ZenScope Privacy Policy
1. Introduction & Overview
ZenScope (“ZenScope”, “we”, “our”, or “us”), operated by ZenScope Technologies Private Limited, provides a comprehensive, AI-powered K-12 school management Software-as-a-Service (SaaS) platform designed for schools, educational boards, and academic institutions in India.
This Privacy Policy governs the processing of personal data collected, stored, and managed through the ZenScope web application, portals, and mobile app. We act strictly as a Data Processor under the instructions of the subscribing academic institution (the School), which functions as the Data Controller under the Digital Personal Data Protection (DPDP) Act, 2023. We are committed to safeguarding the privacy and data of school administrators, educators, staff, parents, and students.
2. Information We Collect
To deliver high-fidelity management modules, ZenScope processes two core categories of information: Institutional Data provided by the school administrators, and Platform Operational Data generated during standard use.
| Institutional Data (School-Provided) | Platform Operational Data (System-Generated) |
|---|---|
| Student Profiles: Full name, roll number, admission number, grade/class, section, academic history, attendance records, behavior reports, and examination scores. | Access & Identity Logs: Unique IP addresses, geographical access locations, login/logout timestamps, device browser types, operating systems, and session durations. |
| Parent & Guardian Details: Parent names, phone numbers, email addresses, permanent addresses, and designated relationship proofs. | Audit Trails: Granular audit logging of all data creations, updates, deletions, and configuration overrides executed by school admins or teachers. |
| Staff & Faculty Personnel: Employment IDs, full names, qualifications, official emails, mobile numbers, department roles, and payroll metadata. | Functional Telemetry: Feature click rates, latency data, user interface interactions, error logs, and operational crash reports. |
| Financial Data: Fee payment records, invoice receipts, pending dues status, and transactional tokens (no direct banking or card details are stored). | Communication Metadata: Timestamps and delivery statuses of transactional in-app chats, announcements, push alerts, and SMS circulars. |
3. How We Use Information
We process school and user data strictly to deliver contracted operations under the Service Level Agreements. These processing purposes include:
- Facilitating the Student Information System (SIS) core academic lifecycle.
- Managing smart attendance, automated fee processing, exam grading, and report card generation.
- Powering the ZenBot AI Academic Engine to deliver classroom-level learning analytics, identify slow-learning patterns, and assist teachers in designing tailored lesson programs.
- Sending instantaneous school announcements, alerts, and GPS updates for school transportation.
- Securing the K-12 multi-tenant environment and auditing administrative access.
4. Data Ownership & Control
We operate on a zero-ambiguity protocol regarding academic ownership:
Schools own their data at all times.
ZenScope holds absolutely no intellectual property claims, rights of sale, or proprietary interest in any student, staff, parent, or administrative records uploaded to our platform.
The subscribing school retains the absolute mandate to download, export, adjust, or request the deletion of any or all institutional records at any point in their subscription lifecycle.
6. Data Storage & Hosting
In compliance with data sovereignty regulations, all ZenScope application files, databases, backups, and user logs are securely hosted in MeitY-empaneled, tier-4 secure data centers physically situated inside India (primarily AWS Mumbai/Hyderabad zones). This layout guarantees zero cross-border data leakage and complies with the data localization provisions of the DPDP Act 2023.
7. Security Measures
ZenScope employs defense-in-depth protocols to maintain the highest levels of security across K-12 operations. Our primary safeguards are outlined below:
AES-256 Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256).
Tenant Isolation
Cryptographic multi-tenant separation to prevent data leakage.
Advanced RBAC
Strict Role-Based Access Controls for admins, teachers, parents.
Intrusion Detection
Continuous anomaly monitoring and 24/7 WAF active shielding.
Immutable Logs
Cryptographically signed logs tracking all critical data changes.
Encrypted Backups
Nightly geo-replicated backups stored with cryptographic signatures.
8. Data Retention & Deletion
We retain institutional records strictly for the duration of the subscribing school's active subscription. Upon termination or expiration of the SaaS agreement:
- The school will have 60 days to download or migrate their academic records in structured format.
- Following this grace period, ZenScope executes automated database purging routines to permanently delete and securely overwrite all copies of the institutional tenant records within 30 days.
- Aggregated, de-identified telemetry data may be retained indefinitely solely for security and performance optimization.
9. User Access & Roles
To prevent unauthorized horizontal or vertical data traversal, ZenScope implements micro-role configurations.
All admin access is logged and auditable.
Any operational access to student and parent directories, payroll listings, or grades is strictly restricted. All support actions by ZenScope personnel require explicit school permission and are recorded in non-repudiable logs.
10. Rights of Data Subjects
Students, parents, and staff members whose records are stored on ZenScope possess distinct statutory rights. Because the school acts as the primary Data Controller:
- Requests for access, correction, update, or deletion of personal data must be officially routed through the subscribing school's administrative office.
- Upon receiving verified instructions from the school administration, ZenScope will process the requested changes within 72 hours.
- We do not respond directly to individual parent or student data requests without school validation, ensuring institutional alignment.
11. Compliance with Indian Laws
ZenScope represents a fully legal, local SaaS construct:
- Digital Personal Data Protection (DPDP) Act, 2023: Operating strictly as a Data Processor under Section 8, utilizing state-of-the-art organizational and technical measures.
- Information Technology Act, 2000: Adhering to standards on reasonable security practices and procedures for sensitive personal data or information (SPDI Rules 2011).
- National Education Policy (NEP) Directives: Designing academic analytics architectures to maintain student identity anonymization and ethical reporting.
13. Third-Party Integrations
ZenScope connects with external utility providers to fulfill core features (e.g., razorpay/UPI payment corridors for fee management, SMS gateways like Twilio/Msg91, and student transport GPS APIs). These utilities only receive necessary, transactional metadata (e.g., student name and bill value for invoice processing) and are legally bound to protect it under corresponding service boundaries.
14. Authorized Sub-processors
To deliver high-availability cloud infrastructure, ZenScope relies on specialized sub-processors:
- Amazon Web Services (AWS) India: Core cloud infrastructure and distributed relational database hosting.
- SendGrid / AWS SES: Secured delivery of transactional, system-generated emails.
- Firebase Cloud Messaging: Standard real-time school announcements and push notifications.
15. Policy Changes & Updates
We reserve the right to revise this Privacy Policy to reflect changing security mandates, operational workflows, or statutory clarifications under the DPDP Act. We will notify the school administrators via registered email at least 30 days prior to applying any material changes, allowing institutional review.
16. Contact & Grievance Officer
In compliance with the Indian Information Technology Rules and the DPDP Act, the contact coordinates of our designated Grievance Redressal Officer are as follows:
Name: Mr. Mahendar Chowdary , Nelluri SaiSaneeth
Entity: ZenScope Technologies Private Limited
Address: Khammam Telangana, 507002, India.
Primary Desk: support@zenscope.in