Legal
Privacy Policy
Effective date: 23 June 2026. This policy explains how Sevabharathi Trust (R.) and Sevabharathi Vidya Kendra (R.) collect, use, and protect personal information in accordance with the Information Technology Act, 2000, the IT (Reasonable Security Practices) Rules, 2011, and the Digital Personal Data Protection Act, 2023.
1. Who We Are
This website (sevabharathi-tth.school) and the school management system are operated by:
- Sevabharathi Trust (R.) — 'Prerana' Sangha Office, Kuvempu Road, Thirthahalli – 577432, Karnataka. PAN: AABTS7349R
- Sevabharathi Vidya Kendra (R.) — Raghavendra Badavane, Thirthahalli – 577432, Karnataka. PAN: AAYTS7813H
Together referred to as "we," "us," or "the School."
2. What We Collect
We collect different data depending on how you interact with us:
A. Students & Guardians (admission & enrolment)
- Full name, date of birth, gender, religion, caste category (SC / ST / OBC / GM), SATS ID
- Aadhaar number — collected for government reporting (DISE, scholarship); stored encrypted at rest using AES-256 (Fernet); never returned in full from any API
- Medical information (blood group, disabilities, allergies)
- Guardian name, relationship, phone number, email, address
- Bank account number and IFSC (guardian's, for scholarship / refund disbursement only)
- Student photograph and scanned documents (stored on Cloudflare R2; accessible only to authorised staff)
B. Donors
- Donor name, phone, email, address
- PAN or Aadhaar number (for 80G tax exemption receipts)
- Donation amount, payment mode, purpose
C. Staff (school management system login)
- Email address and hashed password (via Better Auth)
- Role (admin / headmaster / teacher)
- Action logs (who recorded a fee payment, who edited a record)
D. Public website visitors
- We do not use Google Analytics, Meta Pixel, or any third-party tracking on public pages.
- The Contact page map is served by OpenStreetMap (openstreetmap.org) — your IP address is sent to OSM tile servers when the map loads. OSM's Privacy Policy.
- No personal data is collected from visitors who do not interact with the staff portal.
3. Why We Collect It
| Data / Recipient | Purpose / Basis |
|---|---|
| Student & guardian data | Government enrolment records, scholarship processing, fee management, Transfer Certificates, statutory reporting (DISE / UDISE) |
| Aadhaar | Required by Karnataka state government for DISE reporting and scholarship disbursement only |
| Medical info | Staff awareness for student safety; not shared with third parties |
| Bank account | Scholarship / refund transfers to guardian; not used for any other purpose |
| Donor PAN / Aadhaar | 80G income-tax deduction receipts as required under the Income Tax Act, 1961 |
| Staff login data | System access control and audit trail |
4. Storage & Security
- Database: Student and donor records are stored on Neon (neon.tech), a managed PostgreSQL service. Data is encrypted at rest and in transit (TLS 1.2+). Neon servers are located outside India; see Section 5 for cross-border transfer details.
- File storage: Student documents and photographs are stored on Cloudflare R2 (cloudflare.com), a global object-storage service. Access requires a server-generated signed URL with a short expiry — direct public access is not possible.
- Application hosting: The school ERP is hosted on Vercel (vercel.com) with servers outside India.
- Aadhaar encryption: All Aadhaar numbers are encrypted using industry-standard Fernet symmetric encryption before being stored. The raw number is never logged or returned by any API — only the masked form (XXXX-XXXX-1234) is displayed to authorised staff.
- SPDI encryption: Bank account numbers and medical information (allergies, conditions, medications) are encrypted using the same standard before storage. These are never returned in plaintext to any API client.
- Access control: Role-based — only admin and headmaster roles can view sensitive financial data; teacher role is limited to class-level data.
- Passwords: Never stored in plaintext; hashed using a modern adaptive algorithm before storage.
- Transport: All connections use HTTPS (TLS). HTTP requests are automatically redirected to HTTPS.
We follow the security practices prescribed under Rule 8 of the IT (Reasonable Security Practices) Rules, 2011.
6. Data Retention
- Student records: Retained for the period required under the Right to Education Act, 2009 and Karnataka state education rules (minimum 7 years after graduation).
- Fee & donation records: Retained for 7 years as required under the Income Tax Act, 1961.
- Staff login data: Deleted within 30 days of account termination on written request.
- Soft-deleted records: Donation void records and deletion requests are retained in audit logs for 7 years for legal accountability; they are not accessible in the normal interface.
7. Your Rights
Under the Digital Personal Data Protection Act, 2023 (DPDPA), individuals whose data we hold ("Data Principals") have the right to:
- Access — request a summary of personal data we hold about you or your child. Email us with subject: "Data Access Request — [Student Name]". We will respond within 7 days.
- Correction — request correction of inaccurate data. Email us with subject: "Data Correction Request — [Student Name]" and specify the field and correct value.
- Erasure — request deletion of data no longer required for its original purpose (subject to statutory retention obligations under RTE Act and Income Tax Act). Email us with subject: "Data Deletion Request — [Student Name]".
- Grievance — raise a complaint with our Grievance Officer (see Section 10). We acknowledge within 48 hours and resolve within 30 days.
- Nominate — nominate another person to exercise these rights on your behalf in the event of death or incapacity.
Send all data rights requests to the Grievance Officer at hello@sevabharathi-tth.school with the appropriate subject line as described above. General enquiries: Data Request — [Student Name].
9. Children's Data
Because we are a school, the majority of personal data we hold belongs to students who are minors. This data is provided by parents or guardians at the time of admission, and collection is necessary to fulfil the school's statutory obligations under the Right to Education Act, 2009 and Karnataka state education regulations.
We do not collect children's data for commercial purposes and do not disclose it to any party outside of the statutory purposes described in Section 5.
10. Grievance Officer
As required under Rule 11 of the IT (Reasonable Security Practices) Rules, 2011, we have designated a Grievance Officer to address any complaints or concerns related to this Privacy Policy or the processing of personal data:
Grievance Officer — Sevabharathi Trust (R.) & Sevabharathi Vidya Kendra (R.)
Headmaster, Sevabharathi Higher Primary School
Soppugudde, Thirthahalli – 577432, Shivamogga District, Karnataka
Grievances will be acknowledged within 48 hours and resolved within 30 days of receipt.
11. Changes to This Policy
We may update this policy to reflect changes in law or our practices. The effective date at the top of this page will be updated accordingly. Continued use of the website or enrolment in the school after any change constitutes acceptance of the updated policy.
For questions not covered here, contact us at hello@sevabharathi-tth.school or visit the Contact page.