Privacy Policy

Effective date: 28 May 2026 · Last updated: 28 May 2026

This Privacy Policy explains how GurukulApp (“we”, “our”, the “Service”) collects, uses, stores, and protects information when schools, staff, and administrators use the application available at gurukulapp.in and its school-specific subdomains.

GurukulApp is a private school-management tool. Accounts are created by school administrators for their own staff. We do not offer public sign-ups. Each school's data is isolated and is accessible only to that school's authorised users.

1. Information we collect

We collect only the information needed to operate a school's records:

Account information — username, role (admin / clerk / teacher / principal), and (when used) Google account email address for Google Sign-In.
Student records — entered by school staff: name, roll number, class/section, date of birth, parent contact, address, photo (optional), academic marks, attendance, fee transactions, and similar academic information.
Staff records — entered by school administrators: name, designation, contact details, salary records, qualification, and bank details used solely for payroll printouts.
Operational logs — sign-in attempts and audit entries for sensitive administrative actions (password changes, data exports). Used for security only.

2. How we use Google Sign-In data

When a user signs in with Google, we receive only the user's email address and basic profile information from Google. We use this only to match the Google account to an existing user record in the school's database. We do not:

read the user's Gmail, Calendar, Contacts, Drive, or any other Google service;
store the user's Google password (we never see it);
use Google account information for advertising or analytics.

3. How information is stored

All data is stored in Google Cloud Firestore (region: Asia — Delhi). Connections use TLS encryption. Authentication is provided by Firebase Authentication; passwords are stored only as one-way hashes by Google and are never visible to us or to the school administrator.

Each school's data is stored under a separate path and is accessible only to users whose signed-in identity matches that school. Database security rules enforce this isolation at the server level.

4. Who can see the data

Staff of the school that owns the data, according to their role inside the app.
The school's designated super-administrator.
No third party. We do not sell, share, or transfer data to any external party for any purpose.

5. Data retention

School data is retained for as long as the school maintains its account. A school administrator may request export or deletion of records at any time. Audit logs are retained for security and compliance review.

6. Children's data

Records of minors (students) are entered and managed by the school in the course of providing education. We act as a data processor on behalf of the school, which is the data controller for student records.

7. Security

We use industry-standard safeguards including TLS in transit, encryption at rest via Google Cloud, server-enforced role-based access rules, password hashing via Firebase Authentication, and audit logging of sensitive actions. No system is perfectly secure; we encourage users to choose strong passwords and to enable two-factor authentication on their Google accounts.

8. Your rights

You may request access to, correction of, or deletion of your personal information by contacting the administrator of your school, who can act on your request through the application. For broader concerns about the Service itself, contact us at the address below.

9. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of the page reflects the most recent change. Material changes will be communicated through the application.

10. Contact

Questions about this policy or about data handled by GurukulApp can be sent via the contact form on our homepage at gurukulapp.in.