Privacy Policy

1. Introduction

WeCan School (“we”, “us”, or “our”) is committed to protecting the privacy and security of personal information of our students, parents/guardians, and staff. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our school management system and mobile application (collectively, the “Services”).

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Services.

2. Information We Collect

a) Authentication & Account Data

• Mobile phone number (used as primary login identifier)
• One-Time Password (OTP) sent via SMS for verification
• Password (stored in encrypted/hashed form)

b) Personal Information

• Student name, date of birth, gender, and enrollment details
• Parent/Guardian name (father’s name) and contact number
• Staff name, email, contact details, role, and date of joining
• Profile picture (if uploaded by school administration)

c) Academic & Administrative Data

• Attendance records (student and staff)
• Exam marks and report cards
• Fee invoices and payment history
• Syllabus progress and task assignments
• Leave applications and approval status
• Performance appraisal records (for staff)

d) Technical Data

• Firebase Cloud Messaging (FCM) token for delivering push notifications
• Device type (Android/iOS) for notification delivery
• Authentication token stored locally on your device

e) What We Do NOT Collect

Our mobile application does not access or collect:

• Location or GPS data
• Camera or microphone access
• Contacts or address book
• Device identifiers (IMEI, advertising IDs)
• Browsing history or cookies
• Any data in the background when the app is not in use

3. How We Use Your Information

We use the collected information for the following purposes:

• Authenticating users via OTP or password-based login
• Displaying student academic records, attendance, and fee details to authorized parents/guardians
• Sending push notifications for attendance alerts, fee reminders, exam schedules, events, and school announcements
• Managing staff attendance, leave, task assignments, and performance appraisals
• Generating report cards and academic performance reports
• Providing fee invoices and payment receipts

4. Third-Party Services

We use the following third-party services to operate our platform:

• Firebase Cloud Messaging (Google) — for delivering push notifications to your device
• SMS Gateway — for sending OTP codes during login verification
• Google Fonts — for loading fonts in the mobile application (your IP address may be shared with Google servers)

These services are bound by their own privacy policies and we only share the minimum data required for their operation.

5. Data Stored on Your Device

Our mobile application stores the following data locally on your device using standard device storage:

• Authentication token (for keeping you logged in)
• Basic user profile information (name, role, contact details)
• App feature permissions based on your role

This data is cleared when you log out of the application. No other files or databases are stored on your device.

6. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share information only in the following cases:

• With authorized school staff — for academic and administrative purposes based on role-based access
• With parents/guardians — regarding their own child’s academic progress, attendance, and fees
• Service providers — as described in Section 4, limited to the minimum data necessary
• Legal requirements — when required by law, regulation, or legal process

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• All data transmission is encrypted via HTTPS/SSL
• Passwords are stored in hashed form and never in plain text
• Role-based access control ensures users only see data relevant to their role
• Authentication tokens expire after 30 days of inactivity
• Regular data backups are maintained

While we strive to protect your information, no method of electronic transmission or storage is 100% secure.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, or as required by applicable laws and regulations. Student records may be retained after the student leaves the school for administrative and legal purposes.

9. Your Rights & Account Deletion

You have the right to:

• Access the personal information we hold about you or your child
• Request correction of inaccurate or incomplete information
• Request deletion of your account and associated data
• Withdraw consent for push notifications via your device settings

Account deletion: You can request account deletion through the mobile application. Upon deletion, your authentication tokens are revoked, push notification tokens are cleared, and your account is deactivated. To exercise any other rights, please contact the school administration.

10. Children’s Privacy

Our Services are accessed by parents/guardians on behalf of their children. We do not knowingly collect personal information directly from children. All student data is provided and managed by the school and parents/guardians.

11. Push Notifications

Our mobile application sends push notifications for attendance alerts, fee reminders, exam schedules, events, and other school updates. You can disable notifications through your device settings at any time. The app requires the POST_NOTIFICATIONS permission on Android 13 and above.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. Any changes will be posted on this page with an updated effective date.

13. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us:

• School: WeCan School
• Email: info@wecanschool.com
• Website: www.wecanschool.com