Privacy policy

Digiclove Technologies Pvt. Ltd. ("Digiclove", "we", "us", or "our") operates an integrated ERP platform spanning Education, HRMS & Payroll, Skora AI, and Teach Smart AI, delivered through web and mobile applications. This policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over it.

This policy applies to all products, applications, and websites we operate (collectively, "Services"), including www.digiclove.com. By using the Services you agree to the practices described here. If you do not agree, please do not use the Services.

1. Our role: controller vs processor

We handle two broad categories of personal data, and our role differs for each:

• Customer Data — personal data provided by our customers (schools, colleges, businesses) and their end users while using the Services. Our customers are the data controller; Digiclove is the data processor and acts only on their documented instructions.
• Other Data — personal data about visitors, prospects, and other individuals we collect directly (for example, when you fill in a contact form or subscribe to a newsletter). For Other Data, Digiclove is the data controller.

We do not store payment card information on our servers; all card processing is handled by PCI-DSS-compliant payment gateways.

2. Information we collect

Depending on which Services you use, we may collect the following categories of personal information. This list is illustrative, not exhaustive:

• First and last name
• Email address
• Phone number
• Company / institution name
• Designation, department, and functional role
• Profile photograph
• Business address
• IP address, device type, and browser metadata
• Pages visited and links clicked on our websites
• Information you submit through forms (Demo, Contact, Sales Partners)

We may also collect additional categories of personal data on behalf of our customers under separate written agreements. Queries about that data should be directed to the customer organisation, not to Digiclove.

3. Face data & user photos

For attendance verification using face recognition, Digiclove stores one profile photograph and up to four reference photographs per user. The face recognition match itself runs in-memory at the moment of verification and produces no additional stored images.

Customer organisations can delete a user's profile and reference photographs at any time through the web administration interface. Deletion timelines follow the customer organisation's own privacy policy.

4. Data from third-party sources

We may obtain business contact information from publicly available platforms such as company websites, professional networking sites, and press releases, including:

• First and last name
• Business email address and phone number
• Company name, job title, seniority, and functional role
• Business address
• Online identifiers and employment history

We may merge data you provide directly with information obtained from these sources to refine our marketing database, identify prospective customers, personalise marketing communications, and tailor advertising. You can opt out of marketing communications at any time using the unsubscribe link in our emails or by contacting us.

5. How we use your data

We use personal data to:

• Operate and deliver the Services you've requested
• Authenticate users and authorise access to features
• Respond to enquiries, support requests, and feedback
• Send transactional emails (account changes, service notices, security alerts)
• Send marketing communications about products you may be interested in (only with your consent, where required by law)
• Improve the Services by analysing usage patterns and aggregated metrics
• Detect, prevent, and investigate fraud, abuse, and security incidents
• Generate reports and analytics for our customers, in line with their instructions
• Comply with our legal and contractual obligations

6. Legal bases for processing

Where the General Data Protection Regulation ("GDPR") or the Digital Personal Data Protection Act, 2023 ("DPDP Act") applies, we rely on the following legal bases:

• Performance of a contract — to deliver the Services you've signed up for.
• Legitimate interest — to operate our business, improve the Services, and protect against fraud.
• Consent — for marketing communications and other optional processing where required.
• Legal obligation — to comply with tax, audit, and other regulatory requirements.

Transactional emails (service notices, security alerts, administrative communications) are part of the Services. You cannot opt out of these while continuing to use the Services.

7. How we share your data

We may share your data with:

• Affiliates and group companies — under the same privacy safeguards described in this policy.
• Service providers and processors — cloud hosting (AWS, Google Cloud, Azure, or private cloud), email delivery (ZeptoMail / SendGrid), SMS and WhatsApp providers, analytics (Google Analytics), payment gateways, and accounting / books vendors. All are bound by data-processing agreements that require they handle the data only on our documented instructions.
• Government, regulators, and law enforcement — when required by applicable law, court order, or other legal process, or to establish, exercise, or defend our legal rights.
• Acquirers — in the event of a merger, acquisition, financing, or sale of all or part of our business, your data may be transferred to the acquirer subject to the same protections.
• Anyone you've consented to receive your data.

We do not sell personal data.

8. Cross-border data transfers

Indian customer data is hosted within India. GCC customer data is hosted within the Middle East. Hosting runs on your choice of cloud provider — AWS, Google Cloud, Azure, or private cloud. For some purposes described in this policy, we may transfer personal data outside your country of residence to our service providers or affiliates.

Where we transfer personal data internationally, we apply appropriate safeguards — including, where required, the EU Standard Contractual Clauses or equivalent mechanisms recognised under your local law — to ensure your data continues to be protected to a standard at least equivalent to your country's.

9. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or for longer where required by law.

• Customer Data — retained for the lifetime of the customer's active account, plus any period required by the customer agreement or applicable law. On termination, we return or delete Customer Data as instructed by the customer.
• Other Data — retained for as long as needed to support our relationship with you and our marketing operations, after which it is deleted or anonymised.

10. Your rights

Subject to applicable law (GDPR, DPDP Act, and others), you have the following rights over your personal data. You can exercise these rights by emailing privacy@digiclove.com or through the self-service options inside the Digiclove application where available:

• Access — request a machine-readable copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your data, subject to our legal retention obligations.
• Restriction — ask us to limit how we process your data in specific circumstances.
• Objection — object to processing based on legitimate interests, including direct marketing.
• Portability — receive your data in a structured, commonly used format.
• Withdraw consent — withdraw any consent you've previously given, without affecting the lawfulness of earlier processing.
• Lodge a complaint — with your local data-protection authority.

If you have a Digiclove account managed by your employer or institution, please contact them first — they are the data controller and have direct access to most of these rights.

11. How we protect your data

We maintain technical, administrative, organisational, and physical safeguards designed to protect personal data against loss, theft, unauthorised access, disclosure, alteration, and destruction. These include:

• HTTPS / TLS for all data in transit
• Encryption at rest for sensitive fields
• Role-based access control with least-privilege defaults
• Multi-tenant isolation at the database level
• Continuous monitoring for threats and vulnerabilities
• Regular security reviews and access audits
• Physical access controls at our data-centre providers

Access to personal data is restricted to employees with a legitimate business need-to-know. No security measure is perfect; if you believe your account has been compromised, please contact us immediately.

12. Children's privacy

The Services are not intended for children under 13 years of age, and we do not knowingly collect personal data from children under 13. Where children's data appears in our Services (for example, student records in our Education ERP), it is provided to us by the customer institution as part of their own data-processing activities under their parental consent framework.

If you believe a child has provided personal information to us directly, please contact us and we will delete the data and close the account.

13. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. When we do, we'll update the "Last updated" date at the top and, for material changes, notify you by email or a prominent notice on the Services before the changes take effect.

Your continued use of the Services after changes take effect constitutes your acceptance of the updated policy.

14. Contact us

Questions, requests, or complaints about this policy or our handling of your personal data:

• Privacy enquiries: privacy@digiclove.com
• General support: support@digiclove.com
• Postal mail: Digiclove Technologies Pvt. Ltd., 2nd Floor, Vaishnavi's Cynosure, Telecom Nagar Extension, Gachibowli, Hyderabad, Telangana 500032, India