Privacy Policy

We collect the following types of information when you use the An-Nur School app or website:

Personal Information: Name, email address, phone number, and role (admin, teacher, student, parent, or driver) provided during registration.

School Information: School name, class assignments, section details, and academic records as configured by the school administrator.

Location Data: For users with the Driver role, we collect real-time GPS location data to enable transport tracking features. This data is only collected while the driver has actively enabled location sharing.

Device Information: Device type, operating system version, and app version for troubleshooting and compatibility purposes.

Usage Data: Anonymous analytics on app and website usage patterns to help us improve the user experience.

Your data is used for the following purposes:

Authentication & Authorization: To verify your identity, assign the correct role-based permissions, and secure access to your account.

Notifications: To send push notifications about attendance updates, homework assignments, exam results, fee reminders, and school announcements via Firebase Cloud Messaging (FCM).

Attendance Management: To record and display attendance data to authorized users (teachers, parents, admins).

Transport Tracking: To share driver location data with parents and school administrators in real time for student safety.

Academic Management: To facilitate homework assignment, submission, grading, and exam result publishing.

Financial Records: To track fee payments, pending dues, and generate financial reports for administrators.

Cloud Storage: All primary application data is stored on Supabase, which is hosted on Amazon Web Services (AWS) infrastructure. Data is encrypted in transit (TLS/SSL) and at rest.

Local Storage: The app uses Hive for local caching on the device. This data is stored only on your device and is not transmitted to external servers. It is used to enable offline access to previously loaded content.

Credentials: Authentication tokens and sensitive credentials are stored using secure, encrypted storage mechanisms provided by the operating system (Keychain on iOS, Keystore on Android).

The app integrates with the following third-party services:

Supabase Auth: For user authentication, session management, and Row-Level Security (RLS) policy enforcement.

Firebase Cloud Messaging (FCM): For delivering push notifications to users. FCM may collect device tokens and basic device information as described in Google's privacy policy.

Hive (Local Database): For on-device caching only. Hive does not transmit any data externally.

We do not integrate with any advertising networks or third-party analytics platforms that sell user data.

We do not sell, trade, or rent your personal data to third parties.

Data is shared only within the context of the school ecosystem as follows:

- Parents can view their own child's attendance, homework, exam results, and fee status. - Teachers can view attendance and homework data for students in their assigned classes. - Admins have access to all data within their school for management purposes. - Drivers share their location with parents and admins during active transport sessions. - Students can view their own academic data and school notices.

No data is shared across different schools or with external organizations.

You have the following rights regarding your personal data:

Access: You may request a copy of all personal data we hold about you.

Correction: You may request corrections to inaccurate or incomplete personal data.

Deletion: You may request deletion of your account and associated personal data. Upon request, we will delete your data within 30 days, except where retention is required by law or for legitimate school record-keeping purposes.

Data Portability: You may request your data in a commonly used, machine-readable format.

To exercise any of these rights, please contact us at info@annurschool.edu.bd.

An-Nur School is designed for use in educational settings where some users (students) may be minors under the age of 13.

Parental Consent: Student accounts are created by school administrators, not directly by children. Parents/guardians are informed when their child's account is created and have visibility into their child's data through the Parent portal.

COPPA Compliance: We do not knowingly collect personal information from children under 13 without the involvement of their school and parent/guardian. Schools are responsible for obtaining necessary parental consent.

Limited Data Collection: We collect only the minimum data necessary for educational purposes. We do not display advertising or engage in behavioral profiling of minors.

If you believe a child's data has been collected without proper consent, please contact us immediately at info@annurschool.edu.bd.

Active Accounts: Data is retained for as long as the user account remains active and the school maintains its subscription.

Deleted Accounts: Upon account deletion, personal data is permanently removed within 30 days. Anonymized academic records may be retained for school reporting purposes.

Inactive Accounts: If an account remains inactive for more than 12 months, we may contact the user before archiving or deleting the associated data.

Backups: Encrypted backups may retain data for up to 30 additional days after deletion for disaster recovery purposes, after which they are purged.

We implement the following measures to protect your data:

Row-Level Security (RLS): Supabase RLS policies ensure that users can only access data they are authorized to view based on their role and school assignment.

Encrypted Storage: Sensitive credentials are stored using platform-native encrypted storage (iOS Keychain, Android Keystore).

HTTPS/TLS: All data transmitted between the app and our servers is encrypted using HTTPS with TLS 1.2 or higher.

Access Controls: Role-based access controls limit data visibility to authorized users within the school context.

Regular Updates: We regularly update dependencies and review security practices to address known vulnerabilities.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make significant changes:

- We will update the "Last Updated" date at the top of this page. - We will notify users through an in-app notification. - Continued use of the app or website after changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: info@annurschool.edu.bd Phone: +880 1XXX-XXXXXX Address: 123 Education Road, Mirpur, Dhaka 1216, Bangladesh

We aim to respond to all privacy-related inquiries within 7 business days.