SchoolRipe Privacy Policy (Multi-School Management System)

Welcome to SchoolRipe, a Multi-School Management System (SMS). We take the privacy and security of school, staff, and student data with the utmost seriousness. This policy outlines our firm commitment to acting as a responsible Data Processor, exclusively serving the needs of our Data Controllers (the schools).

Crucial Distinction (Controller vs. Processor): The School (You): You are the Data Controller. You decide what personal data is entered into SchoolRipe, why it is used, and how long it is kept. You are responsible for obtaining all necessary consents from staff, students, and parents/guardians. The Platform (We/Us): We are the Data Processor. We host and process the data strictly on your behalf and according to your instructions and our service agreement.

  1. Information We Collect and Process

    We collect and process the data necessary to provide comprehensive multi-school management services. This data is input directly by the authorized school administrator or staff.

    • System Administrator Data: Name, business email, phone number, and secure login credentials for the master account holder.
    • School & Operational Data: Official school name(s), address(es), contact details, academic calendar, class/section structures, and subject details.
    • Staff Data: Full name, staff role (Teacher, Principal, Admin, etc.), contact information, and role-based login credentials.
    • Student Data (Sensitive): Full name, date of birth, gender, admission date, parent/guardian contact details, and all academic records (grades, marks, attendance, promotion history). We strictly advise against inputting data not required for school management.
    • Technical Usage Data: IP address, browser information, and system logs necessary for security, maintenance, and troubleshooting.

  2. How We Use the Information (The Purpose)

    We use the information exclusively to provide the core functionalities of the SchoolRipe system under the direction of the Data Controller. Our use is limited to the following purposes:

    • Core Service Delivery: To manage school enrollment, process student promotions, track attendance, and facilitate the generation of official documents (report cards, time tables, ID cards, marksheet, class lists).
    • Security and Access Control: To authenticate all users and enforce the strict role-based permissions granted by the school, ensuring only authorized staff can access specific data.
    • Support and Maintenance: To respond to technical support requests and diagnose/fix system errors.

  3. Data Sharing, Sale, and Third Parties

    • NO Data Sale: SchoolRipe affirms that we do not sell, rent, trade, or share any Personal Information, Staff Data, or sensitive Student Data to any third parties for marketing, advertising, or profiling purposes, under any circumstances.
    • Internal Sharing: Data is shared only with authorized staff members within the specific school instance to perform their defined administrative or teaching duties.
    • Sub-Processors: We may use highly vetted sub-processors (e.g., secure cloud hosting providers) to perform technical functions on our behalf. These sub-processors are legally bound by contract to adhere to this Privacy Policy and may not use the data for any other purpose.
    • Legal Disclosure: We will only disclose information if required by a legal obligation, a binding court order, or a government request, and we will notify the Data Controller unless legally prohibited from doing so.

  4. Data Security, Integrity, and Retention

    • Robust Security: We enforce industry-standard technical and organizational security measures, including encryption of data both in transit (TLS/SSL) and at rest, to protect against unauthorized access, loss, or corruption.
    • Password Security: All user passwords are securely hashed and salted, making them indecipherable to anyone, including our system administrators.
    • Data Integrity: We commit to maintaining the integrity and availability of the data to ensure continuity of service for the school.
    • Retention and Deletion: We retain the data as long as the school maintains an active subscription. Upon termination, the school must retrieve all data. We will securely and permanently delete or de-identify all associated data within a timeframe specified in the service agreement.

  5. Data Controller Responsibilities

    The subscribing organization (the Data Controller) is responsible for:

    • Ensuring compliance with local laws regarding the collection and use of personal data.
    • Obtaining and documenting all required consents from staff, students, and parents/guardians.
    • Managing user credentials, maintaining access privileges, and responding to individual rights requests (e.g., data access or deletion).

  6. Changes to This Policy

    • SchoolRipe reserves the right to update this Privacy Policy to ensure continued legal compliance or to reflect changes in our service.
    • We will provide notification of significant changes to the system administrator through the platform or by email. Your continued use of the service constitutes agreement to the revised terms.

By using SchoolRipe, you confirm that you have read and accepted this robust Privacy Policy. For any questions, please contact us directly at support@schoolripe.com.