Privacy Policy

1. Scope

This policy applies to personal data processed through the ExoPrep Portal, including organization administration, student records management, timetable workflows, and subscription/billing interactions.

2. Information We Collect

We may collect and process:

• Account Information: name, email address, login method, organization affiliation.
• Authentication Data: identity and session details via authentication providers (for example, Firebase Authentication).
• Organization Data: organization details, members, locations, preferences.
• Student Data: student profile information, enrollment details, attendance, fee schedules, payment status, and related administrative records entered by authorized users.
• Billing Data: subscription plan details, transaction references, and billing events (payment processing may be managed by third-party processors such as Razorpay).
• Technical Data: device/browser metadata, IP address, logs, timestamps, and usage events for security and operational monitoring.

3. How We Use Information

We use information to:

• provide and operate the Service;
• authenticate users and secure accounts;
• process subscriptions and billing events;
• enable dashboard analytics and operational reporting;
• maintain and improve product performance and reliability;
• comply with legal obligations and enforce our terms.

4. Legal Basis for Processing

Depending on applicable law, we process data under one or more of the following bases:

• contract performance (providing the Service);
• legitimate interests (security, fraud prevention, improvements);
• legal obligations (compliance, tax/accounting records);
• consent, where required.

5. Data Sharing and Disclosure

We may share data:

• with service providers and infrastructure partners supporting authentication, hosting, analytics, communication, and payments;
• with authorized users inside your organization according to role/access permissions;
• where required by law, court order, or lawful government request;
• during business transfers (merger, acquisition, restructuring), subject to appropriate safeguards.

We do not sell personal data for monetary consideration.

6. Third-Party Services

The Service relies on third-party providers, including:

• authentication services (for example, Firebase);
• payment gateways/processors (for example, Razorpay);
• mapping/UI libraries and related technical services as needed.

Use of third-party services is subject to their own privacy notices and terms.

7. Data Retention

We retain personal data only as long as necessary for:

• service delivery;
• legitimate business needs;
• legal, tax, audit, and compliance obligations;
• dispute resolution and enforcement.

Retention periods may vary by data category and customer contractual requirements.

8. Data Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction. No system can be guaranteed fully secure; users are responsible for account credential safety and access control.

9. International Data Transfers

If data is transferred across borders, we implement appropriate safeguards as required by applicable law.

10. Your Rights

Subject to local law, you may have rights to:

• access personal data;
• correct inaccurate data;
• delete data;
• restrict or object to certain processing;
• data portability;
• withdraw consent (where processing is based on consent).

To exercise rights, contact us using the details below.

11. Children's Privacy

The Service is intended for organizational and administrative use. Where student data includes minors, organizations are responsible for obtaining required parental/guardian permissions and lawful basis for processing under applicable law.

12. Cookies and Similar Technologies

We may use cookies/local storage or similar technologies for session handling, preferences, security, and performance. Browser settings may allow you to manage cookie behavior, but certain features may not function properly if disabled.

13. Changes to This Privacy Policy

We may update this policy periodically. The "Last Updated" date indicates the latest revision. Continued use of the Service after changes constitutes acceptance of the revised policy, where permitted by law.

14. Contact

For privacy questions or requests:

• Company: ExoPrep
• Email: privacy@exoprep.in

If applicable in your jurisdiction, you may also have the right to lodge a complaint with a relevant data protection authority.