logo

Privacy Policy

Your privacy is important to us. This policy outlines how we collect, use, and protect your information.

Home / Privacy

Effective Date:

Last Updated:

This Privacy Policy governs the collection, use, storage, and protection of personal information by BSarf School Management System ("BSarf", "we", "our", or "us"). BSarf is a comprehensive school management platform designed to support the administrative, academic, and financial operations of educational institutions. This policy applies to all users of the BSarf platform, including school administrators, branch managers, teachers, students, parents, and any other authorized individuals who access the system.

By accessing or using BSarf, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of the platform and contact your institution's administrator.

1. Who We Are

BSarf is a school management system developed and maintained as a proprietary platform for educational institutions. The system is deployed and operated on behalf of subscribing schools and branches. Each institution that deploys BSarf is considered a data controller for the personal data of its users, while BSarf acts as the data processor responsible for the secure processing and storage of that data.

If you have questions about how your specific institution manages your data, you should contact your school's designated administrator or data protection officer.

2. Information We Collect

BSarf collects and processes several categories of personal information depending on your role within the platform. The categories include:

2.1 Student Information

  • Full legal name and date of birth
  • Gender and passport photograph
  • Student admission number and registration details
  • Class, arm, and academic session enrollment records
  • Academic results, scores, grades, and performance history
  • Attendance records and behavioral notes
  • Generated student ID card data
  • CBT (Computer-Based Test) responses and assessment records
  • Financial records including fee payments, invoices, and outstanding balances

2.2 Staff and Administrator Information

  • Full name, email address, and contact number
  • Staff role, designation, and assigned branch
  • Login credentials (passwords are stored in hashed form and never in plain text)
  • System activity logs and audit trails
  • Access levels and permission configurations

2.3 Parent and Guardian Information

  • Full name and contact information
  • Relationship to enrolled student(s)
  • Communication history related to ward's academic or financial records

2.4 Institutional and Branch Information

  • School name, address, and contact details
  • Branch identifiers and configuration settings
  • Academic session and term structure
  • Class and subject configurations

2.5 Automatically Collected Information

  • Session identifiers and authentication tokens
  • IP addresses and device information at login
  • System usage logs and activity timestamps
  • Browser type and operating system metadata

3. How We Use Your Information

The information collected by BSarf is used strictly for the purposes of operating, maintaining, and improving the platform, and for enabling educational institutions to carry out their administrative and academic functions. Specific uses include:

  • Authenticating and managing user accounts and session access
  • Processing and displaying student academic results and report cards
  • Tracking and reporting student attendance records
  • Generating student identification documents and credentials
  • Administering computer-based tests and recording assessment outcomes
  • Managing student fee records, payment history, and financial reporting
  • Supporting multi-branch school operations and branch-level data isolation
  • Providing administrative dashboards and system-wide analytics to authorized personnel
  • Maintaining audit logs for security and accountability purposes
  • Communicating system-related notifications to users where applicable
  • Improving platform performance, identifying bugs, and implementing security updates

BSarf does not use personal data collected through the platform for advertising, profiling, or any commercial purposes unrelated to the provision of school management services.

4. Legal Basis for Processing

BSarf processes personal data on the following legal grounds:

  • Contractual Necessity: Processing is necessary to fulfill the service agreement between BSarf and the subscribing institution, and to provide the features and functions the platform is designed to deliver.
  • Legitimate Interest: Processing is carried out in the legitimate interest of the institution and the platform, including security monitoring, system integrity, and operational continuity.
  • Legal Obligation: In some cases, processing may be required to comply with applicable laws, including data protection regulations applicable to educational institutions in the jurisdiction of operation.
  • Consent: Where consent is required, particularly for the data of minors, it is obtained through the enrolling institution as part of the student admission process.

5. Data Sharing and Disclosure

BSarf does not sell, rent, or trade personal information to third parties. Data may be shared only in the following limited and controlled circumstances:

  • Within the institution: Authorized staff, teachers, and administrators within the same school or branch may access data relevant to their role and permissions as configured by the institution.
  • Across branches (where applicable): In multi-branch school setups, data access across branches is restricted by role-based permissions and branch-level isolation controls built into the platform.
  • Service providers: BSarf may engage trusted infrastructure providers (such as VPS hosting and database services) who process data solely on our instructions and under strict confidentiality obligations.
  • Legal requirements: We may disclose information where required by law, court order, or government authority, provided we are legally obligated to do so.
  • Security incidents: In the event of a data breach or security incident, affected institutions and users will be notified as required by applicable regulations.

