Last updated: Asar 2083 (June 2026)
Effective Shrawan 1, 2082 (July 2025) · Last updated Asar 2083 (June 2026)
At Gurukul, we take your privacy seriously. This Privacy Policy explains what information we collect when you use our school management platform, why we collect it, how we protect it, and the choices you have. It applies to every type of user - school administrators, principals, teachers, accountants, parents, and students - and to every part of the Service, whether accessed through the web app or our APIs.
Gurukul acts as a data processor on behalf of the schools that subscribe to the Service. Each school remains the data controller of its students' records and decides how that data is used within the platform. We process student data only on the documented instructions of the school, and we do not use it for our own independent purposes such as advertising or profiling.
Throughout this policy, "we", "us", and "Gurukul" refer to Gurukul Educational Systems, and "you" refers to any person who uses the Service. By using our Service, you consent to the data practices described here. If you do not agree with any part of it, please discontinue use of the Service.
We collect the following categories of information so that the Service can function for your school:
Account information. Name, email address, phone number, password (stored only as a salted hash, never in plain text), role, and the school you belong to.
School information. Institution name, address, registration and affiliation details, logo, and configuration preferences such as your academic calendar, grading scheme, and fee structure.
Student & academic data. Student profiles, photographs, attendance records, marks and report cards, lesson plans, examination data, and parent/guardian contact details - entered and managed by the school.
Financial data. Fee structures, invoices, payment history, credits, and payment proofs. We do not store full card numbers; online payments are handled by our payment processors, who receive card details directly.
Communications. Messages, announcements, and notifications sent through the platform, along with delivery and read status where applicable.
Automatically collected data. Device and browser type, IP address, approximate location, and anonymized usage analytics (which features are used, response times, error logs) that help us keep the platform fast and reliable.
We use the information we collect only for purposes that support running the Service for your school:
We do not use student data to train general-purpose machine-learning models for our own benefit, and we do not sell or rent it to anyone.
We apply industry-standard safeguards to protect your data:
We also limit internal access to production data to a small number of authorized engineers, and only for maintenance, support, or incident response. No system is perfectly secure, but we work continuously to protect your data and will notify affected schools without undue delay if a breach is ever likely to affect their data.
Our Service is designed for use by educational institutions, which inevitably means processing the data of students who may be minors. We collect and process children's data only as directed by the school and in compliance with applicable child-protection laws.
Schools are responsible for obtaining any necessary consent from parents or guardians for the collection and use of student data within Gurukul. Parents and guardians may exercise a student's privacy rights - such as access or correction - through the school or by contacting us.
We do not knowingly use children's data for any purpose other than delivering the Service to the school, and we never use it for marketing or behavioural advertising. We collect from students only the data needed to run the educational features of the platform.
We retain personal data for as long as your school's account is active and as needed to provide the Service. Academic records may be retained for longer where required by educational regulations or to preserve a student's historical record.
When a school's subscription ends, its data is retained for 90 days to allow for export, after which it is securely deleted unless a longer retention period is required by law. Backups are rotated on a fixed schedule and purged automatically. Anonymized, aggregated analytics that cannot identify any individual may be retained indefinitely to help us understand and improve the Service.
Depending on your role and location, you may have the right to:
Many of these actions can be performed directly by your school administrator. For anything else, contact us using the details in the final section and we will respond within 30 days. We will not charge you for exercising these rights except where a request is manifestly unfounded or excessive.
Gurukul primarily stores and processes data on cloud infrastructure selected for performance and reliability. Some of our service providers - for example, hosting, storage, email, and analytics vendors - may process data on servers located outside Nepal.
Where data is transferred across borders, we take steps to ensure it remains protected to a standard consistent with this policy, including contractual safeguards with our providers that require them to keep your data confidential and secure. By using the Service, you understand that your data may be processed in the locations where we and our providers operate.
To deliver the Service, we rely on a small set of carefully chosen sub-processors, each engaged under contractual terms that require appropriate security and confidentiality. These typically include:
These providers may only process data on our instructions and for the purpose of supporting the Service. We review our providers periodically and update our practices as our infrastructure evolves.
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy here, refresh the "Last updated" date, and - where appropriate - notify you by email or an in-app notice before the changes take effect.
We encourage you to review this policy periodically to stay informed about how we protect your data. Your continued use of the Service after an update takes effect means you accept the revised policy.
If you have questions about this Privacy Policy or our data practices, contact our privacy team:
We respond to all data-related requests within 30 days.