Privacy Policy
Last updated: 15 Jul 2026
1. Introduction
Enlighto Academy ("we", "us", "our") is a coaching institute at FF#3, Sarthak Fortune Mall, Randesan, Gandhinagar, Gujarat 382426. We take the privacy of our students and their families seriously — most of the people we teach are children, and we treat their information accordingly.
This Privacy Policy explains what personal data we collect through our website www.enlightoacademy.com and our parent/teacher portal, why we collect it, how we use and protect it, and the rights you have over it.
We act as the Data Fiduciary for this data under India's Digital Personal Data Protection Act, 2023 (DPDP Act).
2. A note on children's data
Our students are largely minors (under 18 years of age). Under the DPDP Act, we handle their data with specific safeguards:
- Portal accounts are held by parents/guardians, not by children. We do not issue login accounts to students directly.
- We process a child's personal data only on the basis of verifiable consent given by their parent or legal guardian, obtained at the time of admission and enquiry.
- We do not engage in behavioural tracking, profiling for advertising, or targeted advertising directed at children.
- We do not undertake any processing that is likely to cause a detrimental effect on the wellbeing of a child.
3. What personal data we collect
From parents/guardians and prospective families
- Data that you provided us at the time of the admission viz. Name, phone number, email address, residential address etc
- Enquiry details (class of interest, subjects, message)
- Fee, invoice, receipt and payment-intimation records
- Communications you send us (emails, notes through the portal, WhatsApp messages)
About students
- Name, class, date of birth, admission date, student ID
- Parents'/guardians' names and contact details
- Attendance records
- Marks, test scores, topics covered, and academic remarks
- Homework assigned and completion records
- Notes and feedback exchanged between teachers and parents
From teachers and staff
- Name, designation, contact details, date of birth
- Employment and salary records
- Class and subject assignments
Technical data
- Basic server logs generated when you visit the Website (IP address, browser type, pages visited, timestamps), used for security and to keep the service running.
- A session cookie that keeps you logged in to the portal. This is strictly necessary for the portal to function. We do not use advertising cookies, analytics profiling, or third-party trackers.
What we deliberately do NOT collect
- We do not collect or store any payment credentials — no card numbers, no UPI PINs, no OTPs, no banking passwords. We do not operate a payment gateway. Payments are made by you directly to our bank account through your own bank or UPI app; we only record that a payment was received.
- We do not collect biometric data, government ID numbers (unless specifically required and separately requested at admission), or health data, unless you voluntarily disclose something relevant to your child's learning needs.
4. Why we use your data (purposes)
| Purpose | What this means in practice |
|---|---|
| Providing education | Teaching, assessment, tracking attendance and progress |
| Administering enrolment | Admissions, class allocation, student records |
| Fees and accounting | Issuing invoices and receipts, recording payments, maintaining our books |
| Communicating with you | Attendance and fee reminders, progress updates, schedule changes, academy announcements |
| Responding to enquiries | Following up on enquiry forms you submit |
| Security and integrity | Protecting accounts and detecting misuse of the portal |
| Legal compliance | Meeting our obligations under tax, accounting and other applicable laws |
We do not use your data for advertising, and we do not sell, rent or trade your personal data to anyone.
5. Legal basis
We process personal data on the basis of:
- Consent — given by you (and, for a child, by the parent/guardian) at the time of enquiry and admission. You may withdraw consent at any time (see Section 9), though this may mean we can no longer provide our services.
- Legitimate uses as permitted under the DPDP Act, including where you have voluntarily provided data for a specified purpose, and for compliance with law.
6. Who we share data with
We share personal data only where necessary, and only with:
- Our teachers and staff — and only to the extent needed. A teacher can see the students in the classes they teach; they cannot see the whole institute's records.
- Our hosting provider — the portal runs on cloud infrastructure provided by Render Services, Inc, which stores our data on secured servers.
- Our email service — to send you portal notifications and documents.
- Our chartered accountant / auditors — for statutory accounting and tax purposes.
- Government authorities, courts or regulators — where we are legally required to disclose.
We never sell your data, and we do not share it with advertisers or data brokers.
7. Data security
We take reasonable security safeguards to protect personal data, including:
- Passwords stored only in hashed form — never in plain text, and never visible to us
- Encrypted (HTTPS) connections across the whole website
- Role-based access control — parents see only their own child's records; teachers see only their assigned classes; full records are visible only to the administrator
- Rate limiting and session protections against unauthorised login attempts
- Invoice and receipt PDFs locked against editing
- Regular backups of our database
No system is perfectly secure. In the event of a personal data breach, we will notify the Data Protection Board of India and the affected individuals, as required by the DPDP Act.
8. How long we keep data
- Student academic records (attendance, marks, remarks) — for the duration of enrolment and for a reasonable period afterwards, so that we can issue progress records if you request them.
- Financial records (invoices, receipts, accounting entries) — for the period required by Indian tax and accounting law (generally 8 years).
- Enquiry data — for up to 12 months if the enquiry does not lead to admission.
- Server logs — for a short period, for security purposes.
When data is no longer needed for these purposes, and we are not required by law to retain it, we delete or anonymise it.
9. Your obligations
Under the DPDP Act, you are expected to provide authentic information and not to impersonate another person. Please do not submit anyone else's personal data to us without their knowledge.
10. Changes to this Policy
We may update this Privacy Policy from time to time. The revised version will be posted on this page with an updated "Last updated" date. If the changes are material, we will notify portal users by email or by a notice in the portal.
This Policy should be read together with our Terms of Use.
