Sthara School OS ("we", "our", or "us") is a cloud-based educational management platform operated in India. We are committed to protecting the personal data of all users โ students, teachers, parents, and administrators โ in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws.
This Privacy Policy describes how we collect, use, store, and protect personal data when you use our platform. By using Sthara, you consent to the practices described here.
For the purposes of the DPDP Act 2023, Sthara School OS is the Data Fiduciary responsible for determining the purposes and means of processing your personal data. Each registered institution (school) is a separate Data Principal with respect to their students and staff.
We collect only the minimum data necessary to provide our services:
| Category | Data Collected | Purpose |
|---|---|---|
| Identity | Name, email address, role (student/teacher/admin) | Account creation & authentication |
| Educational | Class, subjects, assignment submissions, grades | Core learning management |
| Biometric-adjacent | Handwritten answer images (uploaded by student) | AI-powered grading only |
| Wellness | Mood check-in values (anonymous numeric score) | Classroom wellbeing monitoring |
| Usage | IP address, login timestamps | Security & rate limiting |
| School Info | School name, city, curriculum, contact | School profile & onboarding |
We do NOT collect: Aadhaar numbers, PAN, biometric data, financial information, or any sensitive personal data beyond what is listed above.
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.
Our platform serves students who may be minors. In compliance with Section 9 of the DPDP Act 2023:
Our platform uses the following third-party AI and cloud services:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Gemini AI | Google LLC | Homework grading, tutoring, quiz generation | Assignment text & images (no PII) |
| Firebase Auth | Google LLC | User authentication | Email, UID |
| Firestore | Google LLC | Database storage | All structured data |
| Firebase Storage | Google LLC | Image storage | Submission images |
| YouTube Data API | Google LLC | Educational video search | Search queries only |
Google LLC processes data under their own privacy policy and Data Processing Agreements compliant with international data protection standards. Data is stored in regions that comply with Indian data localization requirements where available.
| Data Type | Retention Period |
|---|---|
| Student assignments & grades | Duration of enrollment + 1 year |
| Student images (submissions) | 90 days after grading |
| Chat/tutor conversations | 6 months rolling window |
| Wellness mood scores | 1 academic year |
| Login/access logs | 90 days |
| School records | Duration of subscription + 2 years |
As a Data Principal, you have the following rights:
To exercise these rights, contact your school administrator or email us at privacy@sthara.in. We will respond within 72 hours.
We implement industry-standard security measures including:
We use a minimal session cookie (__session) to maintain your login state across page navigations. This cookie:
We may update this policy periodically. When we do, we will update the "Last updated" date at the top of this page and notify school administrators via email. Continued use of Sthara after changes constitutes acceptance of the revised policy.