Privacy Policy - Wisdom International School & College Mobile Application

1. Introduction

At Wisdom International School & College ("Wisdom," "we," "us," or "our"), we are deeply committed to protecting the privacy and security of our users, including students, parents, guardians, teachers, and administrative staff. This Privacy Policy ("Policy") governs the collection, use, disclosure, storage, and protection of personal information collected through our mobile application ("App"), available on the Google Play Store. The App is designed to facilitate educational services, communication, and administrative functions for our school community.

By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to the terms of this Policy. If you do not agree, please do not use the App. This Policy is intended to comply fully with the Google Play Developer Program Policies, the Family Educational Rights and Privacy Act (FERPA) where applicable, the Children's Online Privacy Protection Act (COPPA) for users under 13, the General Data Protection Regulation (GDPR) for EU residents if relevant, and Bangladesh's Digital Security Act and other local data protection laws.

Scope: This Policy applies only to information collected via the App. It does not apply to information collected through our website, physical school premises, or other offline methods, which are governed by separate policies. We encourage parents and guardians to actively supervise their children's use of the App and review this Policy regularly.

Important Note: The App is not intended for general public use but for verified members of the Wisdom International School & College community. Unauthorized access or use may result in account suspension and legal action.

2. Definitions

To ensure clarity, key terms used in this Policy are defined as follows:

Personal Information: Any data that identifies or can be used to identify an individual, such as names, email addresses, phone numbers, or student IDs.
Sensitive Personal Information: Data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric information (we minimize collection of such data).
Children/Minors: Users under the age of 13 (or the applicable age in their jurisdiction), in line with COPPA and similar laws.
User: Any individual who accesses or uses the App, including students, parents, guardians, and staff.
Third Party: Any entity other than Wisdom, such as service providers, educational partners, or legal authorities.

3. Information We Collect

We collect only the information necessary to provide our educational services and improve the App. Collection methods include direct input by users, automatic tracking, and integrations with school systems. We prioritize minimizing data collection, especially for children.

3.1 Personal Information Provided by Users

Student details: Full name, date of birth, grade level, student ID, academic records (e.g., grades, attendance), and emergency contact information.
Parent/Guardian details: Names, relationship to student, email addresses, phone numbers, and addresses for communication purposes.
Staff details: Professional information such as employee ID, role, and contact details for internal use.
Account creation data: Username, password (hashed), and profile preferences during registration.
Voluntary submissions: Feedback, uploaded documents (e.g., photos of assignments or report cards), or messages sent via in-App chat.

For minors, all personal information is collected only with verifiable parental consent, obtained through secure methods like email verification or signed forms.

3.2 Automatically Collected Information

Device and App Usage Data: IP address, device type (e.g., Android version), unique device identifiers (e.g., Android ID, Google Advertising ID), app version, crash logs, and session duration. This helps us debug issues and optimize performance.
Analytics Data: Aggregated, pseudonymized data on App interactions (e.g., features used, time spent on screens) collected via Google Analytics for Firebase. No personally identifiable information is linked without consent.
Location Data: Only if you explicitly enable location services for features like school event reminders or campus navigation. This is optional and can be disabled in device settings.
Permissions Data: Access to camera, microphone, or storage only when needed (e.g., for uploading photos) and with user prompt and consent.

3.3 Cookies, Trackers, and Similar Technologies

The App uses essential cookies and local storage for functionality (e.g., remembering login state). We do not use third-party cookies for advertising. You can clear App data or reset advertising IDs via your device settings. For detailed controls, refer to Google's privacy settings.

Data Minimization: We do not collect financial information (e.g., payment details) unless integrated with a secure third-party payment gateway, in which case it is handled directly by that provider without storage on our servers.

4. How We Use Your Information

All data processing is lawful, fair, and transparent. We use information for the following purposes, always with a legitimate basis (e.g., contract performance, legal obligation, or consent):

Educational Services: To deliver core App features, such as viewing grades, submitting assignments, accessing lesson plans, and tracking attendance.
Communication: Sending notifications about school events, academic updates, emergencies, or parent-teacher meetings via push notifications, email, or in-App messaging. You can opt out of non-essential communications.
Administrative Functions: Processing enrollments, generating reports, and managing user accounts.
App Improvement: Analyzing usage patterns to enhance usability, fix bugs, and develop new features. Aggregated data may inform school-wide decisions.
Security and Compliance: Detecting fraud, enforcing terms of use, and fulfilling legal requirements (e.g., retaining records for audits under education regulations).
Personalization: Customizing content (e.g., grade-specific resources) with user consent.

