rotated within 180 days. However, the Company does not guarantee the completeness, frequency or restorability of all data backups.

The Institution is strongly advised to maintain its own independent backups of all critical institutional data — particularly fee receipts, attendance records and exam marks at session-end. Apna Infotech shall not be liable for any data loss arising from technical failures, server errors, accidental deletion by authorised users or force majeure events.

12. Institution's Rights Regarding Its Data

Subject to applicable laws and the terms of the subscription agreement, the Institution may:

• Access and review data stored within the Software through its administrator account
• Correct or update inaccurate or outdated records through the Software's management interface
• Request a structured export of its data upon termination of subscription, subject to technical feasibility
• Request deletion of its account and associated data, subject to applicable legal retention obligations

Requests related to data access, correction, export or deletion may be submitted to Apna Infotech at info@apnainfotech.com. The Company will respond to such requests within a reasonable timeframe (typically 7 working days).

13. Children's Data & Special Obligations

The Software is used by educational institutions to manage data pertaining to students, who may include minors under the age of eighteen (18) years. The Institution, as data controller, is solely responsible for ensuring that the collection, storage and processing of minor student data complies with all applicable laws, including the Digital Personal Data Protection Act, 2023, and any sector-specific educational data regulations.

Apna Infotech does not directly collect data from minors. All minor student data within the Software is submitted and managed by the Institution or its authorised staff. Apna Infotech processes such data solely in its capacity as data processor acting on the Institution's instructions.

14. Third-Party Integrations & External Services

The Software may integrate with or rely upon third-party services including payment gateways (PayU), cloud infrastructure providers, SMS and email service providers, push notification platforms (Firebase Cloud Messaging) and analytics tools. Each such third-party provider operates under its own terms of service and privacy policy.

Apna Infotech does not control and is not responsible for the data practices, security measures, availability or compliance of third-party service providers. The Institution is encouraged to review the privacy policies of any third-party service it interacts with through the Software.

15. Updates to This Privacy Policy

Apna Infotech reserves the right to modify, revise or update this Privacy Policy at any time, with reasonable prior notice to the Institution. Revised versions shall take effect upon publication within the Software or on associated platforms. Material changes are communicated to the school owner by email at the registered address.

It is the responsibility of the Institution to review this Privacy Policy periodically. Continued use of the Software following any update constitutes acceptance of the revised Policy.

16. Governing Law & Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India, including the Digital Personal Data Protection Act, 2023; the Information Technology Act, 2000; the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and other applicable statutes.

Any disputes arising from or in connection with this Privacy Policy or the processing of data through the Software shall be subject to the exclusive jurisdiction of competent courts located in Bikaner, Rajasthan, India.

17. Contact Information

For privacy-related queries, data requests, security concerns or formal communications, the Institution may contact:

• Apna Infotech
• Bikaner, Rajasthan — India
• Email: info@apnainfotech.com
• Phone: +91 952 972 1111 (Mon–Sat, 9 AM – 6 PM IST)

18. Acknowledgement & Consent

By subscribing to, accessing or using Apna School Software, the Institution — through its authorised representative — acknowledges that it has read this Privacy Policy in its entirety, fully understands its terms, and agrees to be bound by it.

The Institution further acknowledges its independent responsibility as data controller to comply with all applicable data protection and privacy laws in respect of the personal data of students, parents, staff and other individuals whose information is entered into or managed through the Software.