Privacy & Data Security Policy
1. Information We Collect
To provide our educational services, we collect specific types of information. This includes Personal Information (PII) such as student names, email addresses, and enrollment data; Educational Records including grades, attendance, and assignment submissions; and Device Information like IP addresses, browser types, and device identifiers for security and audit purposes.
2. educational Use of Data
We use the collected data strictly for educational purposes, including: facilitating platform access, tracking academic progress, generating performance reports, ensuring campus safety via our Shadow Banning and Threat Detection systems, and communicating with authorized users. We do not build profiles of students for non-educational commercial purposes.
3. Compliance & Student Privacy
EduOS is fully compliant with major educational privacy laws. For US institutions, we adhere to FERPA (Family Educational Rights and Privacy Act) and COPPA (Children's Online Privacy Protection Act). For international clients, we align with GDPR principles. We act as a 'School Official' with legitimate educational interests.
4. Data Security
We employ industry-standard security measures to protect your data. This includes AES-256 encryption for data at rest, TLS 1.3 for data in transit, strict Role-Based Access Control (RBAC), and regular security audits. Our infrastructure is hosted on ISO 27001 certified data centers.
5. Data Sovereignty & Sharing
Institutions retain full ownership of their data. EduOS does not sell, rent, or trade student data to third parties. Data is only shared with essential sub-processors (e.g., email delivery services, cloud hosting) bound by strict data processing agreements.
6. Data Retention & Deletion
We retain personal data only as long as necessary to provide the service or as required by law. Institutions may request the deletion of student records at any time. Upon contract termination, all associated data is securely wiped from our systems within 60 days.
7. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, or delete your personal data. Parents and legal guardians can request to review their child's information or have it deleted by contacting their educational institution, which acts as the data controller.