Child Data Safety Policy

5.1 Types of Data Collected

• Child Identification Data: Name, age/date of birth, student ID, class/year group, and school name. This is used to identify the child within the platform and ensure parents see the correct child's information.
• Parent/Guardian Contact Data: Name, email, phone number of parents or guardians. Used for account login, sending notifications, and facilitating communication between school and parents.
• Teacher-Recorded Observations/ Journal Entries: Qualitative notes entered by teachers about a child's learning progress, behavior, milestones, or any notable events. These journals help track development and are visible to the child's parents and relevant school staff, if and when the teachers choose to share them in the form of report cards.
• Assessment and Development Data: Any records of a child's developmental assessments, skill checklists, or progress reports entered on Agastya. This might include ratings or descriptions of the child's abilities (e.g., learning areas like language, motor skills).
• Photographs (Media): Photos of children engaged in school activities, taken by teachers or school staff and uploaded to the platform. These images are used to share the child's day with their parents and to document participation in events. Each photo is tagged (manually or via facial recognition) to the specific children in it, so that only their parents/guardians (and authorized school staff) can view it.
• Classroom/ School Updates: General class or school announcements, which may sometimes include group photos or mentions of students (e.g., "Happy Birthday [First Name]" messages, or group activity recaps).
• Meta-data and System Logs: Information like login times, IP addresses, device type, and usage logs. Agastya collects these primarily for security auditing, troubleshooting, and improving the service (e.g., ensuring the system is user-friendly).

Importantly, Agastya does NOT collect:

• Biometric data (fingerprints, facial scans stored as identifiable templates, etc.). The platform's facial recognition for photos does not store biometric identifiers in a retrievable way - it functions in-app without saving any fingerprint of the face that could be extracted or used outside the platform.
• Health or medical data (no records of vaccinations, medical conditions, or health reports are collected by Agastya). If a school needs to note health info, it should be kept in their own records, not on the Agastya platform.
• Any data from the child directly, since children 2-6 do not interact with the platform themselves (no feature requires a child to input data or be recorded speaking, etc., aside from being photographed by teachers in routine school contexts).

5.2 Permissible Uses of Child Data and Media

Agastya may use the collected data only to facilitate:

• Schools and teachers to undertake educational planning and assessment;
• Teacher-parent communication;
• Schools to undertake administration and management activities;
• Schools to tag photos and share with parents: Agastya's facial recognition helps group and tag photos within the platform only, making it easy for a parent to see only their own child's pictures.
• Service improvement: Agastya may use anonymized and aggregated data (that cannot identify any individual child or person) to improve upon its services, and the platform's features, and for rolling out additional features onto the platform.
• Compliance and safety: In certain cases, Agastya may process data to comply with legal obligations or to protect a child's vital interests. For example, maintaining logs to detect unauthorized access (protecting data security), or cooperating with law enforcement if required by law for child safety investigations. Such processing will be limited to what is legally required and proportionate.

5.3 Prohibited Uses of Child Data and Media

Agastya maintains a strict "no tolerance" stance for any misuse of child data. The following uses of children's personal data and media are forbidden:

• No Advertising or Commercial Sale: Agastya will never use a child's personal data or photos for marketing or advertising purposes. The platform is free of third-party advertisements and tracking scripts.
• No Behavioral Tracking or Profiling: The platform does not engage in tracking children's behavior for analytics beyond necessary service metrics, and no profiling is done to evaluate personal aspects of a child (such as behavior, personality, etc.) for any automated decisions.
• No External Sharing Without Consent: Personal data or photos will not be shared with any external entity or individual except with explicit parental (and school) consent or as required by law.
• No Automated Decision Making: Agastya will not use children's personal data in any fully automated decision systems that produce legal or significant effects on the child (for example, no algorithm will decide promotion to the next grade or special services purely on automated analysis).
• No Merging with Third-Party Data: We do not combine the data from Agastya with data from other sources (like social media or other databases) to create detailed profiles on children or families. Each child's data stays within the bounds of the platform's intended use (education and parent updates).
• No Retention beyond Necessity: Data is not kept indefinitely "just in case." We strictly follow our retention policy (detailed later) to delete personal data once it is no longer needed for the purpose it was collected (as per its arrangements with the schools/ educational institutions), unless legally required to retain it.

6.1 Obtaining Verifiable Parental Consent

As Agastya caters to children under the age of 18 years, parental or guardian consent is a legal prerequisite for processing a child's personal data. Agastya expects schools to ensure that consent is obtained in a verifiable and informed manner, in accordance with the applicable laws, given that the schools are the data fiduciaries/ controllers.

6.2 Parental Rights and Control

We uphold strong parental rights over children's data. Parents shall have the following rights and controls:

• Right to Access: Parents/guardians can access the personal data and observations about their child on Agastya at any time (typically via their parent login or by requesting records from the school).
• Right to Rectification: If any information about the child is inaccurate or outdated, the parent can request correction. We encourage schools to validate key personal details at least yearly with parents to ensure accuracy.
• Right to Withdraw Consent: Parents have the right to withdraw their consent at any time under intimation to the school. This means they can request Agastya to stop any further collection or processing of their child's data, under intimation to the school. Upon withdrawal of consent, Agastya will deactivate the child's profile. If consent is withdrawn, certain services will no longer be available for that child.
• Right to Erasure (Right to be Forgotten): Parents may request deletion of their child's personal data from Agastya under intimation to the school. Upon such request, and subject to verification and any legal retention requirements, Agastya will permanently delete the child's personal data and photos from its systems. (Note: We may retain anonymized, non-identifiable information for statistical purposes, and may retain minimal information if required for legal compliance or record-keeping).
• Right to Restrict or Object to Processing: Parents can object to certain types of processing. Parents can communicate such objections through the school, and Agastya will accommodate them if feasible (or explain why the processing is necessary).
• Right to Data Portability: If requested, we can provide the child's data in a structured, commonly used electronic format (e.g., a PDF of reports, a zip file of all photos, CSV of basic info) so that the parent or school can transfer it to another service or simply keep it for personal records.

To exercise any of these rights, parents are advised to contact their school (as the first point of contact), given that the schools are the data fiduciaries/ controllers of the children's personal data. Under intimation to the school, they can also contact Agastya's support or our Data Protection/Grievance Officer (contact information provided in our Privacy Policy). Where requests are directly made to Agastya, we will work with the schools to facilitate the schools to uphold your rights, in accordance with the schools' commitment to you. We reiterate that the primary obligation to uphold your rights vests with the schools, them being the data fiduciaries/ controller. Agastya will provide support to the schools wherever requested.

7.1 Role-Based Access Permissions

Access to child data on Agastya is based on the role of the user:

• Parents/Guardians: A parent or guardian can access only their own child's information and photos. If a parent has multiple children at the same school using Agastya, the accounts are linked so they can switch to view each of their children, but still cannot see any other child's data. Group photos or class updates that include multiple children are handled carefully - see "Media Sharing" below.
• Teachers: A teacher can access data for the students in their own class or courses. If teachers have assistants or co-teachers, similar access can be granted to those roles as needed. Teachers cannot arbitrarily access students from other classes (unless a user has multiple roles, e.g., a teacher who is also acting as an administrator with broader access).
• School Administrators (Principals, Section Heads, etc.):Designated school admin users may have access to all student records within their school on Agastya. It's the school's responsibility to limit which staff members are given admin privileges.
• Agastya Employees: Agastya employees will have access to personal data to be able to provide services to its customers (in this case, the schools). Such access is logged and monitored.
• Third-Party Service Providers: These include cloud hosting providers (Google Cloud Platform), email/SMS gateways for notifications, or analytics services. They do not view data as people, but their systems may process or store it. We ensure these providers have no access beyond what Agastya grants and that they are contractually bound to confidentiality and data protection. For example, Google Cloud engineers cannot see user data in our databases unless we raise a support ticket that explicitly involves them, which is rare and also controlled.
• Child Users: In the current scope (ages 2-6), children do not have accounts or direct access to Agastya.

7.2 Authentication and Account Security

• Secure Login and sessions' security: All users (parents, teachers, admins) access Agastya securely through Google/ Outlook/ Apple SSO or OTP viamobile numbers. We also provide secure protocols. For instance, sessions auto-expire after a period of inactivity.
• Account Management: Schools manage teacher and parent accounts. When a teacher or staff member leaves the school or no longer requires access, the school admin must revoke or deactivate their Agastya account promptly. Similarly, if a child leaves the school, the parent's access to that child's data will be removed or archived, on the basis of the schools' instructions.

7.3 Data Isolation and Sharing Limitations

• School Data Isolation: Each school's data is logically separated in the system. Users from one school cannot access another school's data.
• Media Sharing Controls: Photos and videos uploaded to Agastya are by default only visible to staff of that school. Schools decide the manner in which media may be displayed and/ or visible via the platform.
• Internal Access Limitation: Even within the platform, not all data is visible to all roles.
• Data Export and Third-Party Sharing: If a need arises to export data, such exports are performed by authorized personnel and given only to the authenticated requestor (e.g., to the parent on record or to the new school with parent's permission). We do not allow any third-party app or integration to pull child data from Agastya without the explicit consent from the school and parents.

9.1 Technical Safeguards

• Agastya implements industry-standard technical safeguards to protect child data against unauthorized access, loss, or misuse. We are acutely aware that we are custodians of sensitive information (children's identities and photos) and thus have built strong security controls in our platform and infrastructure. Among others, Agastya utilizes encryption techniques and protocols and employ robust security infrastructure, and network and application security.
• By implementing industry standard technical safeguards, Agastya aims to prevent data breaches and unauthorized disclosures. We continually assess new security threats and best practices, updating our measures accordingly.

9.2 Administrative and Organizational Safeguards

In addition to technical measures, Agastya has strong administrative controls and organizational practices to ensure data privacy and child safety. These measures ensure that the human factors in data handling are addressed - through policies, and oversight. Among others, (a) Agastya executes the requisite data processing agreements with schools, and implements the administrative and organizational safeguards that schools will require us to implement; and (b) Agasya executes requisite contracts and NDAs with its employees, explicitly covering the handling of user and child data; (c) Agastya has built in various internal policies and manuals detailing procedures for data handling, incident response, backup, etc; and (d) Agastya executes requisite agreements with third-parties/ sub-processors wherever required.

9.3 Monitoring, Audits, and Compliance Checks

• Access Logs Monitoring: We maintain detailed logs of who accesses what data within the platform (both user access and admin access). Regularly, our security team reviews logs for any anomalies.
• Audit Trails for Schools: Upon request, the platform provides audit logs for school administrators, to enable schools to see key actions by their staff, such as who uploaded or deleted a photo, who edited a child's profile, etc. This helps schools enforce their own policies and investigate any issues.
• Certification and Standards: We aim to adhere to industry standards for information security and privacy.
• Grievance Officer & DPO Oversight: We have appointed a grievance officer as required by the applicable law to oversee compliance. This officer's name and contact are indicated in our privacy policy.

