Privacy Policy

IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The data controller and owner of this Platform is:

Brand Name: VidyaSetu

Website: vidyasetu.pro

Contact Email: support@vidyasetu.pro

Jurisdiction: Gorakhpur, Uttar Pradesh, India

For all matters related to data privacy, data access, corrections, or complaints, you may contact us at the above-mentioned email address. We shall endeavour to respond to all queries within a reasonable time and in compliance with applicable Indian law, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and the Digital Personal Data Protection Act, 2023, to the extent applicable and notified.

SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to:

• Personal data collected through the website vidyasetu.pro, including registration forms, contact forms, billing pages, and enquiry forms;
• Personal and sensitive personal data collected through ERP systems deployed on sub-domains of vidyasetu.pro (e.g., schoolname.vidyasetu.pro) on behalf of our client educational institutions;
• Data collected through email, phone, WhatsApp, SMS, or any other communication channel used in connection with our services;
• Data collected via third-party integrations, APIs, or tools embedded in or connected with the Platform.

This Privacy Policy does not govern the privacy practices of third-party websites linked from our Platform. VidyaSetu is not responsible for the privacy policies or practices of any third-party websites.

CATEGORIES OF DATA SUBJECTS AND DATA COLLECTED

Schools retain ownership of the data they enter into Vidya Setu ERP. We do not sell school, student, parent, or staff data. Data is processed only to provide the agreed services and support the institution's ERP operations.

3.1 Data Collected from Clients (School / College / Institute Owners and Administrators)

When a school, college, or educational institution registers with VidyaSetu, subscribes to our ERP services, or engages with our billing or renewal processes, we collect the following information from the authorised representative or owner:

• Full name of the authorised person;
• Mobile phone number;
• Email address;
• Institutional/business address;
• Institution name and type;
• Billing and payment-related information (to the extent necessary for invoicing and service renewals);
• Communication history with our support team.

This data is collected solely for the purposes of account creation, service provisioning, billing, license renewals, technical support, communication regarding updates, and related application services. We do not use this information for unsolicited marketing to third parties.

3.2 Data Collected via the ERP System (Students, Teachers, Employees, Guardians)

VidyaSetu installs and configures the ERP software on sub-domains of vidyasetu.pro for each client institution. Once the ERP is fully configured and data migration is complete, VidyaSetu does not retain access to, store, or maintain credentials or administrative access to the installed ERP systems. The client institution becomes the sole owner and data controller of all data entered into their ERP instance.

The categories of personal data that may be collected within the ERP by the client institution include, but are not limited to:

• Students: Name, date of birth, gender, photograph, Aadhaar number (if mandated by government), address, parent/guardian information, academic records, fee payment history, biometric data (if biometric attendance is enabled), examination results, and certificates;
• Parents/Guardians: Name, mobile number, email address, relationship to student, and emergency contact details;
• Teachers and Employees: Name, photograph, Aadhaar/PAN number, contact details, designation, salary and banking details, attendance records, and professional qualifications;
• General: Login credentials (username/password), WhatsApp/SMS communication logs, vehicle tracking data (if school vehicle tracking is enabled).

Data collected through the ERP is used by the client institution for purposes including admission processing, fee collection, salary disbursement, attendance management, examination and results management, issuance of certificates, compliance with government requirements, and other legitimate institutional purposes.

PURPOSE OF DATA COLLECTION AND PROCESSING

VidyaSetu collects and processes personal data for the following clearly defined purposes:

• Account Registration and Service Delivery: To create and manage client accounts, provision ERP services, and ensure seamless delivery of the Platform's features.
• Billing and Payments: To process payments, issue invoices, manage subscriptions, and facilitate renewals of ERP licences.
• Technical Support and Communication: To provide customer support, resolve technical issues, and communicate important updates, announcements, or changes to our services.
• Third-Party Integrations: To facilitate authorised integrations such as WhatsApp Business API (Meta), SMS gateway providers, email service providers, biometric device manufacturers, and payment gateways. Data shared with such third parties is limited to what is strictly necessary for the integration to function.
• Legal and Regulatory Compliance: To comply with applicable laws, regulations, court orders, or lawful requests from government authorities.
• Security and Fraud Prevention: To monitor, detect, and prevent fraudulent or unauthorised use of the Platform.

LEGAL BASIS FOR PROCESSING

VidyaSetu processes personal data on the following legal bases:

• Contractual Necessity: Processing necessary for the performance of a contract between VidyaSetu and the client institution or the data subject;
• Consent: Where individuals have provided their explicit and free consent, particularly for communication via WhatsApp, SMS, or email;
• Legitimate Interests: For security, fraud prevention, and improvement of services, where such interests are not overridden by the rights of the data subject;
• Legal Obligation: Where processing is required to comply with applicable Indian laws, including regulations under the Ministry of Education, the DPDP Act 2023, or other governmental authorities;
• Vital Interests: In emergency situations involving the safety or welfare of a child or individual.

DATA RETENTION

VidyaSetu retains client data (collected at the time of registration and billing) for the duration of the service agreement and for a period of three (3) years thereafter, unless a longer retention period is required by applicable law or for the resolution of disputes. Upon termination of the service agreement, VidyaSetu will, upon written request by the client, delete or anonymise the client's personal data from its primary systems within a reasonable time, subject to any legal retention obligations.

VidyaSetu does not retain credentials or administrative access to the ERP instances installed on client sub-domains after the completion of setup and configuration. The client institution is solely responsible for the retention and security of data within their ERP system.

DATA SHARING AND DISCLOSURE

VidyaSetu is firmly committed to protecting the privacy of its clients and the data subjects of its client institutions. We do not sell, rent, lease, or otherwise commercially disclose personal data to any third party.

Data may be shared in the following limited and controlled circumstances:

7.1 Authorised Third-Party Service Providers and Integrations

To enable the full functionality of the ERP Platform, VidyaSetu may share limited data with third-party providers, including:

• Meta Platforms, Inc. (for WhatsApp Business API messaging functionality);
• SMS gateway providers (for automated SMS notifications to students, parents, and staff);
• Email service providers (for transactional and notification emails);
• Payment gateway providers (for fee collection and billing purposes);
• Biometric device manufacturers or software vendors (for attendance management integration);
• School vehicle tracking service providers (for GPS-based vehicle monitoring).

All such third-party providers are bound by appropriate data processing agreements and are permitted to use the data solely for the purpose of providing the specified service. VidyaSetu does not authorise these providers to use the data for their own independent purposes.

7.2 Legal and Regulatory Disclosure

VidyaSetu may disclose personal data to government authorities, law enforcement agencies, courts, or regulatory bodies where required to do so by law, court order, or legal process, or where VidyaSetu reasonably believes such disclosure is necessary to protect the rights, property, or safety of VidyaSetu, its clients, or the public.

7.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or substantially all of the assets of VidyaSetu, personal data may be transferred to the successor entity, subject to the same privacy obligations as set out in this Policy. Affected users will be notified of any such transfer.

DATA SECURITY

VidyaSetu implements reasonable and appropriate technical, administrative, and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include, but are not limited to:

• Use of HTTPS (SSL/TLS) encryption for all data transmitted through the Platform;
• Secure storage of client account credentials using industry-standard hashing algorithms;
• Access controls and role-based permissions within the ERP Platform;
• Regular security audits and vulnerability assessments;
• Restricted access to production systems on a need-to-know basis.

Notwithstanding the above, no system or method of electronic transmission or storage is completely secure. VidyaSetu cannot guarantee absolute security of data. In the event of a data breach that is likely to adversely affect the rights of data subjects, VidyaSetu will notify the affected parties and relevant authorities in accordance with applicable law.

