Privacy Policy for Adhyora

Effective Date: January 1, 2026
Last Updated: June 1, 2026

1. Introduction

This Privacy Policy explains how Pixelaks Technologies collects, uses, stores, and protects information within the Adhyora Academic Management System. Adhyora is a cloud-based platform for Higher Education Institutions that enables attendance management, internal assessment tracking, student fee collection, in-app communication, timetable management, and related academic administration workflows.

By accessing or using Adhyora, the Institution and its authorized users (Principals, Admins, Teachers, and Students) agree to the data practices described in this Policy. This Policy is designed to comply with the Digital Personal Data Protection Act, 2023 (DPDPA) of India and applicable data protection laws.

2. Relationship Disclosure

For the purposes of this Privacy Policy:

• The Institution is the Data Fiduciary (Data Controller) and retains full ownership and authority over all academic, personal, and financial data entered into Adhyora. The Institution is responsible for ensuring lawful collection and use of all data entered into the platform, including obtaining any required consents from users and students.
• Pixelaks Technologies operates as the Data Processor and processes this data solely on behalf of the Institution, in accordance with the Institution's instructions and the intended operation of the platform. Pixelaks Technologies does not independently determine the purpose or means of processing institutional data.

3. Information We Collect

Adhyora collects and processes the following categories of information strictly for academic and administrative purposes:

3.1 Principal / Admin Data

• Name, email address, department, and institutional role.
• Login activity, administrative action logs, and session records.
• Device identifiers including FCM tokens for mobile push notifications and web push tokens for browser notifications.
• Active session identifiers used to manage and secure simultaneous logins across multiple devices.

3.2 Teacher / Faculty Data

• Name, department, subject assignments, and batch allocations.
• Attendance entries made, internal marks records submitted, and timetable allocations.
• Substitute teaching assignments and scheduling records.
• Device identifiers (FCM tokens, web push tokens) and active session records across devices.
• In-app messages sent or received within the platform, including message content, sender identity, and timestamps.

3.3 Student Data

• Name, institutional roll number, student ID, department, year, and batch.
• Attendance records including subject-wise attendance percentages, event attendance, and daily period-level logs.
• Internal assessment marks, Continuous Evaluation (CE) scores, test marks, assignment marks, and academic performance reports.
• Medical leave applications, including leave start dates, end dates, and details submitted by the student or institutional staff. This data is treated as sensitive personal information.
• Fee payment records including payment history, transaction IDs (Razorpay Order ID and Payment ID), payment amounts, due dates, fee type, and subscription-linked receipts.
• Device identifiers (FCM tokens, web push tokens) used for academic and institutional notification delivery.
• Active session identifiers used to manage login sessions across devices.
• In-app messages and broadcast notices received from the institution.

3.4 Institutional Operational Data

• Departmental structures, academic calendars, semester configurations, and subject listings.
• Timetable allocations, batch assignments, room assignments, and substitute teacher records.
• Broadcast notices and private in-app communication records, including message title, body text, sender identity, sender role, and timestamps.
• Subscription and payment records including Razorpay Order IDs, Payment IDs, payment verification signatures, plan types, amounts paid, and subscription validity periods.

3.5 Technical and Security Data

• Device operating system information and browser type collected for compatibility and security purposes.
• Security logs, access attempt records, and system integrity monitoring data.
• Firebase Authentication tokens used to verify and maintain secure user sessions.

4. Purpose of Data Processing

Pixelaks Technologies processes data solely to provide, operate, maintain, and improve the Adhyora platform for the benefit of the Institution and its users:

