1. What we collect
In plain English: Names, contact info and the academic / fee / messaging records your school enters. Plus security telemetry (timestamps, sign-in IPs, audit log entries). No advertising trackers.
When a school registers, we collect the school's name, address, contact email, and the names + email addresses of users (admins, teachers, students, parents, staff).
We process the academic, attendance, fee, communication, and document records that the school enters into the system.
We log technical metadata for security: timestamps, IP addresses for staff sign-ins, audit log entries for sensitive actions like grade changes and payments.
We do NOT track users for advertising. We do NOT share data with brokers or social networks.
2. Why we collect it
In plain English: To deliver the features your school chose, detect abuse, and improve the product via aggregated / de-identified usage signals.
To run the school management features the school explicitly asked for: attendance, fees, exams, messaging, reporting.
To detect anomalies and abuse (suspicious login spikes, sudden attendance crashes, harassment reports).
To improve the product. Aggregated, de-identified usage statistics may inform feature decisions.
3. Encryption
In plain English: AES-256-GCM at rest, TLS in transit, HSTS in production. Sealed-box for anonymous reports. Field-level encryption on PII.
Messages are encrypted at rest with AES-256-GCM. With client-side keys enabled, the server cannot decrypt message bodies — only the sender and recipients can.
Anonymous reports are sealed-box encrypted. The submitter's identity is never persisted (no user ID, no IP, no User-Agent header).
Field-level PII (phone numbers, guardian contacts, dates of birth) is encrypted at rest when ENCRYPTION_KEY is configured.
All HTTP traffic is TLS-only in production. HSTS is enforced.
4. Who can see what
In plain English: Admins see their school only, teachers see their sections, parents see their children, students see themselves. Engineer access is audit-logged.
School administrators see the data of users in their school only.
Teachers see only the sections they teach (enforced via Attribute-Based Access Control).
Parents see only their linked children.
Students see only their own data.
Saraswati EDU engineers do not access tenant data unless the school explicitly asks for support and grants access. All such access is audit-logged.
5. Sharing and third parties
In plain English: Payment gateways (eSewa/Khalti/ConnectIPS), SMS (Twilio/Sparrow), live classes (Zoom) only receive the data needed to deliver the service. We never sell data.
We use third-party services for: payment processing (eSewa, Khalti, ConnectIPS), SMS (Twilio, Sparrow), live classes (Zoom). These vendors only receive data necessary to deliver the requested service.
We never sell personal data.
If law enforcement requests data, we require a valid Nepali legal order and notify the school admin unless prohibited by law.
6. Saraswati AI and your data
In plain English: Saraswati AI runs on your school's own server. No student data is sent to external AI providers. Conversations are exam-lockdown gated and never used to train any model.
Saraswati AI is a private, on-device assistant — it runs on your school's own server, not on an external API. No student name, mark, attendance record or message is sent to OpenAI, Anthropic or any other AI provider.
AI conversations are exam-lockdown gated: AI assistance pauses automatically while a student has an in-progress objective exam.
We do not use Customer Data to train or fine-tune any model that is not deployed exclusively within your tenant. AI features must be opt-in per school by the super admin — no school sees AI surfaces unless explicitly enabled.
7. Retention and deletion
In plain English: Active data while you subscribe + 30 days. Encrypted Postgres backups 14 days (up to 90 for Enterprise). On request, full deletion within 30 days including backups.
Active school data is kept for as long as the school holds an active subscription, plus a 30-day grace period after cancellation.
Encrypted Postgres backups are retained for 14 days by default; configurable up to 90 days for Enterprise.
On request, we permanently delete tenant data within 30 days, including backups.
8. Children's data
In plain English: Extra restrictions for minors: no advertising, no behavioural tracking, no third-party analytics in the student portal. Parents can export or correct.
Most students using Saraswati EDU are minors. We treat their data with the same care as adults', plus extra restrictions: no advertising, no behavioral tracking, no third-party analytics in the student portal.
Parents have access to their children's records and can request export or correction.
9. Your rights
In plain English: Copy, correction, deletion, restriction of processing — email us and we respond within 30 days.
You can ask for: a copy of your personal data, correction of inaccuracies, deletion of your data, or restriction of processing.
Send requests to [email protected]. We respond within 30 days.
10. Contact
In plain English: Email, post, and security disclosures.
Privacy team: [email protected]
Security disclosures: [email protected]
Postal: Saraswati EDU, Hetauda, Nepal · हेटौडा, नेपाल
