Compliance & Protection

Privacy Policy & Data Segregation Statement

Last formally updated: May 22, 2026 | Revision 4.2

1. Introduction

Welcome to EduManage, operated by EduManage Technologies Ltd ("we", "us", "our"). We act as a professional software provider specialized in modern school administrative scaling platforms. We recognize that our platform handles highly sensitive institutional, professional, and pupil data.

This document details our policies regarding the collection, processing, physical isolation, and protection of school tenant records, aligning strictly with standard legal structures globally. Depending on your onboarding contract, we act as both a Data Processor (handling records on behalf of school institutions) and a Data Controller (for administrator logins and technical telemetry logs).

2. Information We Collect

Our database architecture separates the data we collect into distinct functional categories. The scope of information depends on active student and teacher onboarding within individual school instances:

A. School Administrative Accounts

For administrative registrars, billing managers, and system operators who construct school profiles, we collect core organizational profile inputs:

  • Full Name, official institutional email, and authorized mobile number.
  • School registration code, geographical mailing address, and banking tax details for automated fee routing.

B. Academic & Staff Records (Processed under Tenant instruction)

Once a school tenant registers and gains its database namespace, school administrators upload academic records which are stored inside isolated schemas:

  • Pupil Profiles: Student names, official roll numbers, class/term affiliations, behavior records, and attendance histories.
  • Academic Grades: Course lists, subject marks, exam distributions, and cumulative GPA rankings.
  • Staff Profiles: Teacher and logistics driver rosters, employee IDs, official departments, and salary configurations.
  • Billing ledgers: Tuition records, transport stop fees, dynamic discounts, and invoice tracking history.

C. Automated Infrastructure Logs

To prevent malicious session exploits and database connection blockages, our servers log technical metadata during active sessions: IP addresses, browser user-agents, active session tokens, and database engine latency readouts.

3. Database Schema Isolation Architecture

EduManage utilizes a modern multi-tenant schema-based isolation model on a Postgres database cluster. This architecture ensures complete and physical boundary lines between different onboarded school tenants.

🛡️ Dedicated Schema Segregation Policy

Every registered school tenant has a dedicated PostgreSQL schema namespace inside our Neon cluster. School student details, teacher configurations, and billing registers are kept strictly within their designated database search path. School queries execute solely inside their own connection namespaces, ensuring that data leakage is technically impossible.

Because database connections are isolated, administrators are guaranteed that student records are never co-mingled or aggregated. Telemetry query performance is optimized via isolated transaction search paths, guaranteeing sub-millisecond execution times and robust protection against accidental cross-tenant leaks.

4. School & Child Privacy (COPPA & FERPA)

Because our SaaS records contain student details, our compliance framework adheres directly to the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA).

🏫 COPPA Compliance Boundaries

For pupils under 13, EduManage does not directly register or collect consent from children. Onboarded school institutions act as the authorized legal consenting agent on behalf of the parents (in loco parentis). The school certifies that student records are uploaded purely for institutional educational use and not for profiling, behavior tracking, or ad targeting.

Under FERPA, we act as a "School Official" with a legitimate educational interest. Student data remains under the direct control of the school institution, and we will never sell student records or share pupil details for advertising or profiling under any circumstances.

5. Sub-Processors Directory

To maintain high availability and seamless notification routing, we work with a curated group of sub-processors. Every sub-processor contract is reviewed annually for strict compliance with our safety frameworks:

Sub-Processor Service Provided Data Export Scope Location
Neon Cloud Inc. Serverless PostgreSQL Database Storage Isolated Tenant database schemas & schemas records US-East-1 (AWS AWS Region)
Amazon Web Services (AWS) Cloud Infrastructure & Immutable S3 Backups Backup archives, platform logs, static files US-East-1 (AWS AWS Region)
Stripe Inc. Payment Processing & Fee Gateway Merchant billing accounts, processed transactions United States
Twilio Inc. WhatsApp Alert Gateway API Parent phone numbers & tuition alert notifications Global Edge Nodes

6. Retention & Deletion Pipelines

Administrative log data is retained for a maximum of 180 days to support platform stability audits. Student records and database entries remain active as long as the parent institution has an active subscription.

Upon institutional subscription termination or formal request by a Super Admin, the school's dedicated schema is completely and permanently expunged from the PostgreSQL database. Schema drop processes prune all active tenant connection pools, evict active locks, drop target namespace schemas, and delete all linked S3 transaction backups within 30 business days.

7. GDPR & CCPA Rights Compliance Tool

Under the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), system operators and parents possess explicit rights to inspect, download, or purge personal data rosters.

Use our interactive compliance tool below to inspect or simulate safety workflows directly on our Neon isolation cluster:

🔒 Dynamic Compliance Control Center

Simulate standard legal security operations. All exports and actions log actions in real time for compliance logs.


      

    


    

      
8. Cookies Policy

      
EduManage uses cookies strictly for core session operation and security validation. We do not use third-party tracking, advertising, or marketing profiling cookies:

      
    
        
  • session_token: Keeps school administrators, teachers, and student portal credentials securely authenticated across requests (expires when session ends).
    • 
        
  • csrf_token: Crucial security token protecting all administrative forms against Cross-Site Request Forgery exploits.
    • 
      

    


    

      
9. Contact Compliance Officer

      
If you represent a school board, institutional security auditor, or parent group seeking to submit a formal data audit or seek clarification on our Postgres schema isolation, contact our security officer:

      

        Email: compliance@edumanage.io

        Mailing: Security & Regulatory Compliance Office, EduManage Technologies Ltd., 100 Enterprise Way, Suite 400, Wilmington, DE 19801