Privacy Policy

3.1 Providing & Operating the Platform

• Provisioning and managing isolated school workspaces
• Authenticating users and enforcing role-based access control
• Generating reports, invoices, attendance records, and report cards on behalf of the school
• Delivering scheduled fee reminders and parent notifications via email and WhatsApp
• Storing and retrieving student, family, and academic data at the school's direction

3.2 Platform Improvement & Analytics

• Analysing aggregated, anonymised usage data to improve feature design and performance
• Detecting and resolving bugs, errors, and performance bottlenecks
• Training and improving AI models using only de-identified, aggregated data — never raw student records

3.3 Security & Fraud Prevention

• Monitoring for unauthorised access, brute-force attempts, and suspicious activity
• Maintaining immutable audit logs for all data modifications within a workspace
• Verifying workspace ownership and billing contact identity

3.4 Legal Compliance

• Fulfilling our obligations under applicable data protection laws (GDPR, PDPA, POPIA, and equivalents)
• Responding to lawful requests from government authorities where required
• Enforcing our Terms of Service and resolving disputes

5.1 Encryption

• All data in transit is encrypted using TLS 1.2 or higher. HTTPS is enforced across all endpoints
• Data at rest is encrypted using AES-256 encryption managed by our cloud infrastructure provider (Railway)
• Authentication credentials are never stored in plaintext. Password hashing and token management are handled by Supabase Auth using industry-standard algorithms

5.2 Access Controls

• Server-to-server API requests are authenticated via a server-side token (x-api-token) injected by the proxy and never exposed to the browser
• Public API features (such as AI assistant) may send a public token (X-API-Token) from the browser — this token is intentionally public and only grants access to non-sensitive data
• Role-based access control (RBAC) is enforced at the API layer — every request is validated against the authenticated user's role before data is returned
• Internal EduPilotPro staff access to production databases is restricted to authorised personnel only and requires multi-factor authentication

5.3 Audit Logging

• All data modification events (create, update, soft delete) are logged with a timestamp, user identity, and change description
• Audit logs are immutable and cannot be altered by workspace users
• Logs are retained for a minimum of 12 months to support compliance and dispute resolution

5.4 Infrastructure Security

• The platform is hosted on Railway's cloud infrastructure, which provides DDoS protection, network isolation, and automated security patching
• File assets (documents, uploads) are stored in S3-compatible object storage with access restricted to pre-signed URLs with short expiry windows
• We conduct periodic security reviews and respond promptly to identified vulnerabilities

6.1 Active Workspace Data

• All school, student, family, and operational data is retained for the duration of the active subscription
• Records are soft-deleted by default (enabled: false) and can be restored by School Operators — they are not immediately purged from the database
• Attendance and financial records are retained for a minimum of 7 years in line with standard accounting and educational record-keeping requirements, unless the School Operator requests earlier deletion

6.2 Post-Cancellation Retention

• Upon subscription cancellation, workspace data is retained for a grace period of 30 days to allow for data export or reactivation
• After the grace period, all workspace data — including student records, family data, fee history, and attachments — is permanently deleted from our systems within 30 additional days
• School Operators can request a full data export (JSON and CSV format) at any time during the subscription or grace period by contacting [email protected]

6.3 Backup Retention

• Automated database backups are retained for up to 35 days. Backups are encrypted and stored in geographically redundant storage
• Backup data is used solely for disaster recovery purposes and is not accessible to workspace users directly

9.1 Rights Available to All Users

• Access: request a copy of the personal data we hold about you
• Correction: request correction of inaccurate or incomplete personal data
• Deletion: request deletion of your personal data (subject to legal retention obligations)
• Data portability: request your workspace data in a structured, machine-readable format (JSON/CSV export)

9.2 Additional Rights for EU / UK Users (GDPR & UK GDPR)

• Right to object: object to processing of your personal data where we rely on legitimate interests as the legal basis
• Right to restrict processing: request that we restrict how your data is used while a dispute is being resolved
• Right not to be subject to automated decisions: request human review of any automated AI-generated decision (e.g., fee risk scores) that significantly affects you
• Lodge a complaint: you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the United Kingdom, or your national DPA in the EU)

10.1 How to Request Account Deletion

• Visit our Account Deletion Request page and complete the form with your details
• Provide your first name, last name, school name, email or phone number, and ID number for verification
• Confirm that you understand the deletion is permanent and cannot be undone
• Submit the request

10.2 Verification Process

• After submission, you will receive a verification email at the address you provided
• Click the verification link in the email to confirm your identity and authorization for deletion
• This verification step ensures that account deletion requests are genuine and prevents unauthorized deletions

10.3 Data Deletion Timeline

• Within 30 days: Upon verification, we will delete all personal data associated with your account, including user profile information, access credentials, and login history
• Within 60 days: All backup copies containing your data will be purged from our backup systems
• You will receive a confirmation email once the deletion is complete

10.4 What Data Is Deleted

• Your user account and authentication credentials
• Personal profile information (name, email, phone)
• Account preferences and notification settings
• Login history and session data
• Access tokens and API keys associated with your account
• All audit log entries associated with your user account

10.5 Limitations & Exceptions

• Workspace-level data: If you are a Super Admin or Admin of a workspace, we may retain certain aggregated workspace data (e.g., school name, basic settings) for accounting and compliance purposes for up to 7 years, but your personal user account will be deleted
• Student records: If you are requesting deletion as a student or parent, please contact your school directly. Schools are the data controllers and must authorize student record deletion
• Legal obligations: We may retain minimal data (e.g., your email address and deletion timestamp) for legal compliance, fraud prevention, or dispute resolution, but this will be kept separate from your full profile data
• Backup retention: Due to standard database backup practices, your data may exist in encrypted backups for up to 35 days before those backups are automatically purged

10.6 Alternative Deletion Methods

If you prefer not to use the online form, you may also request account deletion by contacting us directly:

• Email: [email protected] with subject "Account Deletion Request"
• Include your full name, email, school name, and ID number in your email for verification
• We will respond with next steps and a verification link within 5 business days

11.1 Essential Cookies

• We use session cookies issued by Supabase Auth to maintain authenticated sessions. These cookies are strictly necessary for the platform to function and cannot be disabled
• Session cookies expire when the browser is closed or after the configured idle timeout. No persistent tracking cookies are set for authenticated sessions

11.2 Analytics Cookies

• The EduPilotPro marketing website (edupilotpro.com) uses Google Analytics 4 to measure aggregate page views and feature popularity
• Google Analytics is loaded only on the public marketing pages and the dashboard in production environments — it is not loaded during development or for unauthenticated API requests
• No student or family data is ever transmitted to Google Analytics. All events are anonymised at the user level
• You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on

11.3 Local Storage

• The platform uses browser localStorage to cache module data (e.g., course and student lists) for performance. This data mirrors what is stored server-side and is cleared on sign-out
• No sensitive personal information (e.g., financial records, full student profiles) is stored in localStorage