Privacy Policy - Edolead School Management App

Effective Date: March 30, 2026

Last Updated: March 30, 2026

Edolead we operates the Edolead mobile application ("Application" or "App"). This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our school management application designed for teachers, administrators, students, and drivers.

The Application provides comprehensive school management features including facial recognition-based attendance, marks entry, PDF marksheet generation, and secure face enrollment systems. This policy specifically addresses our biometric data handling practices using ArcFace technology.

1. Information We Collect

We collect the following types of information to provide our school management services:

A. Information You Provide to Us

When you create an account or use the Application, you provide us with:

• Institution Code: Unique school identifier
  
  

• Login Credentials: Login ID, Password for authentication
  
  

• Profile Information: Name, role (Teacher/Admin/Student/Driver), contact details
  
  

• Student Information: Name, class, roll number, parent/guardian details (managed by school admins)
  
  

• Driver Information: Name, vehicle number, driving license details
  
  

• Academic Records: Marks, attendance records, examination results
  
  

B. Biometric Information (Facial Recognition Data)

Our Application uses advanced facial recognition technology for secure attendance and enrollment:

• Face Embeddings: 128-dimensional numerical vectors generated by the ArcFace algorithm from face scans
  
  

• NOT raw photographs, images, or biometric templates - only mathematical representations
  
  

• Enrollment Process:
  
  

  1. Teacher displays a unique security code on their device
     
     

  2. School administrator verifies the code and authorizes enrollment
     
     

  3. Face scan captured using administrator's device camera
     
     

  4. ArcFace algorithm processes the scan locally to create numerical embedding
     
     

  5. Embedding stored securely in PostgreSQL database linked to user ID
     
     

• Daily Attendance: Teachers use their personal devices to scan faces against stored embeddings for real-time attendance marking
  
  

Important: We do NOT store, process, or transmit raw face photographs. Only secure numerical embeddings are stored.

C. Automatically Collected Information

When you use the Application, we automatically collect:

• Device Information: Operating system, device model, unique device identifiers
  
  

• Network Information: IP address, connection type
  
  

• Usage Data: Pages visited, time spent, features used, crash reports
  
  

• Camera Access: Required for live face detection during enrollment and attendance
  
  

• Application Performance: Load times, errors, feature usage patterns
  
  

D. Information We Do Not Collect

• Precise Location Data: We do not track GPS location
  
  

• Contacts/SMS Data: No access to phone contacts or messages
  
  

• Photos/Media: No access to device photo gallery
  
  

2. How Face Enrollment & Attendance Works (Technical Details)

Secure Two-Step Enrollment Process:

1. Security Code Generation: Teacher generates unique security code on their device
   
   

2. Admin Authorization: School administrator verifies code and grants enrollment permission
   
   

3. Local Face Processing: Face captured and processed on-device using ArcFace algorithm
   
   

4. Embedding Generation: Creates 128D numerical vector (512 bytes) - NOT a photo
   
   

5. Secure Storage: Embedding encrypted and stored in PostgreSQL with user ID
   
   

6. Zero-Knowledge Proof: Admin sees no face data; teacher device processes locally
   
   

Daily Attendance Process:

1. Teacher opens attendance screen on their personal device
   
   

2. Student approaches camera
   
   

3. Live face scan compared against stored embedding (on-device matching)
   
   

4. Match confirmed → attendance marked → sync to PostgreSQL
   
   

5. No internet required for matching; only final result uploaded
   
   

Privacy Guarantee: Raw face data never leaves teacher device. PostgreSQL stores only mathematical embeddings.

