Privacy Policy

1. Introduction

SheraAI LMS ("we," "our," "us," or the "Company") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Learning Management System application and related services (collectively, the "Service").

By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you voluntarily provide when registering for or using our Service:

• Account Information: Full name, email address, phone number, password (encrypted), profile photo, role/position
• Institutional Information: School/institution name, address, contact details, registration numbers
• Student Information: Student names, roll numbers, class assignments, academic records, attendance data, fee payment history
• Parent/Guardian Information: Parent names, contact numbers, relationship to students, emergency contact details
• Staff Information: Employee details, qualifications, assigned subjects/classes, salary information (for accountants)
• Payment Information: Fee structures, payment records, transaction references (we do not store complete credit card numbers)

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

• Device Information: Device type, operating system, unique device identifiers, mobile network information
• Log Data: IP address, access times, pages viewed, app crashes, system activity
• Location Data: Approximate location based on IP address (precise location only if explicitly permitted for attendance features)
• Usage Data: Features used, interactions within the app, time spent on different sections

2.3 Information from Third Parties

We may receive information from third-party services:

• Authentication Providers: If you sign in using Google or other OAuth providers
• SMS Gateway Providers: Delivery reports for SMS notifications
• Analytics Services: Aggregated usage analytics

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• To create and manage user accounts
• To provide role-based access to features
• To process attendance records and academic data
• To manage fee collection and generate receipts
• To send SMS notifications to parents and students
• To enable assignment submission and grading
• To synchronize offline data with cloud storage

3.2 Communication

• To send important updates about the Service
• To respond to your inquiries and support requests
• To send promotional communications (with your consent)
• To notify about security incidents or policy changes

3.3 Improvement & Analytics

• To analyze usage patterns and improve features
• To troubleshoot technical issues
• To develop new features based on user needs
• To conduct research and analysis

3.4 Legal & Security

• To comply with legal obligations
• To protect our rights and property
• To prevent fraud and abuse
• To enforce our Terms of Service

4. Data Storage & Security

4.1 Storage Infrastructure

Your data is stored on Google Firebase infrastructure, which provides:

• Industry-standard encryption at rest and in transit
• Secure data centers with physical security measures
• Regular security audits and compliance certifications
• Redundant storage for data durability

4.2 Security Measures

We implement robust security measures including:

• Encryption: All data is encrypted using AES-256 encryption
• Access Controls: Role-based access control (RBAC) ensuring users only access authorized data
• Authentication: Secure authentication with password hashing and optional two-factor authentication
• Security Rules: Firebase security rules prevent unauthorized data access
• Regular Audits: Periodic security assessments and vulnerability testing
• Incident Response: Established procedures for security incident handling

5. Data Sharing & Disclosure

5.1 Within Your Institution

Data is shared within your educational institution based on roles:

• Super Admins can access all data across managed schools
• School Admins can access their school's complete data
• Teachers can access data for their assigned classes
• Parents can access their children's data only
• Students can access their own records

5.2 Third-Party Service Providers

We share data with service providers who assist in operating our Service:

• Google Firebase: Cloud infrastructure and authentication
• SMS Gateway Providers: For sending SMS notifications
• Analytics Providers: For usage analytics (anonymized data)
• Payment Processors: For handling subscription payments

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes (court orders, subpoenas)
• Government requests in accordance with law
• To protect our rights, privacy, safety, or property
• To prevent fraud or illegal activity

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. Your Rights & Choices

6.1 Access & Portability

You have the right to:

• Access the personal data we hold about you
• Request a copy of your data in a portable format
• Review and verify the accuracy of your data

6.2 Correction & Deletion

You have the right to:

• Request correction of inaccurate information
• Request deletion of your personal data (subject to legal retention requirements)
• Withdraw consent for optional data processing

6.3 Communication Preferences

You can:

• Opt-out of promotional emails via unsubscribe links
• Adjust notification settings within the app
• Request to stop SMS notifications

6.4 Account Deletion

To delete your account:

• Contact your School Admin or Super Admin
• Email us at support@shera-ai.com with your deletion request
• Note: Some data may be retained for legal/compliance purposes

6.5 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR:

• Right to restriction of processing
• Right to object to processing
• Right not to be subject to automated decision-making
• Right to lodge a complaint with a supervisory authority

7. Cookies & Tracking Technologies

7.1 Cookies We Use

Our web services use cookies for:

• Essential Cookies: Required for basic functionality and security
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use our services

7.2 Mobile App Tracking

Our mobile app may use:

• Firebase Analytics for usage tracking
• Crash reporting services for stability improvement
• Local storage for offline functionality

7.3 Your Cookie Choices

You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality.

8. Children's Privacy

Our Service is designed for educational use and may include children under 13 (or applicable age in your jurisdiction).

8.1 Parental Consent

• Student accounts for children under 13 are created by school administrators or parents
• Parents/guardians provide consent through the school enrollment process
• We collect only information necessary for educational purposes

8.2 Parental Rights

Parents/guardians can:

• Review their child's information through their parent account
• Request correction or deletion of their child's data
• Refuse further collection or use of their child's information

8.3 COPPA Compliance (US)

We comply with the Children's Online Privacy Protection Act (COPPA) and similar international regulations for children's data protection.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

• We use Google Firebase servers which may store data in multiple regions
• We implement appropriate safeguards for international transfers
• By using our Service, you consent to such transfers

10. Data Retention

We retain your information for as long as necessary to:

• Provide our Services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain academic records (as required by educational regulations)

Retention Periods

• Active Accounts: Data retained while account is active
• Inactive Accounts: Deleted after 2 years of inactivity (with prior notice)
• Academic Records: May be retained longer per educational requirements
• Financial Records: Retained for 7 years for tax/audit purposes
• Backup Data: Retained for up to 90 days after deletion

11. Third-Party Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for their privacy practices.

11.1 Third-Party Services We Use

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification for material changes
• Displaying an in-app notification

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the new Privacy Policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

For data protection inquiries in the EU, you may also contact our Data Protection Officer at dpo@shera-ai.com