We retain data only as long as necessary for these purposes or as required by law (see Section 9 for retention details). Processing occurs on secure servers in Bangladesh, with backups in compliant cloud services.

5. Sharing and Disclosure of Information

Wisdom does not sell, rent, or trade personal information for commercial purposes. Sharing is limited, secure, and purpose-bound:

5.1 Within the School Community

With authorized school staff (e.g., teachers accessing student grades) under strict access controls and confidentiality oaths.
With parents/guardians for their child's information, ensuring family-linked access.

5.2 With Third Parties

Service Providers: Trusted vendors like Google Cloud for hosting, Firebase for analytics, or email services (e.g., SendGrid). They are bound by data processing agreements (DPAs) prohibiting use beyond our instructions and requiring equivalent security measures.
Educational Partners: Limited sharing with affiliated institutions (e.g., for joint programs) only with user consent and anonymization where possible.
Legal Disclosures: To comply with court orders, government requests, or to protect rights, property, or safety (e.g., reporting child welfare issues).
Business Transfers: In case of merger, acquisition, or asset sale, data may transfer to the successor entity, with prior notice and an opportunity to opt out.

5.3 No Sharing for Marketing

We do not share data with third parties for their marketing, advertising, or profiling. For children's data, no sharing occurs without parental consent, and never for behavioral advertising.

International Transfers: If data is transferred outside Bangladesh (e.g., to U.S.-based Google services), we ensure adequacy through standard contractual clauses or binding corporate rules, maintaining equivalent protection levels.

6. Children's Privacy

The App primarily serves our school community, where many users are children under 13. We adhere strictly to COPPA and equivalent laws:

Verifiable Parental Consent: Before collecting personal information from children, we obtain consent from parents/guardians via secure methods (e.g., credit card verification, video call, or signed consent forms). Students cannot create accounts independently.
No Targeted Advertising: The App does not display ads, and we do not use children's data for marketing or sharing with ad networks.
Parental Controls: Parents can access, review, delete, or challenge their child's data at any time. We provide tools in the App for parents to manage privacy settings.
Incidental Collection: If we unknowingly collect data from a child without consent, we will delete it within 10 business days upon discovery.
School-Sponsored Exemption: Certain internal educational uses (e.g., class assignments) may qualify under COPPA's school-sponsored exception, but we still prioritize privacy.

Parents: To report concerns or request verification processes, contact us immediately (see Section 12). We do not condition participation in school activities on providing more data than necessary.

7. Data Security

Protecting your data is paramount. We employ a multi-layered security framework:

Technical Measures: Data encryption in transit (TLS 1.3) and at rest (AES-256), secure authentication (e.g., multi-factor where available), and regular vulnerability scans.
Organizational Measures: Employee training on data protection, access limited to "need-to-know" basis, and annual security audits by independent third parties.
Incident Response: In the event of a breach, we will investigate promptly, notify affected users within 72 hours (as per GDPR-like standards), and report to authorities (e.g., Bangladesh's ICT Division) as required. Mitigation steps include data isolation and forensic analysis.
User Responsibilities: You must safeguard your login credentials and report suspicious activity. We recommend using strong passwords and enabling device locks.

While we strive for robust protection, no online system is infallible. Users acknowledge inherent risks and use the App at their own discretion.

8. Your Rights and Choices

We respect your privacy rights under applicable laws. Depending on your location, you (or parents for children) may:

Access and Portability: Request a copy of your data in a machine-readable format (e.g., JSON or CSV).
Correction and Update: Amend inaccurate or outdated information via the App or by contacting us.
Deletion ("Right to be Forgotten"): Request erasure, subject to legal retention (e.g., 7 years for academic records). We delete within 30 days.
Objection and Restriction: Object to processing for non-essential purposes (e.g., analytics) or restrict use during disputes.
Withdraw Consent: Revoke consent for specific processing (e.g., notifications), which may affect App features. Withdrawal does not retroactively affect lawful prior processing.
Opt-Out Options: Disable personalized ads or analytics via device settings (e.g., Google Ads Settings) or by contacting us. For push notifications, use App or device controls
Opt-Out Options: Disable personalized ads or analytics via device settings (e.g., Google Ads Settings) or by contacting us. For push notifications, use App or device controls.

