Introduction
Welcome to Eduflow's Privacy Policy. This policy explains how we collect, use, disclose, and protect your personal information when you use our school management system and services.
Who We Are:
- Business Name: Eduflow
- Business Type: Sole Proprietorship (Non-VAT Registered)
- Service: Cloud-based School Management System
- Location: Philippines
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Full name
- Email address
- Password (encrypted)
- School/institution name
- Billing email and contact information
1.2 Student Data (Processed on Behalf of Schools)
Schools using our platform may input student information including:
- Student names, dates of birth, contact details
- Parent/guardian information
- Academic records (grades, attendance, enrollment history)
- Payment records and billing information
- Health information (if provided by the school)
1.3 Usage Data
We automatically collect:
- IP addresses and device information
- Browser type and operating system
- Pages visited and features used
- Login times and session duration
2. How We Use Your Information
We use collected information to:
- Provide and maintain our school management services
- Process payments and manage subscriptions
- Send important notifications and updates
- Improve our platform and user experience
- Ensure security and prevent fraud
- Comply with legal obligations
3. Data Protection for Students
We are committed to protecting student data in accordance with:
- Republic Act No. 10173 (Data Privacy Act of 2012)
- Republic Act No. 10644 (Child Online Protection Act)
- Department of Education (DepEd) data privacy guidelines
Important: Schools retain ownership of all student data and are responsible for obtaining necessary consents from parents/guardians for students under 18 years old.
4. Your Privacy Rights
Under the Data Privacy Act of 2012, you have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Portability: Receive your data in a common machine-readable format
- Object: Object to certain processing activities
5. Data Security
We implement industry-standard security measures including:
- Encryption of data in transit and at rest (SSL/TLS)
- Regular security audits and vulnerability assessments
- Access controls and authentication requirements
- Regular backups and disaster recovery procedures
6. Data Retention
We retain personal data for as long as necessary to provide our services. After account cancellation:
- 30-day grace period for data recovery
- Permanent deletion after grace period
- Some data may be retained longer for legal compliance (tax records: 10 years)
7. Cookies and Tracking
We use cookies and similar technologies to:
- Keep you logged in
- Remember your preferences
- Analyze platform usage
- Improve security
8. Third-Party Services
We use trusted third-party service providers for:
- Payment Processing: Paddle, PayMongo (PCI DSS compliant)
- Cloud Hosting: Secure cloud infrastructure providers
- Email Services: Transactional email delivery
9. Children's Privacy
Our platform is used by schools to manage student information, including minors under 18. Schools are responsible for:
- Obtaining parental consent before providing student data
- Ensuring compliance with DepEd data privacy guidelines
- Notifying parents of their rights under the Data Privacy Act
10. Data Breach Notification
In the event of a data breach affecting student or personal data:
- We will notify affected schools within 72 hours
- We will assist schools in notifying affected individuals and the National Privacy Commission (NPC)
- We will provide details of the breach and remediation steps taken
11. Contact Information
For privacy-related inquiries, contact us at:
- Email: privacy@eduflow.school
- Data Protection Officer: dpo@eduflow.school
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.