• Attendance Management: Processing and storing attendance entries made by teachers, computing subject-wise and institution-wide attendance percentages, and maintaining daily period logs per student.
• Internal Assessment: Recording Continuous Evaluation (CE) marks and generating student academic performance summaries and reports.
• Medical Leave Processing: Storing and displaying medical leave applications to allow administrative review and attendance record adjustments where applicable.
• Fee Collection: Processing student fee payments through the integrated Razorpay payment gateway, storing transaction records, generating payment receipts, and maintaining payment history for institutional reference.
• In-App Communication: Enabling Principals and Admins to send broadcast announcements and private messages to teachers and students, and retaining message records for delivery confirmation and historical reference.
• Push Notifications: Using FCM tokens and web push tokens to deliver academic updates, attendance alerts, fee reminders, and institutional announcements to users' registered devices.
• Timetable and Scheduling: Managing timetable allocations, subject-teacher assignments, batch configurations, and substitute teacher scheduling.
• Role-Based Access Control: Ensuring each user can access only data relevant to their assigned role and department within the Institution.
• Session Security: Tracking active login sessions per device to prevent unauthorized access and to allow users or admins to terminate sessions remotely when necessary.
• Institutional Monitoring: Enabling Principals and Admins to monitor academic activity, teacher records, and student progress across the institution.
• Service Improvement: Using aggregated, de-identified operational data to improve platform performance, resolve technical issues, and develop new features.

5. Data Sharing and Third Parties

Pixelaks Technologies does not sell, rent, or share institutional or personal data with any third-party advertisers, analytics providers, or external organizations for commercial purposes. Data is shared only in the following strictly limited circumstances:

• Google Firebase (Cloud Infrastructure): Adhyora uses Google Firebase for secure cloud database storage (Firestore), user authentication, and push notification delivery (Firebase Cloud Messaging / FCM). Firebase processes data under Google's strict confidentiality and security standards and is compliant with international data protection frameworks. For further details, please see the Firebase Privacy and Security documentation.
• Razorpay (Payment Processing): For Institutions that have enabled the online student fee collection feature, payments are processed through Razorpay Payment Solutions Private Limited, a PCI-DSS compliant payment gateway. Transaction data including Razorpay Order IDs, Payment IDs, and verification signatures are transmitted to and stored by Razorpay in accordance with their own privacy policy. Pixelaks Technologies does not store raw card numbers, UPI credentials, or bank account details. Institutions and students using the fee collection feature are subject to Razorpay's Terms of Service and Privacy Policy. For details, please see the Razorpay Privacy Policy.
• Legal Compliance: Data may be disclosed if required by applicable Indian law, valid court orders, lawful government directives, or regulatory requirements.

6. Medical and Sensitive Data

Adhyora stores medical leave records submitted by students or entered by institutional staff. This information is treated as sensitive personal data and is subject to the following protections:

• Medical leave records are accessible only to authorized Admins and Principals within the platform, and to the concerned student.
• This data is never shared with any third party except as legally required.
• It is the sole responsibility of the Institution (as Data Fiduciary) to obtain any required student or parental/guardian consent before recording health-related information in the system.
• Pixelaks Technologies does not make any decisions based on medical data; its storage and use within the platform is entirely directed by the Institution.

7. Data Security Measures and Breach Protocol

• Encryption: All data is encrypted in transit using HTTPS/TLS and at rest through Firebase's industry-standard encryption mechanisms.
• Data Isolation: Each Institution's data is logically partitioned at the database level using strict Firebase Security Rules, preventing any cross-institutional access.
• Role-Based Access: Permission rules ensure Principals, Teachers, and Students can only access data relevant to their assigned role and department.
• Session Management: Active login sessions are tracked per device. Users and Admins can invalidate sessions, and the system supports secure remote session termination.
• Payment Security: Fee payment processing is handled end-to-end by Razorpay. Pixelaks Technologies does not handle or store raw payment credentials at any point.
• Monitoring: Continuous monitoring is maintained to detect unauthorized activity and ensure system integrity.
• Breach Notification: In the event of a confirmed security incident that affects institutional data, Pixelaks Technologies will notify the affected Institution without undue delay so that appropriate administrative and legal measures can be taken promptly.

8. Data Retention and Deletion

Data is retained for as long as the Institution maintains an active subscription with Pixelaks Technologies.

• Upon a written request from the authorized Principal or Admin, Pixelaks Technologies will permanently delete all institutional data from our systems within 30 days of receiving the verified request.
• If the subscription remains inactive for more than 30 days without renewal, the Institution's data may be permanently deleted. Reasonable attempts will be made to notify the Institution before deletion occurs.
• Payment transaction records may be retained for a minimum period as required under applicable Indian financial and tax regulations, even after an account deletion request is processed.

