👤 Personal Information

• Name, email address, and optional phone number used for account registration, profile/contact details, and account support
• Contact details you provide for account recovery or communication where you choose to supply them
• Student information including names, roll numbers, phone numbers, and email addresses
• Student photos uploaded for identification and record-keeping purposes
• Class and department information created by you
• Profile information and account preferences

📊 Attendance Data

• Daily attendance records for each student
• Present/absent status and attendance history
• Holiday and special event markings
• Class attendance summaries and statistics
• Date-based attendance tracking and reports
• Monthly and custom date range attendance data
• Attendance reports generated in PDF and CSV formats

📱 Device Information

• Device model, manufacturer, and hardware specifications
• Operating system version and Android API level
• App version and installation information
• Device identifiers such as the Advertising ID (where used for ads) and identifiers used by Firebase for app functionality, diagnostics, and (when enabled) analytics
• Network information (IP address, connection type) for connectivity and sync
• Crash reports, error logs, and performance metrics for app improvement
• Screen resolution and display settings for optimal user experience

📈 Usage Information

• When Firebase Analytics is enabled for your device (see the Advertising / consent sections below), the app may send aggregated usage events we configure (for example sign-in, registration, or attendance-related events) to Firebase, as described in Google’s Firebase documentation
• Operational data processed when you use the App (for example syncing classes, students, and attendance with Firestore, generating reports, and storing preferences needed for the service)
• Diagnostics and errors via Firebase Crashlytics in release builds (see the Crashlytics section)

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal bases under GDPR:

• Consent: When you register for an account, you agree that we process the account and service data needed to run Upasthiti. Where Google’s User Messaging Platform (UMP) shows a consent form (for example, many EEA users): your choices there control personalized ads and, in our App, whether Firebase Analytics collection is turned on; if you decline in a way that disables analytics in our implementation, we disable Firebase Analytics. Where UMP indicates consent is not required for your device/region: Firebase Analytics may be enabled in release builds without that form, as permitted by applicable law and consistent with how our App reads UMP status.
• Legitimate Interest: We rely on legitimate interests where appropriate (for example crash diagnostics as described for Crashlytics, security, fraud prevention, and running the service). Firebase Analytics in the EEA is not treated as relying on legitimate interest in place of consent when UMP requires a consent decision.
• Legal Obligation: We process data to comply with legal obligations, such as data retention requirements, tax obligations, or responding to legal requests.
• Contract Performance: We process data to perform our contract with you, including providing attendance management services and app functionality.

You have the right to object to processing based on legitimate interest. For more information, see the "GDPR/CCPA Rights" section below.

What Information Crashlytics Collects

• App Information: App name, package name, app version, build type (debug or release), and the screen or feature that was active when the crash occurred.
• Device Information: Device model and manufacturer, operating system version and API level, language and region settings.
• Diagnostic Data: Crash logs and stack traces, error messages, timestamps, and basic information about how the app was being used immediately before the crash.
• Limited Identifiers: A randomly generated app instance ID, and in some cases a Firebase user ID or a hashed version of your email address so that we can group related crash reports and investigate account‑specific issues.

How We Use Crash Data

• Detect and analyze crashes and technical errors
• Understand which devices, OS versions, or app versions are affected
• Improve app performance, stability, and security
• Prevent the same issues from happening again in future updates

Crash reporting data is not used to personally identify you in everyday use, to build marketing or advertising profiles, or to show targeted ads. Your attendance data, student information, and class data are not intentionally stored in crash reports.

Data Minimization and Legal Basis

• We apply the GDPR data‑minimization principle by collecting only the diagnostic information that is necessary to debug problems.
• We configure Crashlytics to focus on technical details (such as stack traces and device/app metadata) rather than personal content.
• Firebase acts as our data processor for crash reporting and handles this information in accordance with Google’s privacy and security practices.
• We rely on our legitimate interest in providing a secure and stable service as the legal basis for this processing under GDPR.

Live advertisements

The free version of the App may display live advertisements through Google AdMob. Ads may be personalized or non-personalized depending on your region, your device and Google account ad settings, and (where required) your choices in our in-app consent flow. AdMob and its advertising partners may process device, app usage, and ad interaction data as described in this policy and in Google’s documentation.

