Data Handling & Security Policy
Effective date: June 5, 2026 · Last updated: 2026-05-30
A product of Aspire Code AI
1. Purpose of This Document
This document explains — in plain language — how AspireEdu AI stores, processes, protects, and eventually deletes the data your institution entrusts to us. It is intended for institution administrators, IT staff, and anyone who wants to understand the technical and operational details of how we handle data.
This document should be read alongside our Privacy Policy.
2. Your Data Belongs to Your Institution
When your institution subscribes to AspireEdu AI, all data your staff enters belongs to your institution. We are a data processor acting on your instructions.
- We never use your institution's data for any purpose other than running the platform for you.
- We never share your data with other institutions.
- When you close your account, all your data is deleted — not anonymised, not archived, deleted.
- We do not claim ownership of any data you enter into the platform.
3. How Data Is Isolated Between Institutions
Every piece of data is stored under a path beginning with your institution's unique ID:
schools/{your_school_id}/students/schools/{your_school_id}/attendance/schools/{your_school_id}/faculty/schools/{your_school_id}/fees/schools/{your_school_id}/ai_conversations/ A query from Institution A physically cannot reach Institution B's data — it is architecturally impossible.
Double enforcement:
- Firestore Security Rules: The database rejects any read or write request that does not include a valid, authenticated institution ID.
- Application layer: Every API request extracts the institution ID from the authenticated user's session and scopes all database queries to that institution.
4. Where Data Is Stored
| Data type | Storage system | Location |
|---|---|---|
| Student, faculty, attendance, fee, and AI conversation records | Google Firebase Firestore | Google Cloud (global) |
| Uploaded files (e.g. bulk import CSVs) | Google Firebase Storage | Google Cloud (global) |
| User login credentials | Google Firebase Authentication | Google Cloud (global) |
| Application error and access logs | Local server logs (90-day retention) | AspireEdu application server |
| Payment records | Razorpay (planned) | Razorpay India infrastructure |
Note: Google Firebase operates globally. Data may be stored outside India. Google maintains ISO 27001 and SOC 2 Type II certifications. We are monitoring the DPDP Act 2023 for data localisation requirements.
5. How AI Features Handle Your Data
| Feature | What is sent to Gemini API | What is NOT sent |
|---|---|---|
| AI Chatbot | User message + school name + institution type | Full student records, raw personal data |
| Dropout Risk Prediction | Aggregated student metrics (attendance %, fee overdue flag) | Student name, ID, contact details |
| Student Progress Report | Aggregated performance summary | Raw marks entries, personal contact details |
| Question Paper Generator | Subject, difficulty, question count, syllabus topic | Any student data whatsoever |
| Dashboard Insight Cards | School-level aggregated statistics | Individual student records |
Key principle: We send the minimum data necessary for each AI task. We never send bulk personally identifiable records to the AI API.
6. Access Control — Who Can See What
| Role | What they can access |
|---|---|
| DEV-Admin (Aspire Code AI staff only) | Platform-level monitoring: institution list, license status, aggregate statistics. Cannot read individual student or faculty records. |
| USER-Admin (Principal / Correspondent) | Full access to their own institution's data only. |
| Faculty | Student list, attendance marking, AI tools, question paper generation. Cannot access fee records or edit/delete student profiles. |
| Student (Phase 2) | Own records only. |
| Parent (Phase 2) | Own child's records only. |
7. Encryption
| Where | Encryption |
|---|---|
| Data in transit | TLS 1.2+ (HTTPS). All HTTP traffic is redirected to HTTPS. |
| Data at rest (Firestore, Storage) | AES-256 encryption by Google at rest, by default. |
| Passwords | Managed by Firebase Authentication — never stored in plain text. |
| Session tokens | Signed server-side session cookies with HttpOnly, Secure, and SameSite=Lax flags. |
8. Data Retention and Deletion
During active subscription: All data is retained for the duration of your subscription.
After subscription ends or account is cancelled:
- 30-day grace period: Your data is frozen (read-only). You can export it or ask us to restore access.
- After 30 days: All institution data is permanently deleted using our cascade delete system.
- Billing records: Retained for 7 years as required by Indian tax law.
On-demand deletion: An institution administrator can request full data deletion at any time by contacting aspirecodeai@gmail.com. We will complete the deletion within 30 days and confirm it in writing.
What "deleted" means: Data is permanently removed from Firestore. It is not archived, not anonymised and retained, not backed up in a recoverable form after 30 days. Deletion is irreversible.
9. Backups
Firebase Firestore provides automated point-in-time recovery managed by Google, stored within Google's infrastructure under the same security controls as live data. Used only for disaster recovery — not for data mining or analysis.
10. Audit Logs
| Event | Logged |
|---|---|
| Login attempts (success and failure) | Yes |
| Session creation and expiry | Yes |
| Student record creation, update | Yes |
| Faculty record creation, update | Yes |
| Attendance marked | Yes |
| Fee status updated | Yes |
| AI feature invoked | Feature type and timestamp only (not full prompt/response) |
| Bulk import uploaded | Yes |
| Admin actions (school creation, deletion) | Yes |
Logs are retained for 90 days and used only for security investigations and debugging. Not shared with third parties.
11. Security Incident Response
- Contain — Isolate the affected system within 72 hours of discovery.
- Investigate — Determine the scope: what data was affected, how, and for how long.
- Notify — Email affected institution administrators. We will not delay notification to protect our reputation.
- Remediate — Fix the vulnerability and document the fix.
- Report — Report to the Data Protection Board of India as required under the DPDP Act, 2023.
To report a vulnerability: aspirecodeai@gmail.com with "Security" in the subject line. We will acknowledge within 48 hours.
12. Payment Data Handling (Planned — Razorpay)
When self-service subscription payments are enabled, payment processing will be handled by Razorpay, a PCI-DSS compliant payment gateway. We never store card numbers, CVV, UPI credentials, or net banking credentials. All payment information is entered directly on Razorpay's secure checkout page.
13. Data Portability — Exporting Your Data
| Data | Export method |
|---|---|
| Student records | CSV export from the Students module |
| Attendance records | CSV export from the Attendance module |
| Fee records | CSV export from the Fees module |
| Question papers | PDF download per paper |
| AI conversations | Planned — not yet available |
For a full data export in a specific format, contact aspirecodeai@gmail.com and we will provide it within 14 days.
14. Sub-Processors
| Sub-processor | Role | Location | Certification |
|---|---|---|---|
| Google LLC (Firebase) | Database, authentication, file storage | USA (global) | ISO 27001, SOC 2 Type II |
| Google LLC (Gemini API) | AI feature processing | USA | Google AI API Terms |
| Razorpay Software Pvt. Ltd. (planned) | Payment processing | India | PCI-DSS Level 1 |
| Cloudflare Inc. | Landing page CDN | USA (global CDN) | ISO 27001, SOC 2 |
15. Compliance
| Law | How we address it |
|---|---|
| IT Act, 2000 | HTTPS everywhere, no unauthorised access, data protection measures in place |
| IT (Reasonable Security Practices) Rules, 2011 | Role-based access, encryption, audit logs, incident response process |
| Digital Personal Data Protection Act, 2023 (DPDP Act) | Purpose limitation, data minimisation, consent framework, children's data protections, rights of data principals, grievance officer |
16. Questions and Contact
For questions about data handling, security practices, or to request a data export or deletion: