ClassGini
HomeLegalPrivacy Policy
Legal Document

Privacy Policy

This Privacy Policy explains what personal data ClassGini Inc. (“ClassGini”, “we”, “us”) collects, why we collect it, how we use it, and the choices you have about it.

Last updated
Jurisdiction India
Other policies
Privacy PolicyTerms of ServiceCancellation & Refund PolicyData Deletion PolicyDPDP ComplianceSaaS AgreementSystem Status

1. Who this policy applies to

This policy applies to anyone who visits our website, signs up for a ClassGini account, uses our school management platform (the “Service”), or otherwise interacts with our products — including school administrators, teachers, students, parents/guardians, and prospective applicants.

ClassGini acts as a data processor for personal data uploaded by schools about their students and staff, and as a data controller for information you submit directly to us (e.g. when you sign up your school, request a demo, or contact support).

2. Information we collect

2.1 Information you give us

  • Account data — name, email, phone, school name, role, password (hashed).
  • School data — student records, attendance, marks, fees, schedules, communications, files, and any other content you upload to your school's workspace.
  • Payment data — billing details, GST/PAN, plan selection. Card details are handled by our payment partner (Razorpay) and never stored on our servers.
  • Support correspondence — messages and attachments you send to support, complaints, feedback.

2.2 Information collected automatically

  • Device & log data — IP address, browser type, OS, referring URL, pages visited, timestamps, error logs.
  • Cookies & similar technologies — see section 8.
  • Usage analytics — aggregated metrics on how the Service is used so we can improve it (no individually identifying analytics on student records).

2.3 Information from third parties

We may receive limited data from SSO providers (Google, Microsoft), payment processors, SMS/WhatsApp providers (Twilio, MSG91), and email infrastructure (transactional senders). We only use such data to provide the Service you've asked for.

3. How we use your information

  • To provide, secure, and operate the Service.
  • To verify identities (e.g. OTP-based login for admission applicants and password recovery).
  • To send transactional notifications (admission updates, fee reminders, attendance alerts, marksheets).
  • To provide customer support and respond to your questions.
  • To improve product quality (debug, performance, feature usage trends).
  • To comply with legal obligations, prevent fraud, and enforce our Terms of Service.

We do not sell personal data. We do not run targeted advertising on student or parent profiles.

4. Lawful basis (for users in India and elsewhere)

We process personal data under one or more of the following bases:

  • Consent — when you explicitly opt-in (e.g. marketing emails, optional features).
  • Legitimate use — to provide a Service you've contracted with us for.
  • Legal obligation — e.g. tax records, anti-fraud, lawful government requests.
  • Vital interest — in rare circumstances involving safety (e.g. medical alert routing for a student).

5. How we share information

We share personal data only as needed to operate the Service:

  • Within your school — staff, teachers, parents, and students see the data their role permits, as configured by the school administrator.
  • Service providers — cloud infrastructure (AWS, Cloudflare R2), payments (Razorpay), email/SMS/WhatsApp delivery, error monitoring. Each is bound by data-processing agreements.
  • Legal & safety — to comply with applicable law, court orders, or to protect rights, safety, or property.
  • Business transfers — in the event of a merger, acquisition, or sale, your data may transfer subject to equivalent protections.

6. International transfers

Our infrastructure is primarily hosted in India and the EU. We follow standard data-transfer safeguards (model clauses, regional segregation) when data crosses borders.

7. Data retention

While your school's account is active, we retain data for as long as it's needed to provide the Service. After cancellation:

  • You may export your data at any time before cancellation takes effect.
  • 30 days after cancellation, school data is queued for permanent deletion.
  • Some records (financial transactions, audit logs) may be retained longer to meet legal obligations.
  • See our Data Deletion Policy for the full process.

8. Cookies

We use a minimal set of cookies for authentication (session token), security (CSRF tokens), and optional analytics. You can clear or block cookies in your browser, though doing so will disable login and certain features.

9. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccuracies in your data.
  • Request deletion (see Data Deletion Policy).
  • Restrict or object to certain processing.
  • Withdraw consent for marketing communications at any time.
  • File a complaint with your data protection authority (e.g. India's Data Protection Board under the DPDP Act, or your local equivalent).

To exercise any of these rights, write to privacy@classgini.com. We respond within 30 days.

10. Children's data

ClassGini is built for K-12 schools, which means student records routinely include minors. The school is the primary controller of student data, having lawful authority (in loco parentis or through parental consent) to upload and manage that data. We process student data only on the school's instructions and do not surface it to other parties.

Direct sign-ups by minors (i.e. a child creating their own ClassGini account independently of a school) are not supported. If you believe a child has signed up without proper authorization, contact us and we will remove the account.

11. Security

We follow industry-standard practices to protect data: TLS encryption in transit, encryption at rest for sensitive fields, role-based access controls, audit logs, regular backups, and time-limited credentials for administrative operations (including OTP gating for destructive actions). Despite our efforts, no internet transmission or storage is 100% secure — please report any suspected breach to security@classgini.com.

12. Changes to this policy

We may update this policy periodically. The “Last updated” date at the top reflects the most recent revision. Material changes will be notified via email to account administrators and a prominent notice in the dashboard.

13. Contact

ClassGini Inc.
Bengaluru, Karnataka — India
Email: privacy@classgini.com
Grievance Officer: grievance@classgini.com

This Privacy Policy is provided for informational purposes. While we've tried to make it comprehensive, please have your own legal counsel review before relying on it for compliance.

ClassGini Inc. · Bengaluru, Karnataka — India

Contact: legal@classgini.com

This document is provided in good faith and is current as of the date above. It does not constitute legal advice. For specific compliance questions, please consult your own counsel.