Privacy Policy

1. Introduction

At Wisdom International School & College ("Wisdom," "we," "us," or "our"), we are deeply committed to protecting the privacy and security of our users, including students, parents, guardians, teachers, and administrative staff. This Privacy Policy ("Policy") governs the collection, use, disclosure, storage, and protection of personal information collected through our mobile application ("App"), available on the Google Play Store. The App is designed to facilitate educational services, communication, and administrative functions for our school community.

By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to the terms of this Policy. If you do not agree, please do not use the App. This Policy is intended to comply fully with the Google Play Developer Program Policies, the Family Educational Rights and Privacy Act (FERPA) where applicable, the Children's Online Privacy Protection Act (COPPA) for users under 13, the General Data Protection Regulation (GDPR) for EU residents if relevant, and Bangladesh's Digital Security Act and other local data protection laws.

Scope: This Policy applies only to information collected via the App. It does not apply to information collected through our website, physical school premises, or other offline methods, which are governed by separate policies. We encourage parents and guardians to actively supervise their children's use of the App and review this Policy regularly.

1.1 Compliance with Google Play Policy Updates (Effective October 30, 2025)

As part of our ongoing commitment to user safety, transparency, and compliance, we adhere to the latest Google Play Developer Program Policies. Key updates effective October 30, 2025, include:

• Age-Restricted Content and Functionality: Our App does not include features related to matchmaking, dating, or real money gambling/games/contests. However, to protect minors, we implement Play Console features to restrict access for users under 18 where applicable, in line with child protection standards.
• Health and Medical Functionalities: If targeting EU users, our App incorporates guidance from the Medical Device Coordination Group (MDCG) for any medical device-related features. We clearly label certified medical device apps on Google Play and ensure compliance with EU regulations.
• Accessibility API: We prohibit any use of the Accessibility API that enables autonomous actions, such as changing user settings without consent or manipulating the UI deceptively. Our App uses this API only for legitimate accessibility aids (e.g., screen readers) with explicit user permission.
• Other Updates: We align with clarifications on Malware (now termed "Riskware"), Subscriptions (enhanced disclosure guidelines), and reminders like the 180-day appeal window for account terminations, mandatory Financial Features Declaration, developer verification for app installations, and tools like Play Policy Insights for proactive compliance.

These updates reinforce our dedication to safe, ethical app development. For full details, refer to Google's Policy Deadlines page. If you have concerns about these policies, contact us (see Section 12).

2. Definitions

To ensure clarity, key terms used in this Policy are defined as follows:

• Personal Information: Any data that identifies or can be used to identify an individual, such as names, email addresses, phone numbers, or student IDs.
• Sensitive Personal Information: Data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric information (we minimize collection of such data).
• Children/Minors: Users under the age of 13 (or the applicable age in their jurisdiction), in line with COPPA and similar laws.
• User: Any individual who accesses or uses the App, including students, parents, guardians, and staff.
• Third Party: Any entity other than Wisdom, such as service providers, educational partners, or legal authorities.

3. Information We Collect

We collect only the information necessary to provide our educational services and improve the App. Collection methods include direct input by users, automatic tracking, and integrations with school systems. We prioritize minimizing data collection, especially for children.

3.1 Personal Information Provided by Users

• Student details: Full name, date of birth, grade level, student ID, academic records (e.g., grades, attendance), and emergency contact information.
• Parent/Guardian details: Names, relationship to student, email addresses, phone numbers, and addresses for communication purposes.
• Staff details: Professional information such as employee ID, role, and contact details for internal use.
• Account creation data: Username, password (hashed), and profile preferences during registration.
• Voluntary submissions: Feedback, uploaded documents (e.g., photos of assignments or report cards), or messages sent via in-App chat.

For minors, all personal information is collected only with verifiable parental consent, obtained through secure methods like email verification or signed forms.

3.2 Automatically Collected Information

• Device and App Usage Data: IP address, device type (e.g., Android version), unique device identifiers (e.g., Android ID, Google Advertising ID), app version, crash logs, and session duration. This helps us debug issues and optimize performance.
• Analytics Data: Aggregated, pseudonymized data on App interactions (e.g., features used, time spent on screens) collected via Google Analytics for Firebase. No personally identifiable information is linked without consent.
• Location Data: Only if you explicitly enable location services for features like school event reminders or campus navigation. This is optional and can be disabled in device settings.
• Permissions Data: Access to camera, microphone, or storage only when needed (e.g., for uploading photos) and with user prompt and consent.

3.3 Cookies, Trackers, and Similar Technologies

The App uses essential cookies and local storage for functionality (e.g., remembering login state). We do not use third-party cookies for advertising. You can clear App data or reset advertising IDs via your device settings. For detailed controls, refer to Google's privacy settings.

4. How We Use Your Information

All data processing is lawful, fair, and transparent. We use information for the following purposes, always with a legitimate basis (e.g., contract performance, legal obligation, or consent):

• Educational Services: To deliver core App features, such as viewing grades, submitting assignments, accessing lesson plans, and tracking attendance.
• Communication: Sending notifications about school events, academic updates, emergencies, or parent-teacher meetings via push notifications, email, or in-App messaging. You can opt out of non-essential communications.
• Administrative Functions: Processing enrollments, generating reports, and managing user accounts.
• App Improvement: Analyzing usage patterns to enhance usability, fix bugs, and develop new features. Aggregated data may inform school-wide decisions.
• Security and Compliance: Detecting fraud, enforcing terms of use, and fulfilling legal requirements (e.g., retaining records for audits under education regulations).
• Personalization: Customizing content (e.g., grade-specific resources) with user consent.

We retain data only as long as necessary for these purposes or as required by law (see Section 9 for retention details). Processing occurs on secure servers in Bangladesh, with backups in compliant cloud services.

5. Sharing and Disclosure of Information

Wisdom does not sell, rent, or trade personal information for commercial purposes. Sharing is limited, secure, and purpose-bound:

5.1 Within the School Community

• With authorized school staff (e.g., teachers accessing student grades) under strict access controls and confidentiality oaths.
• With parents/guardians for their child's information, ensuring family-linked access.

5.2 With Third Parties

• Service Providers: Trusted vendors like Google Cloud for hosting, Firebase for analytics, or email services (e.g., SendGrid). They are bound by data processing agreements (DPAs) prohibiting use beyond our instructions and requiring equivalent security measures.
• Educational Partners: Limited sharing with affiliated institutions (e.g., for joint programs) only with user consent and anonymization where possible.
• Legal Disclosures: To comply with court orders, government requests, or to protect rights, property, or safety (e.g., reporting child welfare issues).
• Business Transfers: In case of merger, acquisition, or asset sale, data may transfer to the successor entity, with prior notice and an opportunity to opt out.

5.3 No Sharing for Marketing

We do not share data with third parties for their marketing, advertising, or profiling. For children's data, no sharing occurs without parental consent, and never for behavioral advertising.

6. Children's Privacy

The App primarily serves our school community, where many users are children under 13. We adhere strictly to COPPA and equivalent laws:

• Verifiable Parental Consent: Before collecting personal information from children, we obtain consent from parents/guardians via secure methods (e.g., credit card verification, video call, or signed consent forms). Students cannot create accounts independently.
• No Targeted Advertising: The App does not display ads, and we do not use children's data for marketing or sharing with ad networks.
• Parental Controls: Parents can access, review, delete, or challenge their child's data at any time. We provide tools in the App for parents to manage privacy settings.
• Incidental Collection: If we unknowingly collect data from a child without consent, we will delete it within 10 business days upon discovery.
• School-Sponsored Exemption: Certain internal educational uses (e.g., class assignments) may qualify under COPPA's school-sponsored exception, but we still prioritize privacy.

Parents: To report concerns or request verification processes, contact us immediately (see Section 12). We do not condition participation in school activities on providing more data than necessary.

7. Data Security

Protecting your data is paramount. We employ a multi-layered security framework:

• Technical Measures: Data encryption in transit (TLS 1.3) and at rest (AES-256), secure authentication (e.g., multi-factor where available), and regular vulnerability scans.
• Organizational Measures: Employee training on data protection, access limited to "need-to-know" basis, and annual security audits by independent third parties.
• Incident Response: In the event of a breach, we will investigate promptly, notify affected users within 72 hours (as per GDPR-like standards), and report to authorities (e.g., Bangladesh's ICT Division) as required. Mitigation steps include data isolation and forensic analysis.
• User Responsibilities: You must safeguard your login credentials and report suspicious activity. We recommend using strong passwords and enabling device locks.

While we strive for robust protection, no online system is infallible. Users acknowledge inherent risks and use the App at their own discretion.

8. Your Rights and Choices

We respect your privacy rights under applicable laws. Depending on your location, you (or parents for children) may:

• Access and Portability: Request a copy of your data in a machine-readable format (e.g., JSON or CSV).
• Correction and Update: Amend inaccurate or outdated information via the App or by contacting us.
• Deletion ("Right to be Forgotten"): Request erasure, subject to legal retention (e.g., 7 years for academic records). We delete within 30 days.