Legal
Privacy Policy
Last updated: May 27, 2026
Sranvi ("the Service", "we", "us") is a school management platform for Indian schools. This policy explains what data the Service collects, how it is used, who can see it, and how you can contact us about privacy questions.
The Service consists of (a) a school portal at <school>.sranvi.com,
(b) a mobile app distributed through the Google Play Store under the name "Sranvi"
(Android package com.sranvi.app), and (c) the marketing site at
sranvi.com. This policy covers all three.
Who controls the data
Schools that use Sranvi are the data controllers for their students, parents, and staff. We are the data processor — we host and operate the platform on each school's behalf. School administrators decide who is enrolled, what is recorded, and who has access. If you are a parent or student and want to know what data your school has on you, please contact your school administrator first.
What data we collect
From staff and admins
- Username, full name, email, phone number, role, and the school you belong to.
- Photos you choose to upload (e.g. profile picture).
- Activity logs of administrative actions you take in the app (which records you edited and when).
From students (entered by school staff)
- Identity: full name, admission number, date of birth, gender, parent / guardian names.
- Contact: phone, address, city, state, pincode.
- Optional photo.
- Optional government identification number (Aadhaar) where the school records it as part of student enrolment.
- Optional community / caste, where the school records it for government-mandated student categorisation.
- Academic records: classes, attendance, exam scores, fee records, payments, certificates.
Students do not register themselves — accounts are created and maintained by school staff.
Automatically collected
- Authentication tokens after you sign in (so you stay logged in).
- Push-notification device tokens (Firebase Cloud Messaging) if you allow notifications.
- Standard server logs: IP address, request paths, timestamps, error traces. Retained for up to 30 days for debugging and abuse prevention.
What we don't collect
- We do not collect your contacts, calendar, location, camera, or microphone.
- We do not run third-party advertising trackers. There are no ads in the app.
- We do not sell or rent any data.
How we use the data
- To run the Service: store your school's records, show them to authorised users, send notifications.
- To keep accounts secure: detect abuse, rate-limit suspicious behaviour, prevent unauthorised access.
- To respond to support requests if you contact us.
- To improve the Service via aggregated, non-identifying usage patterns.
Where the data is stored
School data is stored on Cloudflare's edge platform — D1 (database) and R2 (file storage) — across data centres in Asia, with disaster-recovery replication. Push-notification device tokens are stored with Firebase Cloud Messaging. When a user verifies their phone number for password-reset or two-factor authentication, the phone number is sent to Firebase Phone Authentication (Google) to deliver the one-time SMS code. We do not transfer data outside these providers.
Who can see your data
- Inside your school: the people your school admin grants access to (typically the principal, accounts staff, class teachers, and the student / parent themselves for their own records).
- Across schools: never. Each school's data is fully isolated; no school can see another school's records.
- Sranvi staff: we access data only when necessary to operate the Service, debug a reported issue, or respond to a support request, and only with the school's awareness when we do.
- Third parties: only Cloudflare (hosting) and Firebase / Google (push notifications and phone-number OTP verification), as data processors bound by their own policies.
Data retention and deletion
School records are retained for as long as the school continues to use the Service. If a school cancels its account, records are retained for up to 90 days to allow recovery, then deleted. Individual student / staff records can be deleted earlier on request to the school administrator.
You can request deletion of your own account by contacting your school administrator (for students and staff) or by emailing us at rajuchofficial@gmail.com (for school administrators).
Children's data
The Service is used to keep records for school students, including those under 13. Records about minors are entered by school staff under their school's authority, with the assumption that the school has obtained parental consent as required by Indian law. Children do not register or consent independently through the Service.
Security
- All traffic is encrypted in transit (HTTPS / TLS 1.2+).
- Passwords are stored hashed (bcrypt) — we cannot read them, even on our own servers.
- Two-factor authentication is available for administrators.
- Each school's data is partitioned at the database layer to prevent cross-tenant access.
No system is perfect. If you believe there has been a security incident affecting your data, please email rajuchofficial@gmail.com and we will investigate and respond promptly.
Your rights
You can request access to, correction of, or deletion of your personal data by contacting your school administrator (the data controller). For requests we should handle directly (e.g. you are a school administrator yourself), email rajuchofficial@gmail.com from your registered address and we will respond within 30 days.
Changes to this policy
When we change this policy materially, we will update the "Last updated" date at the top of this page and notify school administrators by email. Continued use of the Service after a change indicates acceptance of the updated policy.
Contact
Sranvi
Email: rajuchofficial@gmail.com
Phone / WhatsApp: +91 79814 56400