Privacy Policy

We use collected information to:

• Provide, operate, and maintain the Platform and its 13 services
• Authenticate your identity and manage your unified profile across services
• Process payments and manage subscriptions (via Paddle for platform-level, via institution gateways for institution-level)
• Enable real-time features (messaging, notifications, live attendance, exam proctoring)
• Generate analytics and reports for institutions (attendance trends, grade distributions)
• Send service-related communications (notifications, alerts, announcements)
• Improve the Platform through usage analytics and feedback
• Enforce our Terms of Service and protect against misuse
• Comply with legal obligations

We do NOT sell your personal data. We share information only in these circumstances:

We implement robust security measures to protect your data:

• Encryption at rest: AES-256-GCM for sensitive financial data
• Encryption in transit: TLS/SSL for all communications
• Webhook verification: HMAC-SHA256 signature validation for all payment webhooks
• Multi-tenant isolation: Each institution's data is logically isolated; all queries are filtered by institution ID
• Role-based access: Strict authorization controls (Supreme Admin, Institution Admin, Teacher, Student, Parent)
• Soft deletion: Data is soft-deleted (recoverable) before permanent removal
• Rate limiting: Redis-based rate limiting to prevent abuse

We use cookies and local storage for:

• Authentication: Session cookies to keep you signed in (NextAuth session)
• Preferences: Theme settings (dark/light mode), language preferences
• Real-time: WebSocket connection state (Socket.IO)
• Analytics: Anonymous usage patterns to improve the platform

You can control cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.

Active accounts: We retain your data for as long as your account is active.

Deleted accounts: Upon account deletion, personal data is removed within 30 days, except where retention is required by law (e.g., financial records for tax compliance are retained for the legally required period).

Institution data: Academic records may be retained for longer periods as required by educational regulations and institution policies.

Cache data: Redis cache entries expire automatically based on configured TTL values (5 minutes to 7 days depending on data type).

Depending on your jurisdiction, you may have the right to:

• Access — Request a copy of the personal data we hold about you
• Rectification — Request correction of inaccurate personal data
• Erasure— Request deletion of your personal data ("right to be forgotten")
• Portability — Request your data in a portable format
• Restriction — Request limitation of processing
• Objection — Object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@edumatrixinterlinked.com. We will respond within 30 days.

Users under 13 may only access the Platform through their institution's account, with parental or guardian consent. We do not knowingly collect personal information from children under 13 without verifiable parental consent.

Parents can review, update, or delete their child's information through the Parent Dashboard or by contacting us.