To exercise these rights, submit a verifiable request via the App's privacy dashboard or by contacting our Data Protection Officer (see Section 12). We verify identity before responding and process requests free of charge, unless excessive. Responses are provided within one month, extendable if complex. If unsatisfied, you may contact supervisory authorities (e.g., Bangladesh Personal Data Protection Commission or FTC for COPPA).

9. Data Retention and Deletion

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Retention periods are determined based on the nature of the data and legal obligations:

Active Use: Account data, usage logs, and communication records are retained while your account is active, plus a 30-day grace period post-deletion for backups and recovery purposes.
Educational Records: Student academic data (e.g., grades, attendance) is kept for at least 7 years after graduation or withdrawal, in compliance with Bangladesh's education laws and FERPA-equivalent standards.
Legal Holds: Data may be retained longer if subject to litigation, audits, regulatory investigations, or other legal requirements (e.g., tax or child protection records).
Anonymous/Aggregated Data: Once data is anonymized (e.g., usage statistics for App improvements), it may be retained indefinitely for research, statistical analysis, or reporting, as it no longer identifies individuals.
Children's Data: Retained only with ongoing parental consent; deleted immediately upon consent withdrawal or account closure, except where legally required.

Upon expiration of retention periods or a valid deletion request, we securely delete or anonymize data using industry-standard methods (e.g., overwriting or secure erasure). Users can request deletion at any time, subject to exceptions noted above. For details on automated deletion processes in the App, refer to the account settings.

Backup Copies: Data may persist in secure backups for up to 90 days after deletion to prevent accidental loss, but access is restricted and not used for active processing.

10. Third-Party Links and Services

The App may include links to third-party websites, services, or integrations (e.g., Google Sign-In for authentication, YouTube for educational videos, or external payment processors). These are provided for convenience but are not under our control:

We are not responsible for the privacy practices, content, or security of third-party sites or apps. Always review their privacy policies before sharing information.
Integrations like Google Analytics for Firebase or push notification services (e.g., Firebase Cloud Messaging) may collect limited data on our behalf, as disclosed in Section 3. We select partners with strong privacy commitments and audit their compliance.
If the App uses social media sharing features (e.g., linking to Facebook or WhatsApp), any data shared is governed by those platforms' policies.
No third-party SDKs are used for tracking or advertising without explicit disclosure and user consent.

For a list of current third-party services, check the App's "About" section or contact us. We recommend managing third-party app permissions through your device's settings to control data flow.

11. Changes to This Privacy Policy

Wisdom reserves the right to update this Policy periodically to reflect changes in our practices, technology, or legal requirements. We strive to keep users informed:

Notification: Minor updates will be posted here with a revised "Last Updated" date. Significant changes (e.g., new data collection purposes) will be notified via in-App alerts, email (for registered users), or push notifications at least 30 days in advance.
Effective Date: Changes take effect on the date specified in the Policy. Continued use of the App after the effective date constitutes acceptance of the updates.
Review Frequency: We encourage users, especially parents, to review this Policy regularly. Historical versions may be available upon request for transparency.
Material Changes: If changes affect children's privacy or user rights substantially, we will seek renewed parental consent where required under COPPA.

This Policy was last reviewed and updated on [Insert Current Date, e.g., December 15, 2023]. For questions about changes, contact us (see Section 12).

12. Contact Us

If you have questions, concerns, complaints, or requests regarding this Privacy Policy, your personal information, or our data practices, please reach out to our dedicated Data Protection Officer. We aim to respond promptly and professionally.

Wisdom International School & College Data Protection Officer
Address: 8/1 Momenshahi Tower, Panditpara, Mymensingh, Bangladesh
Hotline: 09611 678 026 (Available Sunday–thirsday, 7AM– 10PM BST)
Email: [email protected] (Subject: "Privacy Policy Inquiry – [Your Name/Student ID]")
App Support: Use the in-App feedback form for quick resolution.

For Children's Privacy (COPPA): Provide verifiable parental details for verification. We offer a dedicated process for consent management or data challenges.

We are committed to resolving issues amicably. If needed, you can escalate to relevant authorities, such as the Bangladesh Telecommunication Regulatory Commission (BTRC) for local matters or the U.S. Federal Trade Commission (FTC) for COPPA violations.