Privacy Policy
Last updated: 14 May 2026 · Compliant with DPDPA 2023 (India)
1. What Data We Collect
We collect the following categories of data:
- School / tenant data: School name, subdomain, custom domain (if configured), admin contact email and name.
- User data: Name, email address, role, profile photo (optional), and activity logs within the platform.
- Student data: Name, email, class/grade, academic records, attendance, leave history, and fee payment status — as entered by school staff.
- Teacher & staff data: Name, email, role, salary records, leave history, and timetable assignments.
- Usage data: Pages visited, features used, and approximate session timestamps for operational monitoring and support.
- Payment data: Transaction identifiers from Razorpay. We do not store card numbers or bank account details — these are held exclusively by Razorpay.
2. How Data Is Used
- To provide, operate, and improve the EduBerry platform
- To process payments and manage subscriptions
- To send service notifications, billing receipts, and critical security alerts
- To respond to support requests
- To generate anonymised, aggregated analytics for product improvement (never sold)
- To comply with applicable Indian law and regulatory requirements
We do not sell, rent, or share personal data with third parties for marketing purposes.
3. Data Retention
- Active tenant data is retained for the lifetime of the subscription.
- On subscription cancellation: data remains accessible in read-only mode for 30 days, after which it is permanently deleted from all systems including backups within 60 days.
- Payment transaction records are retained for 7 years to comply with Indian tax law.
- Audit logs are retained for 12 months.
4. Third-Party Processors
We use the following sub-processors. Each is bound by data processing agreements:
| Processor | Purpose | Data location |
|---|---|---|
| Supabase | Database, authentication, file storage | Singapore / AWS ap-southeast-1 |
| Vercel | Application hosting and edge delivery | Global CDN (nearest region) |
| Razorpay | Payment processing (SaaS billing) | India |
5. Student Data Protection
EduBerry processes student data as a data processor on behalf of the school (the data fiduciary under DPDPA 2023). Schools are responsible for:
- Obtaining appropriate consent from parents or guardians before entering student data
- Complying with their own institutional data protection policies
- Informing students and parents about data processing activities
EduBerry does not access student data except for technical support purposes and only with the school’s explicit authorisation. Student data is fully isolated per tenant via row-level security and is never accessible to EduBerry staff in the normal course of operations.
6. Data Breach Notification
In the event of a data breach that poses a risk to affected individuals, we will:
- Notify affected school administrators within 72 hours of becoming aware of the breach
- Provide details of the nature of the breach, data affected, and remediation steps
- Report to CERT-In as required under Indian law
7. Your Rights
Under DPDPA 2023, you have the right to:
- Access: Request a copy of personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data (subject to legal retention obligations)
- Export: Export your school’s data in a machine-readable format (CSV)
- Grievance redressal: Raise a complaint with our Data Protection Officer
To exercise any of these rights, email privacy@eduberry.org. We will respond within 30 days.
Contact
EduBerry Private Limited — Data Protection Officer
Tamil Nadu, India
Email: privacy@eduberry.org