6. Data Retention

Personal data stored within BSarf is retained for as long as necessary to fulfill the purposes outlined in this policy, or as required by the institution's operational and legal obligations. The following general retention principles apply:

  • Student academic and attendance records are retained for the duration of the student's enrollment and for a defined period thereafter, as determined by the institution.
  • Financial records are retained in accordance with applicable accounting and tax retention requirements of the relevant jurisdiction.
  • Staff and administrator account data is retained for the duration of their employment or active system access, and may be archived for a defined period post-departure.
  • System logs and audit trails are retained for security and accountability purposes for a period deemed appropriate by the institution's data governance policy.

Institutions may request deletion of data in accordance with applicable data protection law. Requests should be directed to the BSarf system administrator for the institution.

7. Data Security

BSarf is built with security as a foundational concern. The following technical and organizational measures are implemented to protect personal data:

  • All user passwords are stored using cryptographic hashing and are never stored or transmitted in plain text
  • Session management is implemented with secure, isolated session handling to prevent unauthorized access
  • Role-based access control (RBAC) ensures users can only access data within their authorized scope
  • Branch-level data isolation prevents cross-branch data leakage in multi-branch deployments
  • The platform is deployed on private VPS infrastructure with restricted access controls
  • Database queries are structured to prevent SQL injection and other common attack vectors
  • System activity is logged for audit and intrusion detection purposes
  • Regular system reviews are conducted to identify and resolve security vulnerabilities

Despite these measures, no digital system can guarantee absolute security. Users are advised to maintain the confidentiality of their login credentials and report any suspected unauthorized access to their institution's administrator immediately.

8. Children's Data

BSarf processes personal data of minors (students under the age of 18) as a core function of its purpose as a school management system. Such data is processed on behalf of the institution and in accordance with the enrollment and consent procedures established by the school. Parents and guardians who have concerns about the data held on behalf of their child should contact the school's designated administrator directly.

BSarf does not knowingly collect data from minors outside of the institutional context described above, and does not use student data for any commercial, advertising, or profiling purposes.

9. Your Rights

Depending on the data protection laws applicable in your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data held about you within the system.
  • Right to Rectification: You may request correction of inaccurate or incomplete data.
  • Right to Erasure: You may request deletion of your data, subject to legal and operational retention requirements.
  • Right to Restriction: You may request that processing of your data be restricted in certain circumstances.
  • Right to Data Portability: You may request that your data be provided in a structured, commonly used format where technically feasible.
  • Right to Object: You may object to processing carried out on the basis of legitimate interest where your rights and freedoms override that interest.

To exercise any of these rights, please contact your institution's BSarf administrator. Requests will be handled in accordance with applicable data protection legislation and within the timeframes prescribed by law.

10. Cookies and Local Storage

BSarf may use session cookies and browser storage mechanisms solely for the purpose of maintaining authenticated sessions and preserving user interface state during active use. These are strictly functional and are not used for tracking, advertising, or analytics purposes beyond what is necessary for system operation.

Session data is invalidated upon logout or upon expiration of the session timeout period configured for the platform.

11. Third-Party Services

BSarf is a self-contained platform and does not integrate third-party advertising networks, social media trackers, or external analytics services. Where third-party infrastructure providers (such as hosting services) are used, they are bound by contractual obligations to process data only as directed and to maintain appropriate security standards.

12. Changes to This Privacy Policy

BSarf reserves the right to update this Privacy Policy from time to time to reflect changes in the platform, applicable law, or operational practices. When material changes are made, the Last Updated date at the top of this document will be revised accordingly.

Continued use of the platform following the posting of an updated policy constitutes acceptance of the revised terms. Users are encouraged to review this policy periodically. Institutions will be notified of significant changes through appropriate communication channels.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data within BSarf, please contact:

  • Platform: BSarf School Management System
  • Contact Channel: Through your institution's designated BSarf administrator
  • For institutions: Contact the BSarf development and support team through your institution's service agreement channel

For data protection matters specific to your school or branch, your institution's data protection officer or system administrator is the primary point of contact.

This Privacy Policy is effective as of the date listed above and supersedes all prior versions. BSarf is committed to handling personal data responsibly, transparently, and in full respect of the privacy rights of every individual whose data is processed through the platform.

Contact Us

For inquiries or privacy-related concerns, please contact us.