EduSuite is a school management platform licensed to educational institutions ("Schools"). When a School uses EduSuite to manage its operations, the School is the data controller for the personal information of its students, parents, teachers, and staff. EduSuite acts as a data processor on the School's behalf and processes that information in accordance with the School's instructions and the data-processing terms in our agreement with the School.
For our own account creation, billing, security, product analytics, and direct communications with School administrators, EduSuite acts as a data controller.
This Policy applies to:
It does not apply to third-party websites, applications, or services that your School may use independently of EduSuite, even if linked from within the App.
The App uses local storage and authentication tokens to keep you signed in and remember preferences. The web portal uses cookies for the same purposes and for security. You can clear them through your device or browser settings; doing so will sign you out and may reset your preferences.
EduSuite is designed for use by Schools that enrol minors. We collect data about students only on the lawful instruction of their School, which is responsible for obtaining the consent of parents or legal guardians under applicable law (including, where relevant, GDPR, COPPA, and Pakistani data-protection requirements).
For accounts identified as student accounts, we do not knowingly:
If you believe a child's information has been collected without proper consent, please contact us immediately using the details in Section 16. We will work with the relevant School to investigate and, where appropriate, delete the data.
The Android App may request the following permissions. You can grant or revoke any optional permission at any time in Android Settings.
| Permission | Why we ask for it | Required? |
|---|---|---|
| Internet | Communicate with EduSuite servers | Yes |
| Notifications | Deliver alerts you have subscribed to | Optional |
| Camera | Capture profile photos, complaint attachments, and document uploads | Optional |
| Microphone | Capture your voice when you use AI voice input features (voice queries, voice-to-text). Audio is processed only when you actively initiate a voice action. | Optional |
| Photos / Storage | Save downloaded fee vouchers, result cards, gate passes, and reports; access audio and video files for playback within the App | Optional |
| Biometric (fingerprint or face) | Quick local sign-in if you enable it; biometric data never leaves your device | Optional |
| Location (approximate, foreground only) | Geo-located attendance, only if your School uses this feature. We use approximate (network-level) location, not precise GPS, and only at the moment you mark attendance. | Optional |
We use information to:
EduSuite includes optional AI-powered features that may use voice input, text input, or both. These features are designed to make the App easier to use — for example, asking a natural-language question about your child's attendance or fee status, dictating a message instead of typing it, or receiving a summarised response from the AI assistant.
AI voice features only activate when you deliberately tap the microphone or voice button in the App. The App does not listen in the background, does not record audio passively, and does not activate the microphone without your action. The Android system will display a green microphone indicator in the status bar whenever the App is actively recording.
When you use a voice feature, the App transmits the captured audio (or its transcribed text) to a third-party AI service provider for transcription, understanding, and response generation. We may also include limited contextual information from your account (such as your role and the screen you are on) so that the AI can give a relevant answer — for example, that you are a parent looking at the fees screen.
We do not retain raw voice recordings beyond the time required to process your request. Transcribed text from voice queries may be stored as part of your conversation history with the AI assistant, in the same way that typed messages are stored, so that you can review your previous queries. You may delete this history from within the App at any time.
The AI service providers we use are listed in Section 9 (Third-Party Service Providers). These providers process your input under their own privacy and data-handling commitments and under written agreements with EduSuite that prohibit them from using your data to train their models without your separate consent.
You can decline microphone permission at any time, and you can choose not to use voice features. The rest of the App works fully without them. If you previously granted microphone access and want to revoke it, go to Android Settings → Apps → EduSuite → Permissions → Microphone → Don't allow.
Where data protection law requires us to identify a legal basis for processing personal information, we rely on:
We share information with:
We do not sell personal information. We do not share student information with advertising networks for behavioural targeting.
| Provider | Purpose | Region |
|---|---|---|
| Hetzner Online GmbH | Server hosting | Germany |
| Bunny.net | Content delivery network for media and reports | Global |
| Microsoft Azure (Communication Services) | Transactional email delivery | EU / Global |
| WhatsApp / Meta Platforms | WhatsApp message delivery | Global |
| Google Firebase Cloud Messaging / OneSignal | Android push notifications and crash reporting | Global |
| OpenAI | AI voice transcription (via Whisper) and natural-language responses for in-app AI features. Audio and conversation data are processed under OpenAI's enterprise data-handling terms and are not used to train OpenAI's general-purpose models. | United States / Global |
| Local Pakistani payment gateways | Fee collection where enabled by your School | Pakistan |
| SQLBackupAndFTP / Hetzner Storage Box | Encrypted database backups | Germany |
Each provider receives only the minimum information required to perform its task and is bound by appropriate confidentiality and data-protection terms.
EduSuite is operated from Pakistan with primary servers hosted in Germany. By using the Service you understand that personal information will be transferred to and stored in these jurisdictions and, where relevant service providers are located outside them, in additional jurisdictions. Where applicable data protection law requires safeguards for international transfers, we rely on Standard Contractual Clauses or equivalent legal mechanisms with our service providers.
We retain personal information for as long as your School maintains an active account with us, plus the period required for backups, legal compliance, dispute resolution, and enforcement of our agreements. Financial records are typically retained for up to seven (7) years; routine encrypted backups are retained for up to ninety (90) days; usage logs are retained for up to twelve (12) months.
If your School ends its subscription, data is deleted or returned according to the agreement with the School. You may also request deletion as described in Section 14.
We use industry-standard administrative, technical, and physical safeguards including TLS encryption in transit, encrypted backups, role-based access controls, multi-factor authentication for administrators, audit logging, network segmentation, and regular patching. No system is perfectly secure; you are responsible for protecting your password and the device on which you use the App. If you suspect unauthorised access to your account, contact us immediately.
The current version of the Service does not display third-party advertising. No ad networks, no ad SDKs, and no advertising identifiers are used to serve ads in the App or on the web portal at this time.
We may introduce advertising in future versions of the Service, most likely as part of an optional free tier for smaller Schools. If we do so, we will update this Privacy Policy before any advertising is shown and notify users in line with Section 15 (Changes to This Policy). Any future advertising will follow these principles:
Depending on your jurisdiction, you may have the right to:
Because Schools are the data controllers for student, parent, and staff records, please send rights requests to your School in the first instance. If your School cannot respond, contact us at the address in Section 16 and we will assist or forward the request as appropriate.
We may update this Policy from time to time. The revised version will be posted with a new "Last Updated" date. For material changes, we will notify you through the App or by email before the change takes effect. Continued use of the Service after the effective date means you accept the changes.
Section 9 lists the categories of third-party providers we may use. The specific provider within a category (for example, which AI service handles voice transcription) may change as we improve the Service. Where the change is significant, we will update this Policy and notify you in line with Section 15. Providers not currently in use are listed for transparency about possible future use; providers genuinely not relevant to your account may be removed by your School from this list on request.
Copyright © 2024 Designed By: NextGen Solutions