Privacy Policy

THSSS ERP — The Heritage Senior Secondary School, Kashipur
Effective date: 20 May 2026 · Last updated: 24 May 2026
App package: com.techvm.thsssksp

1. Overview

THSSS ERP is the official school-management application of The Heritage Senior Secondary School, Kashipur (the School). The app is used by school staff, students, and their parents/guardians to access information that the School already holds about its students and employees — fees, attendance, marks, communications, timetable, homework and similar academic and administrative records.

This privacy policy explains what personal information the app handles, how that information is used, who it is shared with, how long it is kept, and the choices you have. This policy applies to the THSSS ERP Android application (Google Play package com.techvm.thsssksp) and the linked web application served from erp.thsssksp.com.

2. About the app

THSSS ERP is a private, school-internal tool. It is not a public service. Access is limited to people who already have an account created by the School — typically:

You cannot self-register through the app or the website. Accounts are provisioned by the School. If you are reading this policy because the app showed it to you at sign-in, your account was created for you by the School administration.

3. Who controls the data

Data controller (decides what is processed and why)

The Heritage Senior Secondary School is the data controller. The School decides which information about students and employees is collected, who is given an account, and how long records are kept, in line with its existing admission, employment, and academic record-keeping practices.

Data processor (operates the technical platform)

VM Technologies is the technology provider that builds and operates the THSSS ERP platform on the School's behalf. VM Technologies only processes data on the School's instructions; it does not use the information for its own purposes, does not sell it, and does not share it with advertisers.

4. What we collect

The app handles the following categories of information:

Provided by the School (not by you)

CategoryExamples
Student profile Full name, admission number, class & section, gender, date of birth, contact phone, address, parent/guardian names and contact numbers, student photograph.
Employee profile Full name, designation, role, employee phone, email, address, date of birth, joining date, emergency contact, employee photograph.
Fee records Fee head, due dates, fines, discounts, payments collected, transport fees, payment mode, payer notes.
UPI payment submissions When you pay school fees via UPI, the app records: the amount you requested to pay, the screenshot of the UPI confirmation you uploaded, and the transaction remark (formatted as <class>-<first name>-<admission number>, capped at 50 characters). The remark also appears in the school's bank statement so the accountant can reconcile your payment to your child's account. We do not store your UPI PIN, bank account number, or card details — those never leave your UPI app.
Academic records Attendance, exam marks (with statuses Normal/Absent/Medical Leave/Withheld where applicable), letter grades resolved from the school's configured grade scheme, term-end co-scholastic grades (Discipline, Music, Physical Education and similar non-academic subjects), homework, notes, timetable, leave requests, transfer certificates.
Teacher remarks Free-text remarks recorded by teachers against a student's performance: per-subject remarks (e.g. “needs more reading practice”), per-exam class-teacher remarks (e.g. “missed half the paper due to illness”), and term-end holistic class-teacher remarks meant for the report card. Remarks are only visible to a student/parent in the portal after the relevant exam or term has been published by the school administration.
Audit information Record of which staff account performed which action (e.g. who collected a fee, who entered or edited an exam mark, who wrote a remark, who published a result, who changed the examination policy), with timestamp and IP address — used for internal accountability.

Collected from you when you use the app

CategoryExamples
Account & sign-in Username (typically your registered mobile number or admission number) and password. The password is stored as a one-way salted hash; we cannot read your password.
Messages and attachments Messages you send to staff or students through the in-app Communicate feature, and any files (PDF, image, document) you choose to attach.
Photographs and documents Any photograph or document you upload — for example, when an administrator adds a student photo, or a teacher submits a task deliverable.
Device and notification information Firebase Cloud Messaging (FCM) device token (required to send push notifications), Android version, platform, and a device identifier used only to keep your push token correctly bound. We do not collect your contacts, calendar, location, IMEI, advertising identifier, or browsing history.
Operational logs HTTP error logs (route, status, error message) captured to diagnose technical issues. These are kept for a short period and are not used for advertising or analytics.

What the app does NOT collect. No location data, no contacts, no calendar entries, no SMS/call logs, no microphone recordings for advertising or analytics, no advertising ID, no browsing history outside the app, no biometrics. We do not use third-party analytics, advertising, or attribution SDKs.

5. How we use it

We do not use your information for advertising, profiling for marketing, or any purpose unrelated to running the School's day-to-day operations.

6. App permissions explained

The Android app requests the following device permissions when needed:

PermissionWhy the app uses it
Internet & network state To connect to the School's secure server to read and update records.
Notifications (Android 13+) To deliver push notifications for fees, attendance, messages, homework, tasks, and exam-result publication. You can turn this off any time from the device's app settings.
Camera Only when you choose to capture a photograph — for example, a staff member taking a student's profile photo or attaching a picture to a message. Optional.
Photos & media (READ_MEDIA_IMAGES, etc.) Only when you choose a photo or video already saved on your phone to attach to a message, task, or profile. Optional.
Files / documents Only when you choose a document (PDF, DOC, XLSX, etc.) to attach to a message, task, or fee record. Optional.
Vibration For brief haptic feedback when you tap a button. No external use.

The app does not request access to your contacts, calendar, microphone for audio recording, precise location, body sensors, or call logs.

7. How we share

Information inside the app is shared only with the people who already have a legitimate need to see it within the School's normal operations:

We do not sell personal information, do not share it with advertisers, and do not transfer it to other schools or to unrelated third parties. Information is disclosed to government authorities, regulators, or courts only when required by applicable law (for example, in response to a valid legal order served on the School).

8. Third-party services

ServicePurposeData shared
Google Firebase Cloud Messaging (FCM) Deliver push notifications to your Android device. FCM device token, notification title, short body, deep-link target inside the app.
Google Play Services (on Android) Receive FCM messages on the device. As required by the platform; no profile or message content sent to Google by us beyond the notification itself.

We do not embed third-party advertising networks, analytics SDKs (Google Analytics, Firebase Analytics, Crashlytics, Mixpanel, etc.), attribution SDKs, social-login SDKs, or any other third-party tracker.

9. Data security

No system is perfectly secure. If we become aware of a breach that affects your information, we will notify the School promptly so the School can inform affected users and the relevant authorities as required by law.

10. Data retention

11. Children and minors

The THSSS ERP app is intended for use within an educational setting and will, by its nature, hold information about children (school students). Personal information about students is provided to the platform by the School in the course of its lawful educational activities, with the consent of the parents/guardians that the School obtains at the time of admission.

Student accounts are created and managed by the School. Where a student is a minor, the student's parent/guardian is treated as the responsible adult for the purposes of this policy. Parents/guardians who do not want their child's information in the app should contact the School directly to discuss alternatives.

The app is not designed for, marketed to, or intended for use by children outside the School's enrolment.

12. Your rights

Subject to applicable law (including the Digital Personal Data Protection Act, 2023 in India), you may have the following rights with respect to your personal information:

Because the School is the data controller, requests of this kind should be addressed to the School (see Contact us). Requests will be answered within a reasonable time, normally within 30 days.

13. How to request account / data deletion

To request deletion of your account or the personal information held about you, send a written request to the School at the contact details below, with:

The School will verify your identity, action the request, and confirm back. Some information may be retained for legitimate accounting, regulatory, or transfer-certificate purposes even after the rest is deleted — the School will tell you exactly what is being retained and why.

If you simply want to stop using the app, you can uninstall it from your device at any time. Uninstalling does not delete the records the School holds about you on the server.

14. Changes to this policy

We may update this privacy policy from time to time — for example, when we add new features or when a relevant law changes. The "Last updated" date at the top of this page shows when the most recent change was made. For material changes, the School will notify users in-app or by direct message. Continued use of the app after a change means you accept the updated policy.

15. Contact us

The School is the data controller for purposes of this policy. To exercise any of the rights described above, or to ask anything about how your information is handled, please contact:

The Heritage Senior Secondary School
Near Jindal South City, Aliganj Road,
Kashipur, U. S. Nagar, Uttarakhand – 244713, India
Phone: +91 84499 61000
Email: contact@thsssksp.com

For technical questions relating to the platform (VM Technologies is the data processor), the School can forward your enquiry on your behalf, or you may contact the developer directly:

VM Technologies (developer & maintainer)
Website: www.techvm.in
Email: support@techvm.in