Privacy Policy
1. Who we are & scope
This Privacy Policy explains how [Company Name] (“AcadFlows”, “we”, “us”, “our”), with registered office at [Registered Address], collects, uses, discloses, stores and protects personal data when you visit our website, request a demo, or use the AcadFlows school operations platform (the “Service”).
It applies to prospective customers, website visitors, the institutions that subscribe to the Service (“Schools”), and the staff, students and parents whose data is processed within the Service.
2. Our role: processor vs. controller
For data you provide to us directly — for example, when you request a demo or contact sales — we act as the data fiduciary / controller.
For personal data that a School uploads to or generates within the Service (including student, parent and staff records), the School is the data fiduciary / controller and AcadFlows acts as the data processor, processing such data only on the School's documented instructions under our Data Processing Agreement.
3. Data we collect
3.1 Information you give us
- Contact and account details (name, work email, phone, institution name, role).
- Demo and sales enquiry details (number of students, current systems, areas of interest).
- Billing and tax details for paid subscriptions (e.g. GSTIN, billing address).
3.2 Information processed on behalf of Schools (within the Service)
- Student records: name, admission number, class/section, guardians, contact details, attendance, fees, exam results, documents, and transport details.
- Staff records: employee details, attendance, payroll-related information.
- Communications sent through the platform (WhatsApp, SMS, voice, email, in-app).
3.3 Information collected automatically
- Device, browser, IP address, and log/usage data.
- Cookies and similar technologies (see our Cookie Policy).
4. How we use data
- To provide, operate, secure and improve the Service.
- To respond to enquiries, schedule demos and provide support.
- To process payments and issue invoices.
- To send service, security and (where permitted) marketing communications.
- To comply with legal, tax and regulatory obligations.
We do not sell personal data, and we do not use student data for advertising.
5. Legal basis & consent
We process personal data on the basis of your consent, the performance of a contract, our legitimate interests in operating the Service, and compliance with applicable law, including India's Digital Personal Data Protection Act, 2023 (“DPDP Act”) and, where applicable, the EU/UK GDPR.
6. Children's data
The Service processes the personal data of children (students) on behalf of, and at the instruction of, the School. Schools are responsible for obtaining any consent required from parents or lawful guardians for the processing of children's data, in line with the DPDP Act. We apply additional safeguards to such data and do not undertake tracking, behavioural monitoring or targeted advertising directed at children.
7. Sharing & sub-processors
We share personal data only with:
- Vetted sub-processors who help us deliver the Service (hosting, communications, payments, analytics) — see our current list of Sub-processors.
- Professional advisers, auditors and authorities where required by law.
- A successor entity in connection with a merger, acquisition or reorganisation, subject to this Policy.
8. Storage, location & retention
Service data is hosted in India (AWS Mumbai, ap-south-1) by default. We retain personal data for as long as necessary to provide the Service and to meet legal obligations. School data is retained per the subscription agreement and deleted within [30] days of a verified deletion request or contract termination, save where retention is legally required.
9. Security
We maintain technical and organisational measures including encryption in transit (TLS 1.3) and at rest (AES-256), role-based access control, multi-factor authentication, per-tenant isolation, audit logging and regular independent security testing. No method of transmission or storage is fully secure; we cannot guarantee absolute security.
10. Your rights
Subject to applicable law, you may request access to, correction of, or erasure of your personal data, withdraw consent, or raise a grievance. Where AcadFlows is a processor, requests relating to student/staff data should be directed to the relevant School; we will assist the School in responding.
11. Cookies
We use cookies and similar technologies as described in our Cookie Policy.
12. Grievance officer
In accordance with applicable Indian law, our Grievance Officer is:
- Name: [Grievance Officer Name]
- Email: grievance@acadflows.com
- Address: [Registered Address]
We aim to acknowledge grievances within [48 hours] and resolve them within the timelines prescribed by law.
13. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified on this page with a revised “Last updated” date.
14. Contact
Questions about this Policy can be sent to connect@acadflows.com or by post to [Registered Address].