9. User Rights and DPDPA Compliance

Under the Digital Personal Data Protection Act, 2023 (DPDPA), users of the Adhyora platform have the right to:

• Access personal data about themselves that is held within the system.
• Request correction or update of inaccurate or incomplete personal information.
• Request erasure of personal data, subject to institutional and legal obligations.
• Raise a grievance regarding the processing of their personal data.

Since the Institution is the Data Fiduciary, users must contact their Institution's administrative office to initiate any such request. Pixelaks Technologies processes these requests strictly upon verified authorization from the Institution's Admin or Principal. For grievances directly concerning Pixelaks Technologies' processing activities, users may contact us directly using the details in Section 16.

10. Limitation of Liability and Service Disclaimer

Service Continuity: The Adhyora software is provided on an "AS IS" and "AS AVAILABLE" basis. While strong industry-standard security, backup, and redundancy measures are maintained via Google Firebase, Pixelaks Technologies does not warrant that the software will be 100% uninterrupted, timely, secure, or entirely free of temporary technical issues.

Exclusion of Consequential Damages: To the maximum extent permitted by applicable law, Pixelaks Technologies shall not be liable for any indirect, incidental, special, consequential, or exemplary damages — including but not limited to loss of institutional data, academic downtime, failed or disputed fee transactions processed through third-party gateways, or loss of goodwill — arising from the use of or inability to use the platform.

Maximum Liability Cap: In any event, the total collective liability of Pixelaks Technologies for any legal claims, losses, or causes of action shall be strictly limited to the total amount actually paid by the Institution to Pixelaks Technologies for the software subscription during the twelve (12) months immediately preceding the event giving rise to liability.

11. Children's Privacy and Consent

Adhyora is designed strictly for Higher Education Institutions and is not targeted at children under the age of 18 as a primary user base. However, the platform may incidentally store academic records of students who are minors, as permitted under Indian higher education age norms.

Pixelaks Technologies does not knowingly collect personal data directly from minors without institutional mediation. It is the sole responsibility of the Institution (as Data Fiduciary) to ensure that any necessary institutional authorization or parental/guardian consent, as required under applicable data protection laws, has been obtained before creating or managing student profiles for minors within the system.

12. Cookies and Analytics

The Adhyora mobile and web applications do not use advertising cookies, third-party tracking pixels, or external analytics tools that collect personal data. The only data stored locally on users' devices consists of authentication tokens and device push notification tokens required for core platform functionality and secure session management.

13. Discontinuation of Service

In the event that the Adhyora service is permanently discontinued, all Institutions will be notified with reasonable advance notice and provided a fair opportunity to export their academic and financial data before shutdown. Pixelaks Technologies will not be liable for any losses arising from service discontinuation after such notification has been given.

14. Governing Law and Jurisdiction

This Privacy Policy and the relationship between Pixelaks Technologies and participating Institutions shall be governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023 (DPDPA). Any legal disputes or proceedings arising out of this Policy shall be subject to the exclusive jurisdiction of the courts in Thalassery, Kannur, Kerala.

15. Changes to This Privacy Policy

Pixelaks Technologies may update this Privacy Policy periodically to reflect changes in platform features, applicable law, or data processing practices. Institutions will be notified of significant updates via the platform or through their registered contact details. Continued use of Adhyora following the publication of any such update constitutes acceptance of the revised Policy.

16. Contact Us and Grievance Redressal

In compliance with the Digital Personal Data Protection Act, 2023 (DPDPA), if you have any questions, concerns, or privacy grievances regarding how data is collected or processed under this Policy, please contact our designated point of contact:

Pixelaks Technologies
Grievance and Data Protection Contact: Anagh K Satheesh
Email: pixelaks.technologies@gmail.com
Address: Thalassery, Kannur, Kerala, India
Response Commitment: We aim to acknowledge all privacy grievances within 72 hours and to resolve them within 30 days of receipt.