3. How We Use Your Information

We use collected information for the following purposes:

Primary Business Purposes:

• School Management: Attendance tracking, marks entry, communication between stakeholders
  
  

• Secure Authentication: Facial recognition for teacher/student verification
  
  

• Academic Records: Marks management, PDF generation, report cards
  
  

• Administrative Functions: Institution management, role-based access control
  
  

Service Improvement:

• Analytics: Usage patterns to improve app performance
  
  

• Bug Tracking: Crash reports for stability improvements
  
  

• Feature Development: Understanding most-used features
  
  

Legal & Security:

• Fraud Prevention: Detecting unauthorized access attempts
  
  

• Legal Compliance: Responding to lawful requests
  
  

• Audit Trails: Attendance verification for school records
  
  

4. Information Sharing and Disclosure

Within Our Organization:

• Face embeddings stored securely in our PostgreSQL servers (India-hosted)
  
  

• School administrators can access aggregated attendance data
  
  

• Role-based access ensures teachers only see their class data
  
  

Third Parties We Share With:

text

• Google Play Services: Crash reporting, analytics (anonymized)

• Firebase: Authentication, cloud functions (no biometric data)

• PostgreSQL Hosting: Secure database provider (encrypted embeddings only)

Legal Disclosures:

We may disclose information:

• As required by Indian law (DPDP Act 2023, IT Act 2000)
  
  

• To comply with subpoenas, court orders, or government requests
  
  

• To protect rights, property, or safety of Edolead, users, or others
  
  

• To investigate fraud, security threats, or illegal activity
  
  

No raw biometric data shared with third parties under any circumstances.

5. Third-Party Services Privacy Policies

Our Application integrates with the following third-party services:

Service

Purpose

Privacy Policy

Google Play Services

Crash reporting, analytics

Google Privacy Policy

Firebase

Authentication, cloud functions

Firebase Privacy

PostgreSQL

Database hosting

[Provider Privacy Policy]

These services may collect data according to their own privacy policies.

6. Data Security Measures

We implement industry-standard security practices:

text

• Face embeddings: bcrypt encryption in PostgreSQL

• Network traffic: HTTPS/TLS 1.3 encryption

• Local processing: Face matching done on-device (no cloud biometrics)

• Access control: Role-based permissions (admin approves enrollments)

• Authentication: Multi-factor with security codes

• Regular audits: Penetration testing, vulnerability scanning

• Data isolation: Separate databases for dev/staging/production

7. Children's Privacy (COPPA & DPDP Compliance)

Target Users: Teachers and administrators (age 18+)

Student Data Handling:

• No direct registration or data collection from children under 13
  
  

• Parental consent required for student face enrollment (admin responsibility)
  
  

• Student data managed exclusively by authorized school personnel
  
  

• All student biometric enrollments require administrator + parental approval
  
  

If we discover a child under 13 has provided personal information directly, we will delete it immediately from our servers.

Parents/Guardians: Contact us at support@edolead.com if concerned about your child's data.

8. Your Data Rights and Choices

Access & Control:

• View your data: Contact support to access stored information
  
  

• Delete face embedding: Request removal anytime (irreversible)
  
  

• Manual attendance: Opt-out of facial recognition (use QR/manual entry)
  
  

• Account deletion: Delete entire account and all associated data
  
  

Opt-Out Options:

• Disable facial attendance in app settings
  
  

• Uninstall application to stop all data collection
  
  

• Disable analytics in app settings (where available)
  
  

9. Data Retention and Deletion

Data Type

Retention Period

Deletion Trigger

Face embeddings

Until user request

Account deletion or manual request

Login/activity data

2 years or account deletion

User request or inactivity

Attendance records

7 years (legal requirement)

School admin request

Audit/security logs

5 years

Legal retention period

Deletion Process: Upon request, all user data permanently deleted within 30 days.

10. International Data Transfers

text

• Servers: Hosted in India (Mumbai region)

• Compliance: DPDP Act 2023, IT Rules 2021

• Cross-border: No data transferred outside India

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify users by:

• Posting updated policy in the Application
  
  

• Email notification for material changes
  
  

• Play Store listing update
  
  

Continued use after changes constitutes acceptance of the new policy.

12. Contact Information

Edolead Technologies
Bengaluru, Karnataka, India

Email: support@edolead.com
Phone: +91-7624854011
Support Hours: 9 AM - 6 PM IST, Monday-Saturday

For data deletion requests: data@edolead.com
For privacy complaints: privacy@edolead.com