Your Website Features Modules Payments & Apps Structure Platform Pricing Request Demo
Legal

Privacy Policy

Last updated: June 17, 2026

These documents apply to the Ecstia educational ERP platform, institution websites powered by Ecstia, and branded mobile applications distributed to students, parents, guardians, and staff.

1. Introduction

Ecstia ("we", "us", or "our") provides a cloud-based educational ERP platform, customizable institution websites, and branded mobile applications for schools, colleges, and educational groups. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website at ecstia.com, the Ecstia ERP platform, institution-specific subdomains, and mobile apps published to the Apple App Store and Google Play Store.

Educational institutions that subscribe to Ecstia are the primary controllers of student, parent, guardian, and staff data entered into their tenant. Ecstia processes that data on the institution's behalf to deliver the contracted services.

2. Scope of this policy

This policy applies to:

  • The Ecstia marketing website and demo request flows
  • The Ecstia ERP web application used by institutions, staff, students, parents, and guardians
  • Institution-branded public websites powered by Ecstia
  • Institution-branded iOS and Android mobile applications connected to Ecstia ERP
  • APIs, notifications, chat, and related services integrated with the platform

Each institution may publish its own privacy notice on its website or within its mobile app. Where an institution's notice differs from this policy, the institution's notice governs its relationship with its users for institution-specific processing.

3. Information we collect

3.1 Information you provide directly

  • Account and profile data: name, email address, phone number, username, password (stored in hashed form), role, and institution affiliation
  • Student and academic records: admission details, batch and program enrollment, attendance, timetables, examination marks, report cards, assignments, and certificates
  • Guardian and family data: parent or guardian names, contact details, and links to student records
  • Employee and HR data: staff profiles, departments, payroll-related information, leave, and attendance where the HR module is enabled
  • Financial data: fee structures, invoices, receipts, payment status, and transaction references. Card or bank details are processed by the institution's configured payment gateway, not stored by Ecstia as raw payment credentials
  • Applicant and enquiry data: information submitted through admissions, enquiry, and registration workflows
  • Communications: messages sent through in-app chat, announcements, circulars, feedback responses, and support requests
  • Uploaded content: documents, photos, ID card images, and files attached to forms or records
  • Demo and sales inquiries: contact details submitted through ecstia.com request-demo forms

3.2 Information collected automatically

  • Device and app data: device type, operating system, app version, language, and push notification tokens
  • Log and usage data: IP address, browser type, pages or screens accessed, actions performed, timestamps, and error diagnostics
  • Session and security data: authentication tokens, tenant domain identifiers, and permission assignments
  • Cookies and similar technologies: on our marketing website and web application for session management, preferences, and security

3.3 Information from third parties

Institutions may import or sync data from existing systems. Payment gateways may return transaction status and references. App stores may provide download and crash metadata according to their own policies.

4. How we use information

We use collected information to:

  • Provide, operate, and maintain the ERP, website, and mobile application services
  • Authenticate users and enforce role-based access and permissions
  • Enable admissions, academics, finance, hostel, transport, inventory, HR, examinations, announcements, chat, and other enabled modules
  • Process fee collections and payment status through institution-configured payment gateways
  • Send notifications, including push notifications, email, and in-app alerts initiated by the institution or system events
  • Generate reports, certificates, ID cards, and other institution documents
  • Improve platform reliability, security, and user experience
  • Respond to demo requests, support inquiries, and legal obligations
  • Comply with applicable law and enforce our Terms of Service

We do not sell personal information to third parties.

5. Mobile application permissions

Institution mobile apps may request device permissions depending on features enabled by the institution. These may include:

  • Notifications: to deliver alerts for fees, attendance, examinations, announcements, and chat
  • Network access: to connect securely to the institution's Ecstia ERP API
  • Storage: to download and view PDF reports, receipts, and documents
  • Camera or photo library: only where features such as profile photos or document uploads are used

You can manage many permissions through your device settings. Some features may not work if required permissions are denied.

6. How we share information

We may share information only in the following circumstances:

  • Within the institution: among authorized staff, teachers, students, parents, and guardians according to role permissions
  • Service providers: with hosting, email, SMS, monitoring, and infrastructure vendors that help us operate the platform under contractual confidentiality and security obligations
  • Payment processors: with the payment gateway configured by the institution to complete online payments
  • Legal requirements: when required by law, regulation, court order, or to protect rights, safety, and security
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to continued protection of personal information

Institution administrators control which modules and users can access data inside their tenant.

7. Data retention

We retain information for as long as the institution's subscription is active and as needed to provide services, meet legal obligations, resolve disputes, and enforce agreements. Institutions may export or request deletion of certain records subject to their policies and applicable law. When an institution terminates service, data is deleted or returned according to the commercial agreement and backup retention schedules.

8. Security

We implement administrative, technical, and organizational measures designed to protect information, including tenant isolation, encrypted connections (HTTPS/TLS), access controls, authentication, and audit logging. No method of transmission or storage is completely secure; institutions and users should also protect account credentials.

9. Children's and student privacy

Ecstia is designed for use by educational institutions that manage student information, including data relating to minors. Institutions are responsible for obtaining appropriate consent from parents or guardians where required by law. Parents and guardians using the mobile app or portal should contact their institution with questions about a student's records.

10. International data transfers

Ecstia may process and store information on servers located in jurisdictions other than where the institution or user resides. Where required, we take steps designed to ensure appropriate safeguards for cross-border transfers.

11. Your rights and choices

Depending on your location and role, you may have rights to:

  • Access, correct, or update personal information through your institution or account settings
  • Request deletion or restriction of processing, subject to institutional and legal requirements
  • Withdraw consent where processing is consent-based
  • Opt out of non-essential marketing communications from Ecstia
  • Disable push notifications in device or app settings

Students, parents, and staff should contact their institution first for data requests relating to academic or administrative records. For platform-level inquiries, contact privacy@ecstia.com.

12. Third-party links and services

Institution websites, payment gateways, video classroom tools, and other integrated services may link to third-party sites or services with their own privacy practices. We encourage you to review those policies before providing information to them.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the latest version. Material changes will be communicated through our website or appropriate in-product notices where practicable. Continued use of the services after changes become effective constitutes acceptance of the updated policy.

14. Contact us

For privacy-related questions about the Ecstia platform or mobile applications: