Legal Hub

Privacy Policy

This Privacy Policy outlines how EduConnect4U processes, stores, protects, and manages personal data.

Effective Date: June 10, 2026

This Privacy Policy outlines how EduConnect4U processes, stores, protects, and manages personal data collected through our software platform, administrative applications, and website properties (educonnect4u.com). This document is compiled in strict compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.

1. Regulatory Framework: Data Fiduciary vs. Data Processor

Under the DPDP Act 2023, clear legal distinctions govern the processing operations of EduConnect4U:

  • The Customer as Data Fiduciary: The schools, colleges, hospitals, clinics, or businesses utilizing our Platform act as the Data Fiduciaries. They retain exclusive statutory authority over the determination of the purpose and means of data processing. They are legally responsible for issued privacy notices and capturing explicit consents.
  • EduConnect4U as Data Processor: The Company operates strictly as a Data Processor. We process personal data solely on behalf of, and under the written, automated, and structural directions of, the Customer.

2. Categories of Information Collected

We process only the minimum necessary categories of personal data required to deliver core SaaS platform functionalities:

  • Administrative & Onboarding Metrics: Full names, corporate designations, professional email addresses, telephone numbers, institutional tax identifiers, and billing logs.
  • Authentication Identifiers: Hashed and salted password strings, metadata tokens, and localized session preferences.
  • Platform Usage Data: Interacting IP addresses, device browser characteristics, date/time stamps of access events, network logs, and operational audit trails.

3. Specific Provisions for Specialized Target Sectors

3.1 Minor & Student Data Protection (Education Sector)

In accordance with Section 9 of the DPDP Act 2023, the processing of any personal data belonging to children (under the age of 18) requires verifiable parental consent. The educational institution, acting as the Data Fiduciary, guarantees that it has secured valid consent from the parents or lawful guardians of minor students before syncing student profiles with our ERP software. EduConnect4U does not profile children, engage in targeted behavioral advertising, or deploy features that could track or harm minors.

3.2 Patient Protected Health Information (Healthcare Sector)

All diagnostic indices, clinical records, prescription workflows, and laboratory summaries ingested into our HMS tools are processed under extreme data minimization barriers. These records are held completely separate from external tracking and are never shared for secondary commercial monetization or advertising workflows.

We process data under the following legitimate and legal bases as recognized under the DPDP Act:

  • Performance of Contractual Obligations: To configure secure cloud environments, validate billing lines, enable automated communications, and manage technical software support instances.
  • Compliance with Legal Mandates: To assist authorized law enforcement agencies, satisfy tax laws, or prevent fraudulent activity on our servers.

5. Security Measures & Compliance Warranties

We utilize industry-standard, reasonable technical and organizational security measures, including transport-layer encryption (HTTPS/TLS), hashed credential databases, and localized data access restriction parameters. However, the Customer acknowledges that no method of transmission over the internet or cloud storage layer can be guaranteed as 100% secure. Therefore, the Company's liability for data security issues is governed entirely by the limitation of liability provisions in Section 14 of the Terms and Conditions.

6. Data Breach Handling & Notification Operations

In the event of a confirmed data breach involving your platform tenant, EduConnect4U will immediately notify the affected Customer (the Data Fiduciary) within the timelines required under prevailing cyber security directives and the DPDP Act guidelines after initial technical confirmation. The Company will provide a detailed summary of the incident, the categories of data exposed, and the active mitigation steps being executed by our engineering team. The Data Fiduciary remains solely responsible for notifying the Data Protection Board of India (DPBI) and affected individuals as required under the law.

7. Data Retention & Structural Erasure

We retain personal data only for as long as reasonably necessary to provide the Services and meet applicable legal obligations. Upon formal subscription termination or explicit written instruction from the authorized Data Fiduciary, relevant Customer Data will be deleted, purged, or anonymized from live systems and backup environments within seven (7) calendar days, except where Indian tax, judicial, security, or litigation requirements mandate continued retention.

8. Data Principal Rights & Withdrawal of Consent

End-users (Data Principals) hold the explicit right to access summaries of processed records, demand structural corrections of inaccurate details, or withdraw data processing consents. Because EduConnect4U operates as a Data Processor, any such requests must be routed directly to the respective educational institution or healthcare provider acting as the Data Fiduciary. Upon receiving formal, authorized instructions from the Data Fiduciary, the Company will promptly execute the required modifications or data purges.

9. Cross-Border Data Transfers & Third-Party Processors

Customer data hosting is maintained on secure cloud infrastructure located within the geographical boundaries of the Republic of India. The Customer grants general written authorization for EduConnect4U to engage reliable cloud infrastructure providers, payment gateways, and other sub-processors required to provide the Services. Engaged sub-processors must be bound by matching data-protection obligations and contractual restrictions.

10. Integrated Data Processing Provisions

  • Processing Mandate: EduConnect4U processes personal data solely to deliver and support the Platform according to the Customer's documented instructions, automated configurations, and applicable Indian law.
  • Data Principal Requests: Requests for access, correction, or erasure must be routed through the Customer acting as Data Fiduciary. We will assist the Customer with technically feasible measures and promptly forward requests received directly.
  • Breach Assistance: Following technical verification of a confirmed breach affecting a Customer tenant, we will notify the Customer and provide available incident details and active mitigation steps. The Customer remains responsible for regulatory and Data Principal notifications required by law.

11. Statutory Grievance Redressal Desk

In accordance with Section 13 of the DPDP Act 2023 and the Information Technology Act rules, any privacy complaints, disputes, or grievances regarding our data processing steps must be escalated directly to our Grievance Officer:

  • Designated Recipient: Grievance Officer, EduConnect4U Legal Desk
  • Grievance Office Email: edu.cnct@gmail.com
  • Statutory Subject Requirement: All emails must contain the phrase "COMPLAINT UNDER DPDP ACT" in the subject block.