12.1 School Administrators and Management Responsibilities

• Obtaining Consent: Schools must obtain and document parental consent for each child before using Agastya for that child's data, in accordance with the applicable laws.
• Account Management: School admins are responsible for managing user accounts for their staff and parents. This includes creating accounts, assigning the correct child to the correct parent, and removing access when someone leaves. It's crucial they keep the user roster up-to-date to avoid any unauthorized access.
• Enforcing Staff Compliance: Schools should ensure their teachers and staff using Agastya understand this policy and abide by it. Schools should have the requisite agreements with its teachers and staff; and must train them in relation to handling of the children's personal data. Schools are accountable and responsible for the acts/ omissions of their teachers/ staff.
• Content Oversight: Administrators should periodically review the content (journals, photos) being uploaded for appropriateness. While Agastya provides the platform, the school is closer to, and responsible for the content. If, for instance, a teacher's journal entry is inappropriate or a photo accidentally included a child who shouldn't be photographed, the school should remove it and counsel the staff. Agastya's tools allow deletion of content, but the school oversees doing it appropriately.
• Privacy Communication: The school is often the primary communicator with parents. They should distribute Agastya's privacy notice to parents, explain what the platform is used for, and address any parent questions with help from Agastya if needed. In essence, they act as a liaison to ensure parents are comfortable and informed.
• Device and Classroom Security: Schools must ensure that the devices used to access Agastya (like a teacher's tablet or the classroom computer) are secure. This includes having screen lock passwords, not leaving devices unattended with the app open, and ensuring an updated antivirus on those devices. It's also recommended that teachers log out after finishing using the platform on shared devices. We also recommend schools ensure that the Agastya app or site is accessed only on secure, trusted networks.
• Reporting Issues: If the school becomes aware of any breach or misuse (e.g., a parent reports seeing another child's data, or a teacher reports a stolen device with the app logged in), the school should immediately report it to Agastya so that protective measures can be taken.
• Data Requests: When parents submit requests regarding data (access, deletion, etc.) to the school, the school should facilitate those via the platform's tools or by contacting Agastya support. For example, if a parent asks the school "please delete all my child's photos after the school year," the admin should coordinate with Agastya to honor that.
• Compliance with Law: Schools should comply with all laws applicable to it.

12.2 Parents/Guardians Responsibilities

While Agastya and schools handle the bulk of data protection, parents also play a role in safeguarding their child's information:

• Protect Your Account: Parents should keep their login credentials confidential. They must not share their Agastya parent account with others (even other family members who are not officially a guardian). If parents suspect unauthorized access to their account, they should reset their password and inform the school or Agastya.
• Respect Privacy of Others: Parents should understand that any group photos or class information they see might include other children, and thus should not be shared without consideration. We advise parents not to post pictures from the app on social media unless it's only their child in the picture or they have permission from other kids' parents. Even though this is outside Agastya's direct control, fostering a respectful culture is part of child protection.
• Use Information Appropriately: The data and updates provided via Agastya are for the parent's knowledge and engagement in the child's education. If a parent happens to gain access to other children's data (say, by a glitch), they should report it and not exploit it.
• Provide Updates & Accurate Info: Parents should keep their own contact information up to date on the platform (through the school). If there are changes like a guardian added or removed, they should inform the school so that access can be updated. Accurate info helps ensure only the right people have access to a child.
• Raise Concerns: If parents have any concerns about content on the platform (e.g., they find a particular photo of their child objectionable or a journal entry inaccurate or inappropriate), they should promptly raise this with the teacher or school admin. The school/Agastya can then address it (by perhaps removing the content or correcting the information). Similarly, any suspicion of misuse or a breach should be reported through the grievance channels provided.
• Follow School Guidelines: Schools might have additional media release policies or guidelines (for instance, some schools ask parents to sign agreements about not sharing pictures of other children). Parents using Agastya should adhere to those, understanding that the platform is an extension of the school environment.
• Consent Choices: If a parent is not comfortable with certain features (like photography or certain data being logged), they should communicate this. Agastya through the school often provides settings or workarounds (e.g., opting out of photos). Parents should make these choices known rather than, for example, simply refusing to use the app, so that an informed solution can be found that balances the child's inclusion in class activities and the parent's privacy comfort.

By fulfilling these responsibilities, each stakeholder contributes to a robust environment of trust and safety on the Agastya platform.

13.1 Retention Periods

• Active Enrollment: While a child is actively enrolled in a school using Agastya, their data is retained and updated continuously. This includes profile info, ongoing journal entries, and photos throughout the school year(s). This active data is needed for the platform to serve its function.
• End of School Relationship: When the school intimates regarding the child's graduation or transfer (or if the school ceases to use Agastya), we enter a retention-limited phase. By default, Agastya will retain that child's data for a specified period (as contractually agreed with the school) after the child leaves, in case the school or parent needs to retrieve any records. This grace period is also useful for producing any end-of-school-year portfolios for parents. However, during this period, the data is not accessible on the live platform to general users; it is archived in a secure manner. Parents may request certain information or the school can download archives, but routine access is locked after the student is marked as departed.
• Automatic Deletion: After the retention period post-departure, Agastya will automatically delete or anonymize the child's personal data. Photographs and journal entries will be permanently deleted from the storage, and personal details will be purged from databases or irreversibly anonymized. We ensure deletion across all backups as well (with perhaps a slight delay for backups to cycle out, but no active restoration of deleted data from backups unless needed for disaster recovery, and even then we would re-delete such data).
• Parental Request or Consent Withdrawal: If a parent withdraws consent or requests deletion of their child's data earlier than the schedule, Agastya (upon intimation by the school) will carry out deletion of the requested data within a reasonable timeframe. In such cases, we may keep minimal information to record that a deletion request was fulfilled (to avoid re-creating the data inadvertently, and to have a record for compliance), but not the data itself.
• Legal Requirements: If there is a legal requirement to retain certain data for a longer period, we will do so. The retention schedule will account for any such laws.
• Aggregate and Anonymized Data: Non-identifiable aggregate data (like overall platform usage statistics, or anonymized developmental insights) may be retained indefinitely since it poses no risk to individual privacy and is not restricted or prohibited under any applicable law.

13.2 Deletion Procedures

• User-Level Deletion: The platform provides functionality for school admins (or upon request to Agastya support) to delete a specific child's profile. When executed, this triggers the removal of that child's personal records (name, login, etc.), journal entries, and media from the primary systems. We design the deletion process to cover all linked data. For safety, a deleted record might first go into a "scheduled for deletion" state for a short period (e.g., 7 days) - during which it's inaccessible - in case the deletion was accidental and needs to be reversed. After that buffer, data is permanently expunged.
• Bulk Deletion: At end of an academic year or contract, we can do bulk actions like deleting data for an entire batch of children (for example, all graduates), basis the schools' requirements. We coordinate with schools to confirm which data should be retained (if any) and which should be purged. We may provide the school with an export of data (to store offline in school records if they desire) before deletion, ensuring they have what they need while we remove it from our cloud.
• Backup Deletion: Data in backups and archives is also covered by our policy. We maintain rolling backups (say daily and weekly) that automatically overwrite after a certain period (e.g., 30-60 days). Therefore, if a deletion happens, that data might remain in older backups until those backups cycle out. We do not use backups to restore deleted data except for disaster recovery. In the event we need to restore a backup for system recovery, we will re-delete any data that had been deleted and should not be restored.
• Confirmation to Users: Upon completion of a deletion request (for an individual child), we can provide a confirmation, if requested.

13.3 Special Cases

• Inactive Accounts: If a parent account remains inactive for a long period, we will still go ahead with deletion per the schedule, as per as agreement with the schools. We may send a reminder to the parent's email on file before deletion, giving them a chance to retrieve any memories or data if they wish, and informing them of the impending deletion for transparency.
• Data on User Devices: We cannot delete data that users saved on their own devices (e.g., if a parent downloaded some photos to their phone).
• Legal Hold: If any data is subject to a legal hold (for example, if there's an ongoing investigation or litigation requiring us not to delete data), we will suspend the routine deletion for the specific data and preserve it as required. Once the hold is released, we proceed with deletion.
• If schools require us to retain data: We will continue to retain data that the school instructs us to retain, for record-keeping purposes.

Our goal with retention and deletion is to strike a balance between usefulness of data (for parents and schools) and privacy. By cleaning up data that is no longer needed, we reduce risk and respect the evolving privacy rights of children as they grow older.