Privacy Policy

Last updated: December 06, 2025

1. Introduction

We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This privacy policy explains how we collect, use, store, and protect your information.

2. Information We Collect

Personal Information
  • Account Data: Username, email address, first name, last name
  • Educational Data: School affiliation, department assignments, role within the institution
  • Teaching Data: Lesson plans, session notes, homework assignments, class progress
  • Student Data: Student names (optional, only if teachers choose to add this for homework tracking purposes)
  • System Data: Login timestamps, IP addresses (for security purposes), consent preferences

3. How We Use Your Information

We use the information we collect to:

  • Educational Services: To provide lesson tracking, resource management, and educational analytics
  • Account Management: To manage your user account and provide customer support
  • Security: To protect against unauthorized access and maintain system security
  • Communication: To send important system notifications and updates (only with consent)

4. Legal Basis for Processing

We process your personal data based on:

  • Contractual Necessity: To provide the educational services you've subscribed to
  • Legitimate Interests: To improve our services and maintain security
  • Consent: For marketing communications and optional features
  • Legal Obligations: To comply with applicable laws and regulations

5. Information Sharing

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy. We may share information:

  • With school administrators within your institution (as applicable to your role)
  • With service providers who assist in operating our platform (under strict confidentiality agreements)
  • When required by law or to protect our legal rights

6. Data Security

Technical Safeguards
  • Encryption: All data is encrypted in transit using HTTPS/TLS
  • Access Controls: Role-based access with secure authentication
  • Database Security: Encrypted storage with regular security updates
  • Audit Trails: Comprehensive logging of system access and changes
Organizational Measures
  • Data Minimization: We only collect data necessary for educational services
  • Purpose Limitation: Data is only used for specified educational purposes
  • Retention Policies: Data is retained only as long as necessary
  • Staff Training: Regular data protection training for all personnel

7. Your Rights Under GDPR

If you are in the EU, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can correct inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can limit how we process your data in certain situations.

Right to Data Portability

You can receive your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests.

8. Data Retention

We retain your personal data according to the following schedule:

  • Active User Data: Retained while your account is active and for 1 year after last login
  • Student Data: Retained for 3 years to provide access to data from previous academic years, unless deleted by the institution. Deleted data is immediately lost and cannot be retrieved.
  • Financial Records: Retained for 7 years (if applicable)
  • System Logs: Retained for 90 days for security and troubleshooting purposes
  • Marketing Data: Retained until consent is withdrawn

Note: You can request earlier deletion of your data at any time, subject to legal requirements.

9. Cookies and Tracking

We use essential cookies to:

  • Maintain your login session
  • Remember your preferences
  • Ensure platform security

You can manage cookie preferences through your browser settings.

10. International Data Transfers

Your data is primarily stored and processed within the EU/UK. If data is transferred internationally, we ensure appropriate safeguards are in place to protect your information.

11. Children's Privacy

Our service is designed for use by educators employed within educational institutions. We do not knowingly collect personal information from children under 16 without appropriate institutional consent and safeguards.

12. Changes to This Policy

We may update this privacy policy from time to time. Users will be notified by email of any material changes. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Your Consent Preferences

You can manage your consent preferences at any time through your account settings. This includes:

  • Essential data processing (required for service operation)
  • Analytics and performance monitoring (optional)
  • Marketing communications (optional)

14. Data Protection Officer

For any questions about how we handle your personal data or to exercise your GDPR rights, please contact our Data Protection Officer:

Email: nazhayyan@gmail.com

15. Supervisory Authority

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with your local data protection supervisory authority.

16. Contact Us

If you have any questions about this Privacy Policy, please contact us at nazhayyan@gmail.com

Compliance Status
GDPR Compliant
Data Encrypted
Regular Audits

Data Controller: EduBox Ltd
Last Updated: December 2025

ISO 27001 certification is in progress as we continue to enhance our information security program.