Privacy Policy

Last updated: May 2025

Ajvika ("we", "our", "us") — operating as AJVIKAA (MSME/Udyam: UDYAM-AP-17-0064425), Kakinada, Andhra Pradesh — is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, and safeguard data across all our platforms and mobile applications: ajvika.com, school.ajvika.com, guardpro.ajvika.com, brightpath.ajvika.com, track.ajvika.com, labs.ajvika.com, meditrack.ajvika.com, play.ajvika.com, and iot.ajvika.com.

By accessing or using any Ajvika platform — as an institution, administrator, student, parent, guard, driver, or individual user — you agree to the practices described in this policy.

1. Our Platforms & Applications

This policy applies collectively to the following Ajvika services:

  • School ERP (school.ajvika.com) — School management system for administrators, staff, students, parents, and drivers.
  • GuardPro (guardpro.ajvika.com) — Security guard management with duty scheduling, QR checkpoint scanning, geofenced patrols, and selfie attendance.
  • Ajvika Labs (labs.ajvika.com) — B.Tech / M.Tech project repository and mentoring platform for students.
  • MediTrack (meditrack.ajvika.com) — Medicine reminder and health schedule tracking application.
  • BrightPath (brightpath.ajvika.com) — Competitive exam preparation with curated question banks and performance analytics.
  • Bus Tracker (track.ajvika.com) — Real-time GPS student bus tracking with live ETA and SOS alerts for parents.
  • SportBook (play.ajvika.com) — Sports ground and facility slot booking platform.

2. Information We Collect

We collect only the information necessary to deliver each service. This includes:

Information you provide directly: Name, email address, phone number, institutional details, and any content you submit (project uploads, booking details, medicine schedules, etc.).

Information collected automatically: Device type, OS version, IP address, browser type, app usage data, session timestamps, Firebase Cloud Messaging (FCM) device tokens, and crash/error logs.

Information from third-party services: Google Sign-In (name, email, profile photo URL — not your password), Razorpay (payment status and transaction reference ID — not card or UPI credentials).

Platform-specific data collected includes:

  • School ERP: Student roll number, class/section, attendance records, exam scores, fee payment status, and driver GPS location.
  • GuardPro: Guard photo, GPS coordinates, duty selfie images, QR scan timestamps, login logs, and Razorpay subscription data.
  • Ajvika Labs: Institution name, project title, uploaded project files, and progress notes.
  • MediTrack: Medicine name, dosage, reminder schedule, and Aadhaar number (stored as a one-way SHA-256 hash — the original number is never stored).
  • BrightPath: Exam category, test scores, and attempt history.
  • Bus Tracker: Driver name, vehicle number, real-time GPS route, and parent email (OTP verified).
  • SportBook: Booking slot, ground/facility preference, and payment reference.

3. How We Use Your Information

We use collected data to:

  • Authenticate users and manage role-based access across platforms.
  • Provide and improve platform features (attendance, bookings, reminders, tracking, exam scoring).
  • Send push notifications via Firebase Cloud Messaging — reminders, alerts, and announcements.
  • Process payments and manage subscriptions via Razorpay.
  • Provide real-time GPS tracking for student safety (Bus Tracker) and security operations (GuardPro).
  • Respond to support requests and resolve technical issues.
  • Comply with applicable Indian laws and regulations.

We do not use your data for targeted advertising, sell your data to any third party, or build advertising profiles from your platform usage.

4. Data Security

We implement industry-standard security measures across all platforms:

  • All data in transit is encrypted using HTTPS/TLS.
  • Passwords are hashed using bcrypt — plaintext passwords are never stored.
  • Aadhaar numbers (MediTrack) are stored as SHA-256 hashes — the original value cannot be recovered.
  • API requests are authenticated using Laravel Sanctum tokens validated server-side.
  • Login rate limiting is enforced on all platforms to prevent brute-force attacks.
  • Uploaded files (selfies, documents) are stored outside the public web root.
  • API keys, database credentials, and Firebase service account keys are stored in environment variables, never in source code.

In the event of a data breach affecting your personal information, we will notify affected users within 72 hours of becoming aware, in accordance with applicable law.

5. Third-Party Services

We integrate the following third-party services, each governed by their own privacy policy:

  • Google Firebase — Push notifications (FCM), Google Sign-In authentication, and crash reporting. Firebase Privacy Policy.
  • Razorpay — Payment processing for GuardPro subscriptions, SportBook bookings, and School ERP fee payments. We receive only payment status and transaction reference ID — never your card, UPI, or net banking credentials. Razorpay Privacy Policy.
  • Gmail SMTP / PHPMailer — Transactional email delivery (OTP, booking confirmation, support replies).
  • Google Sign-In (OAuth 2.0) — Used across platforms for convenient login. We receive your name, email, and profile photo URL only.
  • Google Maps / Directions API — Used in Bus Tracker for live route display and ETA calculation. Location data is not shared with Google beyond what is required for map rendering.