Types of Ads We Display

• Banner Ads: Displayed at the top or bottom of certain app screens
• Interstitial Ads: Full-screen ads shown between app screens or after completing actions
• App Open Ads: Full-screen ads that may appear when you launch the app (splash) or when it returns to the foreground from the background, before you continue to the main screen
• Rewarded Ads: Optional full-screen ads you may choose to watch (for example to unlock certain attendance-related features). Rewarded ads are voluntary and are not shown without your action to start them

When ads are shown (consent + subscription gating)

• Consent (UMP): We request ads only when Google’s User Messaging Platform (UMP) indicates ads can be requested (for example, after you complete a consent flow where required, or when consent is not required for your region).
• No Ads subscription: If you activate the optional “Remove All Ads” subscription, we do not load or show ads (including app open ads).
• Network availability: Ads require an internet connection; if you are offline, ads may not load.
• Sensitive screens: When you return to the app from the background, we suppress app-open ads on sensitive screens including login/register and onboarding, privacy/terms, profile/settings, the premium paywall, and while taking or viewing attendance. A launch app-open may still appear on cold start (app opened from a fully closed state), subject to cooldowns and your subscription/consent settings.

How AdMob Works

• AdMob uses Google's advertising technology to serve relevant ads to users
• Ads are displayed based on your device information, app context, and signals such as IP-based coarse geography; we do not request location permissions in the App for ads
• AdMob uses real-time bidding to show the most relevant ads
• Ad content is determined by AdMob and its advertising partners, not by us

Information Collected by AdMob and Advertisers

• Device Information: Device model, manufacturer, operating system version, screen resolution
• Device Identifiers: Android Advertising ID (AAID), which can be reset by users
• Network Information: IP address (which may indicate general location), connection type
• App Usage Data: App version, time spent in app, features used, ad interactions
• Approximate location signals: Ad partners may infer region (for example country or city) from IP address or similar signals. This is not from a location permission in Upasthiti
• Ad Interaction Data: Ad views, clicks, conversions, and engagement metrics

Your Privacy Choices Regarding Ads

• Opt Out of Personalized Advertising: You can opt out in your Android device settings (Settings > Google > Ads > Opt out of Ads Personalization)
• Reset Advertising ID: You can reset your Android Advertising ID at any time in device settings
• Location-related signals: Because we do not request a location permission for ads, coarse location used by ads is mainly influenced by network/IP and platform settings; review Google/ device ad privacy controls
• Ad Blockers: You may use ad blockers, but this may affect app functionality or user experience
• Note: Even if you opt out of personalized ads, you may still see ads, but they will be less relevant to your interests

Data Sharing with Advertisers

• We do not directly share your personal information (name, email, student data) with advertisers
• AdMob and its partners collect information through their own tracking technologies
• Ad personalization is based on device information and app usage patterns, not your personal data
• Your attendance data, student information, and class data are never shared with advertisers
• AdMob may share aggregated, anonymized data with advertisers for ad targeting purposes

Important: We share device information and app usage data with AdMob for advertising purposes. This is not a "sale" of personal information under CCPA or other privacy laws. Your personal information (name, email, student data) is never sold or shared with advertisers. AdMob uses device information and app usage patterns to serve relevant ads, but your personal data remains private and is never shared with third-party advertisers.

GDPR / UMP consent (where shown)

If you are in the EEA or another region where Google’s User Messaging Platform (UMP) determines a consent form should be shown, you may see a consent message when you use the App. It helps you control certain advertising-related processing and (where applicable) how our App enables Firebase Analytics, consistent with our implementation.

What you may see (when UMP requires it)

• When required for your region, a consent form may appear (for example on first launch or until you complete it)
• The form explains what data may be collected and how it will be used
• You may see options such as Accept All, Reject All, or Customize (wording depends on Google’s form)
• The form is provided by Google's User Messaging Platform (UMP) and complies with GDPR requirements

Your Consent Choices

• Accept All: Allows personalized ads and data collection for advertising purposes. Ads will be tailored to your interests based on your device information and app usage.
• Reject All: Blocks personalized ads and limits data collection. You may still see non-personalized ads, but they will not be based on your interests or device information.
• Customize: Where offered, you can adjust categories in Google’s form. Depending on your selections and how choices map to our App’s integration, Firebase Analytics may remain off (for example when consent is treated as non-personalized / not granted for our analytics gate).

How Consent Works

• Your consent choice is saved locally on your device
• The app will remember your choice and will not show the consent form again unless you reset it
• Your choices (where a form is shown) affect personalized advertising and, in our App, whether Firebase Analytics is turned on for that consent path
• If you accept options that allow personalized processing in our integration: personalized ads may be available and Firebase Analytics may be enabled
• If you decline in a way that blocks personalized processing in our integration: personalized ads are limited and Firebase Analytics is disabled
• Where no form is required (UMP “not required”): Firebase Analytics may be enabled without that in-app consent step, as described elsewhere in this policy

Changing Your Consent Preferences

• You can change your consent preferences at any time through the app settings
• Go to Profile > Privacy Settings > Reset Consent Preferences
• After resetting, the consent form will appear again the next time you launch the app
• You can also reset your consent by clearing app data in your device settings

When no UMP form is required

• If UMP indicates consent is not required for your device/region, you may not see the same consent screen
• Ads may still be shown according to Google/AdMob rules and your Android and Google account ad settings
• Firebase Analytics may be enabled in release builds without that form, as permitted by applicable law and our App configuration
• You can still limit ad personalization using Android/Google ad settings where available

Consent and Your Data

• Where a UMP consent form applies, your choices can affect advertising-related processing and (in our App) whether Firebase Analytics is enabled
• Firebase Analytics: In regions where UMP requires a consent flow, we gate analytics per the choices described above. In regions where UMP indicates consent is not required, analytics may run without that step. Crashlytics in release builds is separate and is described in its own section.
• Your app data (attendance records, student information, classes) is not affected by your advertising or analytics consent choice
• We do not share your personal information (name, email, student data) with advertisers regardless of your consent choice
• Your consent is specific to advertising and analytics, and does not affect other app functionality

Data Principal Rights (India)

As a Data Principal (user) under the DPDP Act 2023, you have the following rights:

• Right to Access: You have the right to access your personal data and know how it is being processed
• Right to Correction and Erasure: You can request correction of inaccurate or incomplete data, and request erasure of personal data when it is no longer necessary
• Right to Grievance Redressal: You can file a grievance with our Privacy Contact / Grievance Officer
• Right to Nominate: You can nominate another person to exercise your rights in case of your death or incapacity
• Right to Withdraw Consent: You can withdraw your consent for data processing at any time

Data Processing and Security

• We process personal data only for lawful purposes and in a fair and reasonable manner
• We ensure that personal data is accurate, complete, and not misleading
• We implement reasonable security safeguards to protect your personal data
• We retain personal data only for as long as necessary for the purposes for which it was collected
• We comply with all applicable provisions of the DPDP Act 2023 and IT Act 2000

Grievance Redressal (Privacy Contact / Grievance Officer)

If you have grievances or concerns about your personal data (including student data you manage in the App), contact:

• Designation: Privacy Contact and Grievance Officer, Upasthiti
• Email: teamupasthiti@gmail.com
• Response time: Within 30 days for users in India (DPDP Act 2023); otherwise typically within 30 days
• Subject line: “URGENT - Data Protection Grievance” for faster processing
• Physical address: Available on verified request — email us from your registered account if a postal address is required for formal correspondence

We are a solo-developer operation; no separate Data Protection Officer is appointed beyond this contact.

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India (DPBI) under the DPDP Act 2023, or with your local supervisory authority where applicable.

CCPA / CPRA Rights (California Residents)

Do Not Sell or Share My Personal Information: We do not sell your personal information for money. Google AdMob and its partners may use or disclose device identifiers, IP address, app usage, and ad interaction data for advertising, which may qualify as “sharing” for cross-context behavioral advertising under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). We do not sell or share your account profile or student records (names, attendance, class data, photos) with advertisers for their own marketing.

How to opt out or limit sharing (in the App):

• Profile > Privacy Settings > Change Consent Preferences — adjust ad/consent choices where Google UMP applies
• Profile > Privacy Settings > Reset Consent Preferences — show the consent flow again on next launch (where applicable)
• Optional: subscribe to Remove All Ads to stop ad loading in the App

How to opt out on your device: Android Settings > Google > Ads > Opt out of Ads Personalization; reset your Advertising ID in the same menu.

How to submit a request: Email teamupasthiti@gmail.com with subject line “CCPA Do Not Sell or Share Request” (include your registered email). We will not discriminate against you for exercising privacy rights.

California Privacy Rights: You may request access to, correction of, or deletion of personal information by emailing teamupasthiti@gmail.com or using Profile > Privacy Settings > Delete Account & Data.

Student Information

• While we store student information in the app, this information is provided by teachers and administrators, not directly by children
• Teachers and administrators are responsible for obtaining necessary consents before entering student information
• We comply with applicable laws regarding children's data protection (COPPA, GDPR-K, DPDP Act, etc.)
• Student data is protected with the same security measures as other user data

Parental Consent Requirement: If you are entering student information for children under 18, you represent and warrant that you have obtained necessary parental consent as required by applicable laws, including but not limited to:

• COPPA (Children's Online Privacy Protection Act): For children under 13 in the United States
• DPDP Act 2023: For children under 18 in India
• GDPR-K: For children under 16 (or age specified by member state) in the European Economic Area
• Other applicable laws: Based on your jurisdiction and the age of majority in your country

You are solely responsible for ensuring compliance with all applicable children's privacy laws before entering student information into the app.

Data Deletion

• When you delete your account or data through the app, we will delete your personal information from our active systems within 30 days
• Some data may be retained in backups for a limited time (up to 90 days) for disaster recovery purposes
• Aggregated, anonymized data may be retained for analytics purposes
• Data required for legal compliance may be retained as required by law