SENSITIVE PERSONAL DATA OR INFORMATION (SPDI)

Certain data collected through the ERP system may qualify as Sensitive Personal Data or Information (SPDI) under the IT (SPDI) Rules, 2011, or as sensitive personal data under the DPDP Act, 2023, including biometric data, financial information, and Aadhaar numbers.

VidyaSetu processes such data only to the extent strictly necessary for the legitimate educational and administrative functions of the client institution, in accordance with applicable law. VidyaSetu does not independently collect SPDI from students, teachers, or employees; such data is collected and managed by the client institution within their ERP instance.

Client institutions are independently responsible for obtaining any required consent for the collection of SPDI from data subjects, and for complying with the provisions of the IT Act, SPDI Rules, DPDP Act, and any other applicable regulation governing the collection of such data.

RIGHTS OF DATA SUBJECTS

Subject to applicable Indian law, data subjects may have the following rights with respect to their personal data:

• Right of Access: The right to request access to personal data held by VidyaSetu or the client institution;
• Right of Correction: The right to request correction of inaccurate or incomplete personal data;
• Right of Erasure: The right to request deletion of personal data, subject to legal retention obligations;
• Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of prior processing;
• Right to Grievance Redressal: The right to lodge a complaint regarding the processing of personal data.

For exercising any of the above rights in relation to data held by VidyaSetu (as data controller), data subjects may contact us at support@vidyasetu.pro. For data held within a client institution's ERP instance, data subjects should direct their requests to the respective institution, which is the data controller for such data.

COOKIES AND TRACKING TECHNOLOGIES

The website vidyasetu.pro may use cookies, web beacons, and similar tracking technologies to enhance user experience, analyse website traffic, and improve our services. Cookies are small text files stored on your device. The categories of cookies we may use include:

• Strictly Necessary Cookies: Required for the operation of the website and cannot be switched off;
• Performance/Analytics Cookies: Used to understand how visitors interact with the website (e.g., Google Analytics);
• Functionality Cookies: Used to remember your preferences.

You may disable cookies through your browser settings; however, doing so may affect certain functionalities of the website. By continuing to use the website, you consent to our use of cookies as described herein.

CHILDREN'S PRIVACY

The ERP system deployed by VidyaSetu for client institutions processes data of children, including students below the age of 18 years, as part of legitimate educational and administrative functions. Such data is collected and managed by the client institution on the basis of the rights and obligations of the institution as an educational entity recognised under Indian law.

VidyaSetu does not directly solicit or knowingly collect personal information from children via the website vidyasetu.pro. If VidyaSetu becomes aware that personal data of a child has been collected without appropriate authorisation, it will take immediate steps to delete such data.

DATA LOCALISATION AND CROSS-BORDER TRANSFERS

VidyaSetu stores data primarily on servers located in India. Any transfer of personal data outside India shall be carried out in compliance with applicable provisions of the DPDP Act, 2023, and any rules or regulations framed thereunder. VidyaSetu will ensure appropriate safeguards, including contractual obligations, are in place before transferring personal data to any foreign entity.

AMENDMENTS TO THIS PRIVACY POLICY

VidyaSetu reserves the right to modify, update, or revise this Privacy Policy at any time. Material changes will be communicated to registered clients via email or through a prominent notice on the website. The revised Policy will be effective from the date of publication on the website. Continued use of the Platform after notification of changes constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.

ACKNOWLEDGEMENT AND DECLARATION

BY ACCESSING OR USING THE PLATFORM, YOU UNCONDITIONALLY ACKNOWLEDGE THAT:

• You have read and fully understood this Privacy Policy;
• You agree to be legally bound by all conditions, and obligations set out herein;
• You have the legal capacity and authority to enter into this Agreement;
• You accept the exclusive jurisdiction of the District Court of Gorakhpur, Uttar Pradesh, India for the resolution of any disputes.

© 2025 VidyaSetu. All rights reserved. | vidyasetu.pro

Jurisdiction: District Court of Gorakhpur, Uttar Pradesh, India