Privacy Policy

1.1 Account-level data. For data you provide to register and use your individual account (name, email, profile, login credentials, the services you use across the Platform), Edu Matrix Interlinked is the data controller.

1.2 Institution-shared data. For data submitted by or on behalf of an Institution (rosters, grades, attendance, assignments, salary records, fee invoices, parental links), the Institution is the controller and Edu Matrix Interlinkedis the processor. The Institution's privacy notice governs that data; this policy explains our supporting practices.

1.3 Merchant of Record. When you complete a billing transaction, our third-party payment processor (acting as Merchant of Record) is the independent controller for the billing-and-tax data it collects to process your payment. Their privacy notice governs that data and is presented at checkout.

We use personal data to:

• provide and operate the Platform and its 13 services;
• authenticate users, prevent fraud, and protect security;
• deliver notifications (in-app, email, push) about activity relevant to you;
• bill Institutions for the platform Subscription and any Verification Badges they purchase;
• respond to support requests and communicate service updates;
• debug, monitor performance, and improve features through aggregated analytics;
• comply with legal obligations and enforce our Terms of Service.

We do not use Institution-shared content (assignments, grades, attendance, messages, files) to train AI models or for advertising.

• Contract — to provide the Platform you or your Institution requested.
• Legitimate interests — to secure the Platform, prevent fraud, run aggregated analytics, and improve features. We balance these against your rights.
• Consent — for non-essential cookies and certain optional communications. You can withdraw consent at any time.
• Legal obligation — to comply with tax, accounting, and other regulations.

We share personal data only as needed:

• Inside an Institution — your role determines which members can see your Institution data (e.g., a teacher sees their students; a parent sees their linked children).
• Service providers that operate on our behalf under data-processing agreements: our Merchant of Record (third-party payment processor); cloud hosting and storage providers; transactional email senders; error monitoring; CDNs.
• Institution-configured payment gateways (Stripe, Razorpay, JazzCash, EasyPaisa, etc.) when you pay fees through your Institution. The gateway is independently controlled by the gateway provider.
• Legal & safety — to comply with valid legal process or to protect rights, property, or safety.
• Business transfers — in a merger, acquisition, or restructuring, with notice to you.

We do not sell personal data and do not share it for cross-context behavioural advertising.

We operate globally and may transfer personal data to countries outside your home jurisdiction. Where required by law, we use appropriate safeguards: EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, adequacy decisions where applicable, and vendor data-processing agreements.

We retain personal data only as long as we need it for the purposes described in this policy or as required by law:

• Active accounts — while you maintain an account.
• Closed individual accounts — basic record (email, account status) retained up to 12 months for security/audit, then deleted or anonymised.
• Institution data — retained per the Institution's instructions during its Subscription and for up to 90 days after termination to support reactivation, then deleted unless the Institution requests earlier deletion.
• Billing records — retained 7 years to satisfy tax and accounting obligations.
• Server logs — typically 30–180 days for security and debugging.

We use cookies and similar technologies that fall into these categories:

• Strictly necessary — sign-in session, CSRF protection, security. Always on.
• Functional — remember preferences (theme, language, accessibility).
• Analytics — aggregated usage metrics. Off by default in regions requiring opt-in consent.

You can manage cookies via your browser settings. Disabling strictly-necessary cookies will break sign-in and security features.

Depending on your location, you have rights over your personal data, including the right to:

• access the personal data we hold about you and obtain a copy;
• correct inaccurate or incomplete data;
• delete your data (right to erasure / right to be forgotten), subject to legal exceptions;
• restrict or object to certain processing;
• port your data to another service in machine-readable form;
• withdraw consent where processing is consent-based;
• lodge a complaint with your local data-protection authority.

Send rights requests to privacy@edumatrixinterlinked.com. For Institution-controlled data (e.g., your grades or attendance), we will route your request to the Institution as required.

California residents (CCPA/CPRA): in addition to the rights above, you have the right to know the categories and specific pieces of personal information collected, the right to opt out of any “sale” or “sharing” of personal information (we do neither), and the right to non-discrimination for exercising your rights.

The Platform is intended for users 13 and older (or the higher age of digital consent in your country). Where the Platform is used by an Institution to provide services to children below that age, we act under the Institution's documented direction with appropriate parental/guardian consent and applicable laws (e.g., COPPA, FERPA, EU GDPR).

If you believe a child has registered an individual account without proper consent, contact privacy@edumatrixinterlinked.com and we will delete it.

We use industry-standard safeguards: TLS encryption in transit, encryption at rest for sensitive secrets, hashed passwords, role-based access controls, audit logs, and isolated multi-tenant schemas. Card and bank data are collected and stored by our Merchant of Record, not by us.

No system is perfectly secure. If we discover a personal data breach affecting you, we will notify you and the appropriate regulators where required by law.

You can request account deletion from settings or by emailing privacy@edumatrixinterlinked.com. We will delete or anonymise your individual account data within 30 days, except where retention is legally required. Institution data tied to your role inside an Institution will be handled according to the Institution's instructions.

We may update this Privacy Policy when we change features or to reflect legal requirements. Material changes will be notified at least 30 days in advance via email and an in-product notice. The “Last updated” date at the top reflects the latest revision.