Privacy Policy
Effective date: June 5, 2026 · Last updated: 2026-05-30
A product of Aspire Code AI
1. Who We Are
AspireEdu AI is a product of Aspire Code AI, a software company registered in India under MSME. We build technology for educational institutions — schools, colleges, and universities.
When a school or college ("Institution") subscribes to AspireEdu AI, we provide them with a platform to manage students, staff, attendance, fees, and academics. In doing so, we handle data on behalf of that Institution.
2. Who This Policy Applies To
This policy covers personal data belonging to:
| Person | Examples of data we hold |
|---|---|
| Institution administrators (Principal, Correspondent, Trustee) | Name, email, phone, login credentials |
| Faculty and staff | Name, email, phone, department, login credentials |
| Students | Name, class/department, email, phone, attendance records, fee status, academic performance indicators |
| Parents / Guardians | Name, email, phone (Phase 2 — not yet active) |
| Website visitors | Email address (only if you submit the demo request form) |
We do not sell any of this data to anyone. Ever.
3. The Multi-Tenant Model — What This Means for Your Data
AspireEdu AI serves multiple institutions on a single platform. Your institution's data is completely isolated from every other institution's data — a student record at School A cannot be seen, accessed, or queried from School B.
This is enforced at two levels:
- Database level: Every piece of data is stored under your institution's unique ID in Firestore. A query from one institution cannot reach another institution's data — it is architecturally impossible, not just rule-enforced.
- Application level: Every API request is verified against your institution ID before any data is read or written.
Your data belongs to your institution. We are the data processor; your institution is the data controller.
4. What Data We Collect and Why
4.1 Data your Institution gives us
| Data | Why we collect it |
|---|---|
| Institution name, type, address | To set up your account and personalise the platform |
| Principal / admin name, email, phone | To create the admin account and for support communication |
| Student records (name, class, roll no., email, phone, date of birth) | To run the student management module |
| Faculty records (name, department, email, phone) | To run the faculty management module |
| Attendance data | To generate attendance reports |
| Fee records (amount, status, due date) | To run the fees and finance module |
| Academic performance data | To generate AI-powered progress reports and dropout risk predictions |
| AI chatbot conversations | To provide context-aware responses within your institution's scope |
| Question papers generated | To store and retrieve question papers your faculty create |
4.2 Data we collect automatically
| Data | Why |
|---|---|
| Login timestamps and session data | Security — to detect unauthorised access |
| Browser type and device | To maintain session security |
| Errors and application logs | To diagnose and fix bugs |
| IP address | Security and rate limiting |
We do not use cookies for advertising or tracking. Session cookies are used only to keep you logged in securely.
4.3 Data from the landing page
If you fill in the demo request form, we collect your name, institution, role, email, phone, and optionally your biggest operational challenge. This data is used solely to follow up with you and is not added to any marketing list without your explicit consent.
5. Children's Data
- Many students on the platform are under 18 years of age. We treat this data with additional care.
- Student data is entered and controlled by the Institution, which is responsible for obtaining appropriate consents from parents or guardians under applicable law.
- We do not directly collect data from students or children — all student data is provided by the Institution.
- Student data is never used for advertising, profiling, or any purpose outside the platform's educational functions.
- AI features (dropout prediction, progress reports) are used only to assist the Institution in supporting students — not to make automated decisions without human review.
- Under India's DPDP Act, 2023, processing of children's personal data requires verifiable parental consent. Institutions are responsible for ensuring this consent is obtained before entering student data.
6. How We Use Your Data
- Running the platform — providing the features your institution has subscribed to.
- AI features — generating attendance reports, dropout risk scores, progress summaries, question papers, and chatbot responses.
- Security and fraud prevention — detecting and blocking unauthorised access.
- Support — diagnosing and fixing problems you report.
- Billing — processing subscription payments via Razorpay.
- Legal compliance — meeting our obligations under Indian law.
We do not use your data to train AI models. We do not share your data with advertisers.
7. Third Parties We Share Data With
| Service | What they do | Privacy policy |
|---|---|---|
| Google Firebase | Database, login system, file storage | policies.google.com/privacy |
| Google Gemini API | Powers our AI features | ai.google.dev/terms |
| Razorpay (planned) | Payment processing | razorpay.com/privacy |
| Cloudflare | Hosts marketing website | cloudflare.com/privacypolicy |
Note on Google Gemini AI: We send only aggregated or contextual information required for each AI task — not full personally identifiable student records.
8. Data Storage and Location
All platform data is stored in Google Firebase Firestore on Google's global cloud infrastructure. Google maintains ISO 27001 and SOC 2 certifications. We are monitoring the DPDP Act, 2023 for data localisation requirements.
9. How Long We Keep Your Data
| Data | Retention period |
|---|---|
| Active institution data | Duration of your subscription |
| Data after subscription ends | 90 days after cancellation, then permanently deleted |
| AI chatbot conversations | 12 months, then deleted |
| Application logs | 90 days |
| Demo request form data | 6 months or until contact is made |
| Billing records | 7 years (as required under Indian tax law) |
10. Your Rights Under the DPDP Act, 2023
- Right to information — Request a summary of what personal data we hold about you.
- Right to correction — Request correction of inaccurate personal data.
- Right to erasure — Request deletion of your personal data, subject to legal retention requirements.
- Right to grievance redressal — Raise a complaint with our Grievance Officer (see Section 14).
- Right to nominate — Nominate another person to exercise these rights on your behalf.
For institutions: Email aspirecodeai@gmail.com with "Data Rights Request" in the subject line. We will respond within 30 days.
11. Security
- Encryption in transit: All data transmitted over HTTPS/TLS.
- Encryption at rest: Firebase Firestore encrypts data at rest by default (AES-256).
- Authentication: Firebase Authentication — passwords never stored in plain text.
- Role-based access control: Every user can only access data appropriate to their role.
- Rate limiting: All API endpoints are rate-limited to prevent abuse.
- CSRF protection: All web forms are protected against cross-site request forgery.
To report a security vulnerability: aspirecodeai@gmail.com with "Security" in the subject line.
12. Data Breach Notification
In the event of a data breach we will:
- Investigate and contain the breach within 72 hours of discovery.
- Notify affected institutions promptly with details of what data was affected.
- Report to the Data Protection Board of India as required under the DPDP Act, 2023.
13. Changes to This Policy
When we make material changes we will update the "Last updated" date and notify institution administrators by email at least 14 days before changes take effect.
14. Contact and Grievance Officer
For any questions, requests, or complaints about your data:
If you are not satisfied with our response, you may approach the Data Protection Board of India once it is constituted under the DPDP Act, 2023.