Privacy Policy

ShikshaNXT is a brand of Alphaworks India ("Company," "we," "our," or "us"). Alphaworks India respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our application, or access our services (collectively, the "Service"). Please read this Privacy Policy carefully. By using our Service, you consent to the practices described herein.

1. Information We Collect

We collect various types of information to provide and improve our Service:

1.1 Personal Information

We may collect personal information that you provide to us when you interact with the Service, such as:

• Name
• Email address
• Phone number
• Billing address
• Payment information
• Account login credentials

1.2 Usage Data

We automatically collect information about how you interact with the Service, such as:

• IP address
• Browser type and version
• Device information
• Pages visited on our site or app
• Time and date of access
• Referring URL

1.3 Google User Data

If you choose to authenticate using your Google account or link your Google account (e.g., for Google Drive integration for assignments), we may access information such as your Google email address, basic profile information (name, profile picture), and specific data from linked Google services (like file metadata from Google Drive if you authorize it for file uploads/submissions). We will always seek your explicit consent for such access and clearly state what data we are accessing and why.

1.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. For more information, you can refer to the cookies section in this policy.

1.5 Mobile App Data Collection

Our mobile applications (ShikshNXT Management and ShikshNXT Security) collect the following information:

Management App (ShikshNXT Management):

Personal Information:

• Account Information: Name, email address (via Google Sign-In), phone number (for payment processing)
• User ID, Role, Organization ID: Stored securely on device and in backend database
• Profile Picture: From Google Sign-In (optional)

Student Profile Information (for Students):

• Personal Details: Aadhaar number (optional), date of birth, gender, blood group
• Contact Information: Primary/secondary phone, WhatsApp number, alternate email
• Address: Full address including city, state, pincode
• Parent/Guardian Information: Names, phone numbers, WhatsApp, email, occupation
• Academic History: Previous school, class, transfer certificate number
• Medical Information: Allergies, medical notes (for safety)
• Photo: Student photo (optional)
• Documents: Various documents stored securely

Financial Information:

• Payment Data: Processed via PhonePe (currently) and Razorpay (planned for future implementation)
• Transaction Records: Transaction IDs and payment status stored in backend
• Note: We do NOT store credit card or payment account details. All payment data is handled by PCI-DSS compliant payment processors.

Device Information:

• FCM Token: Collected automatically for push notifications, stored in backend
• Platform: Android or iOS, stored in backend
• Device ID: Optional, stored in backend

Academic Data:

• Homework, Assignments, Tests: Created, submitted, and graded data
• Grades: Academic performance records
• Attendance: Student and teacher attendance records
• Doubts: Questions and answers

Audio Data:

• Voice Input: Processed locally on device for AI features (NOT stored or transmitted to backend)

Security App (ShikshNXT Security):

Personal Information:

• Account Information: Name, email, phone number (via login)
• User ID, Role, Organization ID: Stored securely on device and in backend database

Visitor Information (Collected by Security Guards):

• Visitor Name: Required, collected when logging visitors
• Visitor Phone: Required, collected when logging visitors
• Visitor Email: Optional, collected when logging visitors
• Visitor Photo: Optional, captured via camera, uploaded to backend
• ID Proof Information: Type and number (optional), collected when logging visitors
• Vehicle Number: Optional, collected when logging visitors
• Purpose of Visit: Required, collected when logging visitors
• Person to Meet: Optional, collected when logging visitors
• Company Name: Optional, collected when logging visitors
• Check-in/Check-out Times: Stored in backend

Device Information:

• FCM Token: Collected automatically for push notifications, stored in backend
• Platform: Android or iOS, stored in backend

Camera/Storage:

• Camera: Used to capture visitor photos (optional) and scan QR codes
• Photo Storage: Visitor photos uploaded to backend (encrypted)
• Note: QR code scanning does not store images

2. How We Use Your Information

We use the information we collect for various purposes, including:

• To provide, maintain, and improve our Service
• To personalize your experience and communicate with you
• To process transactions and manage payments
• To respond to customer service inquiries and provide support
• To send promotional materials, offers, and updates (you can opt out at any time)
• To comply with legal obligations and enforce our policies

3. How We Share Your Information

We may share your information in the following circumstances:

• Service Providers: We may share your data with third-party vendors who perform services on our behalf, such as payment processing, analytics, and hosting services. These service providers are obligated to protect your information and use it solely for the purpose of providing services to us.
• Payment Processors:
  • PhonePe: Payment information (phone number, transaction details) shared for payment processing. PCI-DSS compliant. Currently in use.
  • Razorpay: Payment information (transaction details) shared for payment processing. PCI-DSS compliant. Planned for future implementation (similar to PhonePe).
  • Note: Payment card details are NOT stored by us. All payment data is handled by PCI-DSS compliant payment processors.
• Notification Services:
  • Firebase (Google): FCM device tokens shared for push notification delivery. No personal information shared. Currently in use.
• Authentication Services:
  • Google Sign-In: Name, email, profile picture shared (with your consent) for account creation and authentication. Currently in use.
• Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or if we believe such action is necessary to comply with legal obligations, protect our rights, or prevent fraud.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our business, your personal data may be transferred as part of the transaction. We will notify you before your personal data is transferred and becomes subject to a different privacy policy.

