Privacy Policy

Effective Date: January 1, 2026 · Last updated: January 1, 2026

Verydash (“Verydash”, “we”, “us”) operates the Verydash EduProplatform (the “Service”). This policy explains what information we handle, how we use it, and the choices and rights available to you. It applies to our website and the Service. Where an institute uses the Service to manage its students, parents, and staff, this policy works alongside that institute's own privacy notice.

1. Our Role: Controller and Processor

The Service is multi-tenant. For data an institute uploads or generates about its students, guardians, and employees (“Tenant Data”), the institute is the data fiduciary/controller and Verydash acts as a data processor that processes such data only on the institute's instructions. For account, billing, and website-usage data we collect directly from account holders and visitors, Verydash is the controller. If you are a student or parent, please direct data requests to your institute first.

2. Information We Collect

  • Account & contact data: name, email, phone number, role, and authentication data.
  • Tenant Data: student, guardian, and staff records, admissions, attendance, academics, fees, payroll, and communications managed by an institute through the Service.
  • Payment data: transaction metadata and references. Card/UPI/bank details are processed directly by our payment gateway [Razorpay] and are not stored by us.
  • Technical & usage data: device, browser, IP address, log and diagnostic data.

3. Children's and Student Data

The Service is used by schools and is not directed to children for direct sign-up. Records about minors are processed on behalf of the institute. Under the Digital Personal Data Protection Act, 2023, obtaining any verifiable parental/guardian consent required for processing a child's personal data is the responsibility of the institute as data fiduciary. We do not knowingly use children's data for tracking, behavioural monitoring, or targeted advertising.

4. How We Use Information

To provide, secure, maintain, and improve the Service; to authenticate users; to process payments and send transactional notifications (e.g. fee receipts, OTPs); to provide support; to detect and prevent fraud and abuse; and to comply with legal obligations. We do not sell personal data and do not use Tenant Data for advertising.

5. Legal Bases & Consent

We process personal data on the bases permitted by applicable law, including the institute's or your consent, performance of a contract, and our legitimate interests in operating and securing the Service. Where we rely on consent, you may withdraw it at any time (this will not affect processing already carried out).

6. Sharing and Sub-processors

We share data only with vendors who process it on our behalf under contractual confidentiality and security obligations, and never sell personal data. Our current categories of sub-processors are:

  • Cloud hosting & storage: [Amazon Web Services / S3]
  • Managed database: [Neon]
  • Payment gateway: [Razorpay]
  • SMS / OTP delivery: [MSG91]
  • Error monitoring: [Sentry]

We may also disclose information where required by law or to protect the rights, safety, and security of our users and the Service.

7. Data Retention

We retain Tenant Data for as long as the institute's account is active and as instructed by the institute. On termination, Tenant Data is deleted or returned in line with our Terms of Service, subject to backups expiring on their normal cycle and any retention required by law. Account and billing records are kept as long as needed for legal, accounting, and audit purposes.

8. Security

We apply technical and organisational measures appropriate to the risk, including logical tenant isolation, encryption of sensitive personal identifiers at rest, encryption in transit (TLS), role-based access control, and audit logging. No method of transmission or storage is completely secure, but we work to protect information against loss, theft, misuse, and unauthorised access.

9. Your Rights

Subject to applicable law, you may request access to, correction of, or erasure of your personal data, and you may raise grievances about our processing. If your data is Tenant Data, please contact your institute, which controls that data; we will assist the institute in responding. To exercise rights over data for which we are the controller, contact us using the details below.

10. Data Location and Transfers

Data is hosted with the providers listed above and may be processed in the regions where those providers operate. Where data is transferred across borders, we take steps to ensure it remains protected consistent with this policy and applicable law.

11. Data Breach Notification

If a personal data breach occurs, we will notify affected institutes and, where required, the relevant authority and affected individuals, without undue delay and in accordance with applicable law.

12. Changes to This Policy

We may update this policy from time to time. Material changes will be notified through the Service or by email, and the “Last updated” date above will be revised.

13. Grievance Officer & Contact

For privacy questions or to raise a grievance, contact our Grievance Officer, [GRIEVANCE OFFICER], at dhananjaylahre@gmail.com. Postal address: Verydash, [REGISTERED ADDRESS].