6. Mobile App Permissions

Our Android applications request only the permissions necessary for core functionality:

  • INTERNET — Required on all apps to communicate with Ajvika servers.
  • ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION — Used in Bus Tracker (vehicle GPS) and GuardPro (guard patrol tracking) only.
  • CAMERA — Used in GuardPro for duty selfie capture and optional document scanning.
  • POST_NOTIFICATIONS — Required on all apps for FCM push notifications.
  • RECEIVE_BOOT_COMPLETED — Used in MediTrack to restart scheduled medicine reminders after device reboot.
  • READ/WRITE_EXTERNAL_STORAGE — Used in Ajvika Labs and School ERP for downloading project files and reports.
  • AD_ID (Advertising ID) — Auto-included by the Firebase SDK. Used solely for Firebase Analytics and crash reporting. No advertisements are served on any Ajvika platform.

You may revoke any permission at any time via your device's application settings. Revoking core permissions will limit the relevant feature.

7. Children & Minors

The School ERP (student app, parent app), Bus Tracker, and BrightPath serve students, including those under 18. Student accounts are created and managed by the school institution, not directly by the student. Parents or guardians are the primary account holders for parent-facing features.

We do not knowingly collect personal information directly from children under 13 without verifiable parental or institutional consent. All student GPS data (Bus Tracker) is accessible only to authenticated parents/guardians and authorised school administrators.

In accordance with the Digital Personal Data Protection Act 2023 (DPDP Act), schools adopting the School ERP are responsible for ensuring parental consent is collected during student enrolment. If you believe your child's data has been collected without proper consent, contact us immediately for prompt deletion.

8. Cookies & Local Storage

Our web platforms use cookies for session management (Laravel session cookies), CSRF security tokens, and user preference storage. We do not use third-party advertising cookies.

Android apps use SharedPreferences (local device storage) to cache session tokens and user preferences. This data remains on your device and is not transmitted unless required by a specific feature.

You may disable cookies via your browser settings; this may affect login and session functionality on web platforms.

9. Data Retention

We retain data only as long as necessary to provide the service and meet legal obligations:

  • Active accounts: Retained for the duration of the active subscription or institutional contract.
  • School ERP academic records: Retained for up to 7 years after the student's last active academic year, for institutional audit compliance.
  • GuardPro duty logs: Retained for 12 months, then deleted unless the client requests otherwise.
  • Payment records: Transaction references retained for 7 years as required under Indian accounting standards.
  • MediTrack health data: Deleted within 30 days of account deletion request.
  • Bus Tracker GPS logs: Route history purged automatically after 90 days.
  • Deleted accounts: Personal data removed within 7 business days of a verified deletion request.

10. Sharing of Information

We do not sell, rent, or trade your personal information. Data is shared only in the following limited circumstances:

  • Service providers: Razorpay (payments), Firebase/Google (notifications, auth, crash reporting), and Hostinger (hosting infrastructure) — solely to deliver the service.
  • Institutional admins: In School ERP and GuardPro, data is shared within the contracted institution as required for the service to function.
  • Legal compliance: When required by a court order or government authority under the IT Act 2000 or DPDP Act 2023.
  • Platform isolation: Data from one Ajvika platform (e.g., MediTrack) is never accessible to another (e.g., GuardPro) without your explicit authorisation.

11. Your Rights

Under the Digital Personal Data Protection Act 2023 and applicable Indian law, you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your personal data, subject to legal retention requirements.
  • Withdraw Consent — Withdraw consent for data processing at any time.
  • Grievance Redressal — Lodge a complaint with us or with the Data Protection Board of India.
  • Notification Controls — Opt out of non-transactional push notifications via device settings or the in-app settings screen.

To delete your account and all associated data, visit our Delete Account page (ajvika.com/delete-account.html) or email support@ajvika.com. Requests are processed within 7 business days.

For all other rights requests, email support@ajvika.com. We will respond within 30 days of a verifiable request.

12. Policy Updates

This Privacy Policy may be updated periodically to reflect changes in our services or legal requirements. When material changes are made, the "Last updated" date above will be revised, and we will notify users via push notification or in-app banner at least 7 days before changes take effect. Continued use of any Ajvika platform after the effective date constitutes acceptance of the updated policy.

13. Contact

For privacy-related queries, data access requests, or complaints:
Email: support@ajvika.com
Phone: +91 99123 44598
Address: AJVIKAA, Kakinada, Andhra Pradesh, India — UDYAM-AP-17-0064425

If your concern is not resolved within 30 days, you may escalate to the Data Protection Board of India under the DPDP Act 2023.