Privacy Policy

Last updated: May 2026

Overview

SaarathiOS is a school operations platform used by school administrators, staff, and parents. This policy explains what personal data we collect, how we use it, and your rights under applicable law including India's Digital Personal Data Protection Act, 2023 (DPDP Act).

Who Uses This App

SaarathiOS is intended for school administrators, teachers, and parents. Student accounts, if created by a school administrator, are managed under the school's supervision. We do not offer direct sign-up to students or children — all accounts are provisioned by a school administrator who is responsible for obtaining appropriate consent for minor users.

Data We Collect

  • Account information — name, email address, and phone number (used for onboarding and account recovery)
  • School data — tasks, tickets, comments, group messages, and file attachments you create within the app
  • Device token — a push notification identifier, collected only if you grant notification permission
  • Audit logs — actions taken within the app (e.g. task status changes) for accountability and security purposes

We do not collect payment information, location data, contacts, or any data unrelated to school operations.

How We Use Your Data

  • To provide and operate the SaarathiOS platform for your school
  • To send push notifications and emails about tasks, tickets, and messages
  • To maintain security, audit logs, and resolve disputes
  • To respond to support requests

We do not sell your data, use it for advertising, or share it with any third party for their own purposes.

Third-Party Services

We use the following services to operate the platform. Each processes only the minimum data necessary for their function:
  • Google Firebase (FCM) — delivers push notifications to Android devices
  • Amazon Web Services — secure cloud hosting and file storage, located in India
  • Resend — transactional email delivery (task and notification emails)
  • Telegram — optional notification channel, used only if configured by your school
Each of these services operates under their own privacy policy and data processing agreements.

Data Storage and Security

All data is stored on secure cloud servers located in India. Access to your data is protected by:
  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Encrypted storage for files and attachments
  • Role-based access controls — users only see data their school administrator has authorised
  • Secure token storage on device

Data Sharing

Your data is accessible only to:
  • Members of your school who have been granted access by your school administrator
  • SaarathiOS technical staff, solely for support and maintenance purposes
  • Law enforcement or government authorities, only when required by applicable law

Data Retention

Your data is retained for as long as your school's account is active. Upon account termination, personal data is deleted within 30 days. Anonymised audit logs may be retained longer for security purposes.

Your Rights

Under the DPDP Act 2023 and applicable law, you have the right to:
  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Withdraw consent for data processing
  • Nominate a person to exercise these rights on your behalf

To exercise any of these rights, contact your school administrator or reach us at skoturwar.work@gmail.com. We will respond within 30 days.

Account & Data Deletion

SaarathiOS is a school-managed platform. All accounts are created and managed by your school administrator — individual users cannot self-register or self-delete accounts. This is intentional to protect school data integrity and comply with institutional data governance requirements.

To request deletion of your account and associated data:

  1. Contact your school administrator — they can remove your account directly from the SaarathiOS admin panel. This is the fastest path.
  2. Email us directly at skoturwar.work@gmail.com with your name, school name, and registered email address. We will coordinate with your school administrator and confirm deletion within 30 days.

What gets deleted:

  • Your account profile (name, email, phone number)
  • Your device notification token
  • Any personal messages or comments you authored

What may be retained:

  • Anonymised audit logs — records of actions (e.g. "a task was closed") are retained without your personal identifiers for up to 12 months for security and compliance purposes
  • School-owned content (tasks, tickets, files) that you created remains visible to your school; your name is removed from authorship records

If your school's account is terminated entirely, all associated personal data is deleted within 30 days of termination.

Data Breach Notification

In the event of a data breach that is likely to affect your rights or interests, we will notify affected users and, where required, the relevant authorities within the timeframe prescribed by applicable law.

Changes to This Policy

We may update this policy periodically. When we make material changes, we will notify you via the app or email before the changes take effect. Your continued use after that notice period constitutes acceptance of the updated policy.

Contact

For privacy-related questions or to exercise your rights:
skoturwar.work@gmail.com