4. Use of Google User Data (Limited Use)

Notwithstanding anything else in this Privacy Policy, if you provide the Application with access to your Google data (e.g., by signing in with Google or linking your Google Drive), our use of that Google data will be subject to these additional restrictions:

• The Application will only use access to read, write, modify, or control Google data (such as Google Drive files you choose to use with the Platform) to provide the user-facing features of ShikshaNXT that are visible and prominent in the Application's user interface. For example, to allow you to select files from your Google Drive for assignment submissions or for teachers to share resources from their Drive.
• The Application will not transfer this Google data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets (with user consent where required).
• The Application will not use this Google data for serving advertisements.
• The Application will not allow humans to read this data unless we have your affirmative agreement for specific messages, files, or other data; it is necessary for security purposes (such as investigating abuse); to comply with applicable law; or for the Application's internal operations (e.g., support and troubleshooting) and then only when the data have been aggregated and anonymized to the extent possible.

Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All API communications encrypted via HTTPS/TLS 1.2+
• Encryption at Rest: Database uses encryption at rest
• Secure Storage: Sensitive data stored using hardware-backed encryption (Android Keystore/iOS Secure Enclave)
• Payment Security: Payment data processed by PCI-DSS compliant payment gateways (PhonePe currently in use, and Razorpay when implemented). Payment card details are NOT stored by us.
• Biometric Data: Biometric authentication data (fingerprint/face) is stored locally on your device using hardware-backed encryption and is NEVER transmitted to our servers.
• Access Control: Role-based access ensures users only see authorized data. Multi-tenant isolation by tenant ID.
• Session Management: Secure session tokens with expiration
• Regular Security Audits: We conduct regular security assessments and updates

However, no method of transmission over the internet or electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law:

• Account Data: Retained while your account is active
• Transaction Records: Retained as required by law (typically 7 years for financial records in India)
• Visitor Records (Security App): Retained as per school/organization policy
• Academic Records: Retained as per school/organization policy
• Student Profile Data: Retained while student is enrolled, may be retained longer for legal compliance
• Deletion: You can request data deletion by contacting support@shikshanxt.com (subject to legal requirements)

When we no longer need your information, we will securely delete or anonymize it.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data, including:

• Access: You have the right to request a copy of the personal data we hold about you.
• Correction: You may request corrections to any inaccurate or incomplete personal data we hold about you.
• Deletion: You may request the deletion of your personal data, subject to certain conditions.
• Opt-Out of Marketing: You can opt out of receiving promotional emails by following the unsubscribe instructions in each email.
• Data Portability: You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
• Withdraw Consent: If we rely on your consent to process your personal data, you can withdraw it at any time.

To exercise any of these rights, please contact us using the contact information provided below.

8. Children's Privacy

ShikshaNXT is an educational technology platform designed for use by schools, educational institutions, students, teachers, and parents. Our Service is used by students of all ages, including children under 16, through their educational institutions.

8.1 Data Collection Through Educational Institutions

Student data is collected and processed through authorized educational institutions (schools) that use our Service. The educational institution acts as the data controller for student information and is responsible for:

• Obtaining necessary parental consent for data collection from students under 18
• Ensuring compliance with applicable laws and regulations regarding children's data
• Managing student accounts and access to the Service
• Providing parents with access to their child's educational data

8.2 Parental Rights and Consent

Parents and legal guardians have the right to:

• Review their child's personal information collected through the Service
• Request correction of inaccurate information
• Request deletion of their child's data (subject to legal and educational record retention requirements)
• Withdraw consent for data collection (which may affect the child's ability to use certain features of the Service)
• Contact the educational institution or our Grievance Officer with privacy concerns

8.3 Compliance with Children's Privacy Laws

We comply with applicable children's privacy laws, including:

• India: Information Technology Act 2000 and rules thereunder, which require parental consent for collection of personal information from minors
• International: We follow best practices for protecting children's data, including limiting data collection to what is necessary for educational purposes

8.4 Data Protection Measures for Children

We implement additional safeguards for student data:

• Student accounts are managed and monitored by authorized school administrators
• Limited data sharing - student information is only shared with authorized school personnel, parents, and as required by law
• No advertising to students - we do not use student data for advertising purposes
• Secure storage and transmission of all student data
• Regular security audits and compliance checks

8.5 Contact for Children's Privacy Concerns

If you are a parent or guardian and have concerns about your child's privacy or data, please contact:

• Your child's educational institution (school) first, as they manage student accounts
• Our Grievance Officer (details in Section 12) if you need to escalate privacy concerns
• Support email: support@shikshanxt.com

9. International Transfers

Your information may be transferred to and processed in countries outside of your country of residence, which may have different data protection laws than your jurisdiction. By using our Service, you consent to the transfer and processing of your personal data in these countries.

10. Changes to this Privacy Policy

Please check our Privacy Policy periodically for changes. We may update this Privacy Policy to reflect changes to our information practices. We may alert / notify you about the significant changes to the Privacy Policy, in the manner as may be required under applicable laws.

11. Disclaimer

While we strive to protect your personal information and use industry-standard security measures, we cannot guarantee absolute security. The Service is provided "as is" and "as available" without warranties of any kind, either express or implied.

• No Guarantee of Security: Despite our security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee the absolute security of your data.
• Third-Party Services: Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices or content of such third parties. We encourage you to review the privacy policies of any third-party services you access.
• User Responsibility: You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account.
• Limitation of Liability: To the maximum extent permitted by law, Alphaworks India and ShikshaNXT shall not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits or revenues, whether incurred directly or indirectly, or any loss of data, use, goodwill, or other intangible losses resulting from your use of the Service.
• Jurisdiction: This Privacy Policy is governed by the laws of India, and any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Maharashtra, India.

12. Grievance Officer

In accordance with the Information Technology Act 2000 and rules made thereunder, the name and contact details of the Grievance Officer are provided below:

If you have any questions or concerns regarding this Privacy Policy, you should contact our Grievance Officer.

13. Company Information

For transparency and compliance, our company registration details are provided below:

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: