Logo
RoadmintIMS

Privacy
Policy

This Privacy Policy explains how Roadmint IMS (“we”, “our”, “the platform”) collects, stores, uses, protects and manages the personal information of students, faculty, parents, staff members and institute administrators who use our portal.

Roadmint IMS is an advanced, cloud-based Institute Management System designed to help educational institutions handle student databases, staff management, attendance tracking, digital ID cards, fee management, admission processes, internal notices and many other essential operations. We are committed to maintaining complete transparency about how your data is handled and ensuring your privacy is fully protected.

By accessing or using the Roadmint IMS portal, you acknowledge that you have read, understood and agree to the practices described in this Privacy Policy. This policy applies to all types of users, including but not limited to:

  • Institute administrators
  • Faculty and staff members
  • Students
  • Parents/Guardians
  • Portal users and authorized operators

Roadmint IMS ensures enterprise-grade protection of all user information. We implement strict security standards, encrypted communication and secure storage environments to prevent any unauthorized access. Our system usesJWT (JSON Web Tokens) for secure authentication and role-based access, and all database operations are hosted in aprotected, isolated, security-hardened environment.

This Privacy Policy will continue to evolve as Roadmint IMS introduces new features such as admission management, digital receipts, financial reporting, staff management tools, onboarding systems and more modules across Starter, Professional and Enterprise tiers.

2. Information We Collect

Roadmint IMS collects specific categories of information required for delivering institute management services. The data we collect depends on how your institute uses the platform and which modules are enabled (Starter, Professional or Enterprise). We only collect information that is necessary for legitimate educational and operational purposes.

2.1 Personal Information

We collect personal details provided by students, parents, staff and administrators during registration, admission or while managing records. This may include:

  • Full Name
  • Date of Birth
  • Gender
  • Contact Number
  • Email Address
  • Home Address
  • Profile Photo
  • Parent/Guardian Details
  • Emergency Contacts

2.2 Student Academic Data

Roadmint IMS stores academic records essential for learning management and institutional operations:

  • Enrollment Details
  • Class, Section, Batch & Roll Number
  • Attendance Records
  • Assignment Submissions
  • Performance Reports & Grades
  • Examination Results
  • Digital ID Card Information

2.3 Staff & Faculty Information

Institutes using Staff Management modules may store:

  • Employment Records
  • Faculty Profiles & Departments
  • Qualifications & Certifications
  • Attendance & Leave Records
  • Internal Notices Received

2.4 Admission & Enrollment Data

For institutes using the Admission Management feature, we may collect:

  • Application Form Data
  • Uploaded Documents
  • Previous Academic Records
  • Entrance/Screening Results
  • Waitlist/Approval Status

2.5 Financial & Fee Information

Institutes using finance modules may store transaction-level data such as:

  • Fee Head Details
  • Fee Payment Tracking
  • Digital Receipts
  • Invoice Numbers
  • Pending/Overdue Payment Status
  • Scholarship/Discount Information
  • Financial Reports Generated by Admins

2.6 System & Automatically Collected Data

For security, analytics and performance monitoring, Roadmint IMS automatically collects:

  • IP Address
  • Login Timestamps
  • Browser & Device Information
  • Usage Logs (Actions Performed)
  • Error Logs for Debugging
  • Session Tokens (JWT)

2.7 Communication Data

When using internal notices, announcements, SMS or email features, the platform stores:

  • Messages Sent/Received
  • Announcements & Notices
  • Support Requests
  • Feedback or Contact Form Details

Roadmint IMS does not collect or store any unnecessary, unrelated or sensitive personal data that is not required for educational operations. All collected data is used strictly for institute functioning and feature-based workflows.

3. How We Use Your Information

Roadmint IMS processes user information strictly to enable educational, administrative, financial and operational workflows within an institute. We do not sell, rent or misuse your personal data for any commercial or non-educational purpose. All information is utilized only to provide secure, efficient and seamless services within the platform.

3.1 For Student & Academic Management

We use student-related information to support daily educational workflows including:

  • Maintaining student profiles and academic history
  • Generating attendance records and reports
  • Tracking class performance, marks and examination results
  • Issuing digital ID cards and documentation
  • Displaying student information to authorized staff members only
  • Enabling teachers to evaluate academic progress and provide support

3.2 For Staff & Faculty Operations

Staff and faculty data is used to facilitate operational needs such as:

  • Maintaining staff records and roles
  • Attendance and leave management
  • Department and workload tracking
  • Access to teaching, evaluation and notice systems
  • Communication regarding academic or operational responsibilities

3.3 For Admission & Enrollment Processes

When institutes use our admission management features, data is utilized to:

  • Review submitted applications
  • Validate supporting documents
  • Generate waitlists and approval cycles
  • Enable communication regarding admission status
  • Create student accounts upon enrollment

3.4 For Finance & Fee Management

Financial data is used solely to support institute accounting and record-keeping:

  • Recording fee payments and pending balances
  • Generating digital receipts for students or parents
  • Preparing financial summaries and downloadable reports
  • Tracking scholarship or discount adjustments
  • Verifying payment accuracy for administrative teams

3.5 For Authentication & Security (JWT)

Roadmint IMS uses JWT (JSON Web Tokens) for secure login sessions. JWTs help us:

  • Verify the identity of authenticated users
  • Prevent unauthorized access to sensitive data
  • Control access based on roles (Admin, Staff, Student, etc.)
  • Securely maintain login sessions without storing passwords
  • Protect all API requests through token-based authentication

3.6 For Communication & Notifications

Information is used to deliver secure communication between the institute and its community:

  • Sending internal notices and announcements
  • Delivering automated reminders for fees, attendance or exams
  • Providing updates through email, SMS or app notifications
  • Responding to support requests or inquiries

3.7 For Platform Improvement & Analytics

We analyze non-sensitive system usage data to improve platform performance:

  • Fixing bugs and technical issues
  • Improving user experience and UI/UX
  • Monitoring server stability and load
  • Detecting fraudulent or abnormal activity
  • Optimizing system operations based on usage patterns

3.8 For Legal & Compliance Requirements

When legally required, we may use information to:

  • Maintain audit logs for compliance
  • Cooperate with lawful investigations
  • Prevent abuse, fraud or violations
  • Protect the integrity of the platform and user community

Roadmint IMS never uses your data for marketing, selling or third-party advertising without explicit institutional permission. All usage is strictly tied to educational and administrative workflows.

4. How We Protect Your Information

Roadmint IMS is built with a security-first architecture. We use modern, enterprise-grade technologies to protect personal information stored and processed within the system. Our security practices are designed to safeguard students, faculty, parents and administrators from unauthorized access, misuse, loss or alteration of sensitive data.

4.1 Encrypted Data Storage & Transmission

Every piece of data stored in Roadmint IMS is handled with strong encryption protocols to ensure maximum confidentiality and integrity:

  • AES-256 encryption is used for securing data at rest within our database infrastructure.
  • HTTPS/TLS 1.3 is used for encrypting all communication between client devices and our servers.
  • Passwords are never stored in plain text and are protected using strong hashing and salting techniques.

4.2 JWT-Based Authentication System

Roadmint IMS uses JWT (JSON Web Tokens) to manage secure login sessions and protect API access. JWT helps us:

  • Verify user identity without storing sensitive data in cookies
  • Prevent unauthorized access to protected routes and resources
  • Provide secure role-based access control (Admin, Staff, Student, Parent)
  • Ensure session expiration and token invalidation when needed
  • Protect system endpoints from unauthorized or forged requests

4.3 Secure Server & Database Environment

All user data is stored in a secure, isolated and controlled server environment. Our infrastructure includes:

  • Firewalled databases with restricted inbound and outbound access
  • Dedicated security groups and network isolation layers
  • Limited and audited access to database servers to prevent unauthorized internal or external access
  • Continuous monitoring for unusual or suspicious activities

Only authorized system administrators have controlled access to core infrastructure and such access is logged and monitored.

4.4 Data Backups & Disaster Recovery

Roadmint IMS ensures data safety even in the case of unexpected system failures or disasters. We implement:

  • Automated daily backups stored in secure locations
  • Redundant storage systems to prevent data loss
  • Disaster recovery strategies to restore platform operations quickly
  • Periodic verification of backups for integrity

4.5 Role-Based Access Control

User data is never accessible to everyone. Access is strictly controlled based on predefined roles within the institute. This includes:

  • Admin access for institute-level management
  • Teacher access to student academic and attendance modules only
  • Student access to personal dashboard and resources
  • Parent access to their child’s information only
  • Restricted access based on module activation (Starter, Professional, Enterprise)

4.6 Protection Against Unauthorized Access

To prevent unauthorized use of Roadmint IMS, we enforce:

  • Automatic logout on session timeout
  • Brute-force protection for login attempts
  • IP pattern detection for abnormal access attempts
  • Encrypted API communication with strict request validation

4.7 Continuous Monitoring & Security Audits

Our team conducts regular internal audits and implements monitoring systems to maintain platform security:

  • Server log monitoring for unusual or harmful activity
  • Patch updates and security improvements
  • Error tracking to detect system vulnerabilities
  • Application-level auditing for data access and user actions

4.8 No External Sharing Without Consent

Roadmint IMS does not share, sell or transfer your data to any third-party entity without written approval from the institute. User data is used strictly within the scope of platform operations and educational needs.

Your trust is important to us and we continuously refine our security systems to maintain a safe and reliable digital environment for institutes.

5. Data Sharing & Third-Party Disclosure

Roadmint IMS values your privacy and strictly limits how data is shared. We do not sell, rent, trade or provide personal information to advertisers or unrelated third parties. Data is shared only when it is essential for platform functionality, legal compliance or security purposes.

5.1 Sharing Within the Institute

User information may be shared internally within the same institute based on authorized roles. This includes:

  • Administrators managing institute operations
  • Teachers accessing student academic & attendance records
  • Account/Finance staff managing fee & payment records
  • Parents viewing information related to their own child only

Access is restricted using role-based access control (RBAC), ensuring that no user sees information outside their permission scope.

5.2 Third-Party Service Providers

In limited cases, Roadmint IMS may share data with trusted, verified third-party service providers who help us deliver core platform services. These services may include:

  • Cloud hosting & secure data storage
  • Payment gateway integrations (for fee processing)
  • Email/SMS notification systems
  • Error tracking & system monitoring tools
  • Backup & disaster-recovery infrastructure

All third-party partners operate under strict non-disclosure agreements (NDAs) and are forbidden from using your data for any purpose other than providing their contracted service to Roadmint IMS.

5.3 Legal & Regulatory Compliance

We may disclose personal information if required by law or valid legal process. This includes:

  • Government requests
  • Regulatory audits
  • Court orders or subpoenas
  • Lawful investigations related to fraud or misuse

Any disclosure is handled carefully and only when legally necessary.

5.4 Security & Fraud Prevention

To protect the integrity of the Roadmint IMS platform, we may share limited information with specialized security partners when detecting or preventing:

  • Unauthorized access attempts
  • Account misuse or identity fraud
  • Server attacks or suspicious activity
  • Violation of platform terms or policies

The scope of such data sharing is minimal and strictly tied to protection needs.

5.5 Aggregated & Anonymized Data

We may generate anonymized, non-identifiable data for improving platform performance, analytics or product development. This data:

  • Contains no personal identifiers
  • Cannot be traced back to any individual user
  • Is used only for technical enhancements and system optimization

5.6 No Selling or Misuse of Data

Roadmint IMS does not sell, lease, trade or transfer your personal data for marketing or advertising. All information is handled exclusively for legitimate educational and operational purposes.

5.7 Your Institute Controls Data Sharing

We operate as a technology provider. Your institute retains full ownership and control of the data uploaded into Roadmint IMS. Any external data sharing requires explicit approval from the institute itself.

If your institute decides to discontinue services, data export or removal requests can be made by the authorized institute administrator only.

6. Data Retention & Deletion Policy

Roadmint IMS follows a structured and secure data retention policy to ensure that personal information is stored only for as long as it is required for educational, legal, operational or contractual purposes. We do not keep data permanently unless an institute requires long-term archival for academic records or statutory compliance.

6.1 Retention Based on Institute Subscription

The duration for which we store data depends on the plan chosen by the institute (Starter, Professional or Enterprise) and the modules being used:

  • Active Institutes: All operational, academic, fee and staff records remain available for the entire subscription period.
  • Expired or Inactive Institutes: Data is retained temporarily to allow subscription renewal, retrieval or transfer.

6.2 Student & Academic Record Retention

Institutes often require long-term academic record retention. Therefore:

  • Student academic history may be retained until the institute requests deletion.
  • Attendance, marks and exam records are stored as long as required by the institute.
  • Archived student data is securely preserved for institutes that need multi-year academic continuity.

6.3 Financial Data Retention

Financial and fee-related data is retained as per legal and institutional obligations:

  • Fee receipts are stored for audit and reporting requirements.
  • Financial reports and ledgers may be retained for statutory compliance.
  • Transaction histories are protected and preserved for verification.

6.4 System Logs, JWT Tokens & Security Data

To maintain platform security and detect misuse, certain logs are stored temporarily:

  • JWT session tokens are stored only for the duration of the active session.
  • Error logs and access logs may be retained for debugging and legal protection.
  • Security logs (login attempts, suspicious access patterns) are retained for monitoring and fraud prevention.

6.5 Automated Backups & Retention

Roadmint IMS performs routine backups to ensure data safety:

  • Daily encrypted backups stored in secure environments
  • Backups retained for disaster recovery purposes
  • Periodic removal of outdated backup snapshots
  • Backups protected by strict access and encryption policies

Backup copies cannot be manually edited or accessed by regular users, ensuring integrity and confidentiality.

6.6 Account Deactivation & Data Deletion

If an institute decides to terminate its use of Roadmint IMS, the authorized administrator may request:

  • Complete Account Deactivation
  • Full Data Export (in compatible formats)
  • Permanent Deletion of All Records from the system

Upon receiving a verified deletion request:

  • Data is removed from the live system within a defined time frame.
  • Associated backups containing the data are purged in the next backup cycle.
  • Deleted data cannot be recovered after the deletion window closes.

6.7 Data Ownership

All data uploaded onto Roadmint IMS is the exclusive property of the respective institute. We act only as a technology provider responsible for secure hosting, processing and management of the data.

6.8 Retention Limits for Non-Active Users

User accounts inactive for extended periods may be archived or deleted, depending on:

  • Institutional policy
  • Legal compliance
  • Data minimization practices

Before any deletion, institutes receive prior notice allowing them to export or preserve necessary data.

6.9 Right to Request Data Removal

Only authorized institute administrators may request partial or full deletion of staff, student or institutional records. Upon verification, we process such requests in compliance with privacy and legal standards.

Roadmint IMS does not allow unauthorized users to delete or modify sensitive institutional data.

7. Your Rights & Choices

Roadmint IMS respects the rights of all users-including students, parents, faculty, staff and administrators. We provide multiple tools and controls to help users access, review, correct and manage their personal information in accordance with educational, legal and operational standards. Many of these rights can be exercised directly through your institute, while others may be requested through our support channels.

7.1 Right to Access Your Information

Users have the right to access the personal and academic information stored about them on the platform. This includes:

  • Student profiles and academic records
  • Attendance history
  • Fee payment details
  • Digital ID card information
  • Staff employment and attendance data

Request for record access must be made through the authorized institute administrator to ensure accuracy and data protection.

7.2 Right to Correct or Update Information

If any information in your profile is outdated, inaccurate or incomplete, you have the right to request correction. Examples include:

  • Incorrect personal details (name, phone, address)
  • Wrong academic records due to data entry issues
  • Incorrect attendance entries
  • Errors in staff or employment data

Corrections are processed by authorized institute staff to ensure validation and accuracy.

7.3 Right to Request Deletion

Users may request deletion of their personal information under applicable conditions. However, deletion is subject to institutional guidelines and educational record-keeping requirements. Deletion may apply to:

  • Personal contact details
  • Documents voluntarily uploaded
  • Inactive user accounts

Deletion requests must come from the institute administrator to prevent unauthorized removal of academic or financial records.

7.4 Right to Restrict Data Processing

You may request that certain data not be used for specific operations, such as:

  • Restricting profile visibility within the institute
  • Blocking non-essential notifications
  • Limiting access to certain modules

Restrictions must align with institute policies and operational requirements.

7.5 Right to Data Portability (Export)

Authorized institute administrators may request a complete export of data associated with their institution. Data can be provided in standardized formats such as:

  • CSV or Excel (student lists, attendance, fees)
  • PDF or digital copies (receipts, reports, ID cards)
  • Structured data files for migration to other systems

For security, only verified institute owners/administrators can request full data export.

7.6 Right to Withdraw Consent

Users may withdraw consent from optional features such as:

  • Marketing notifications (if any)
  • Optional communication systems
  • Any feature requiring explicit permission

Withdrawal of consent does not affect the legality of processing done before the request.

7.7 Right to Object to Certain Uses

Users may object to the use of their data for non-essential purposes, such as optional analytics or non-critical communication.

7.8 Rights of Parents & Guardians

Parents have the right to:

  • Access their child’s academic and attendance information
  • Receive fee updates and digital receipts
  • Request correction of their child's data
  • Raise concerns regarding privacy or misuse

7.9 Rights of Students

Students may request:

  • Access to their own academic records
  • Correction of inaccurate personal information
  • Clarification regarding how their data is being used

7.10 Rights of Institute Administrators

Institute admins have full control over:

  • User access permissions and visibility
  • Student, parent and staff data
  • Internal notices and communication
  • Data exports, retention and deletion requests

7.11 How to Exercise These Rights

To exercise any of the rights above, users should submit a request to the authorized institute administrator. Roadmint IMS processes the request only after verification to prevent misuse or unauthorized access.

In cases where platform intervention is required, institutes may contact our support team through the designated support channel.

8. Cookies, Tracking Technologies & Session Data

Roadmint IMS uses minimal and privacy-friendly tracking technologies to maintain secure sessions, improve platform performance and enhance user experience. We do not use advertising cookies, behavior-based marketing trackers or any third-party profiling tools. All technologies used are strictly for authentication, security, analytics and system reliability.

8.1 Cookies Used on Roadmint IMS

Cookies are small text files stored on your browser to ensure smooth operation of the platform. Roadmint IMS primarily uses:

  • Session Cookies — Temporary cookies used to maintain secure login sessions. These are deleted automatically when you log out or close your browser.
  • Authentication Cookies — Used to verify your identity during navigation and prevent unauthorized access.
  • Preference Cookies — Store UI settings (dark mode, language, layout), improving personalization.
  • Security Cookies — Help detect suspicious behavior, protect against attacks and ensure safe operations.

We do not use cookies for behavioral advertising, cross-site tracking, or selling personal information.

8.2 JWT-Based Session Management

Roadmint IMS uses JWT (JSON Web Tokens) for secure API communication and user authentication instead of storing sensitive data in cookies. JWTs are:

  • Encrypted during transmission
  • Digitally signed to prevent tampering
  • Stored securely in browser memory
  • Automatically invalidated after session expiration

JWT tokens ensure that only authorized users can access protected features like student records, fee data, staff registers and academic resources.

8.3 Device Information & Log Data

For technical diagnostics and security, Roadmint IMS automatically collects non-sensitive technical data such as:

  • Browser type & version
  • Operating system & device type
  • IP address (for security checks)
  • Time of access and login timestamps
  • API request logs
  • Errors encountered during usage

This data is used exclusively for debugging, fraud prevention and improving user experience. It contains no personally sensitive information.

8.4 Local Storage & Cache

Some settings may be saved temporarily in your browser to enhance speed and improve responsiveness, such as:

  • Theme preferences (light/dark)
  • Interface layout choices
  • User UI preferences

Local storage data is stored on your device and can be cleared anytime by clearing browser cache.

8.5 Usage Analytics

Roadmint IMS may use basic analytics to understand how the platform is being used. These analytics:

  • Do not track your browsing across other websites
  • Do not identify individuals personally
  • Are collected only to improve performance and features

Analytics are optional and may be disabled by institutes if required.

8.6 Choosing to Disable Cookies

You may disable cookies from your browser settings; however, doing so may impact platform functionality, including:

  • Session login stability
  • Dashboard performance
  • Access to secured modules
  • User preference saving

Roadmint IMS requires essential cookies to function securely. Non-essential cookies are used only with permission.

9. Data Transfers, International Hosting & Cloud Infrastructure

Roadmint IMS is hosted on secure, enterprise-grade cloud infrastructure. Our systems are designed to ensure reliability, high availability and maximum data protection. We follow strict data governance policies to safeguard user information across all environments, regardless of where servers are geographically located.

9.1 Cloud Hosting Environment

Roadmint IMS operates on a modern cloud ecosystem that ensures:

  • Secure and encrypted data storage
  • Auto-scaling resources for high performance
  • Redundant systems to prevent downtime or data loss
  • 24/7 monitoring for server health and performance

Cloud servers are located in regions optimized for performance, reliability and compliance with applicable data protection laws.

9.2 International Data Transfers

Depending on the cloud provider and the institute's geographical region, some data may be processed or stored in data centers located outside the user’s home country. When such transfers occur, Roadmint IMS ensures:

  • Data is transferred securely using encrypted channels
  • Hosting providers meet international security standards
  • Transfers comply with applicable cross-border data protection regulations (for example: GDPR-compliant regions when necessary)
  • Only the minimum required data is transmitted for operational purposes

Institutes may request details of hosting regions and cloud providers used for their accounts.

9.3 Cloud Providers & Data Processing Agreements

Roadmint IMS may use trusted third-party cloud platforms for hosting and backup storage. These providers operate under strict Data Processing Agreements (DPAs) that require:

  • No unauthorized access to customer data
  • No selling or misuse of personal information
  • Compliance with global security and privacy frameworks
  • Strong internal controls and audited infrastructures

These partners only process information as per the instructions and requirements of Roadmint IMS.

9.4 Backup Regions & Data Replication

To ensure availability and resilience, encrypted backups may be stored in multiple secure geographical regions. However:

  • Backups contain only what is necessary for recovery
  • All backups remain encrypted end-to-end
  • Backup access is restricted using strict access controls
  • Backup deletion occurs following data retention policies

Multi-region backups ensure that user data is protected against hardware failures, regional outages or natural disasters.

9.5 Compliance with Local & International Laws

Roadmint IMS complies with applicable data protection laws based on the region where the institute operates. This may include:

  • Local educational data privacy regulations
  • Indian IT security regulations (if applicable)
  • Global cloud data handling standards
  • International cross-border transfer principles

We review compliance requirements periodically to ensure that our hosting, transfer processes and security controls remain up to date and aligned with evolving global standards.

9.6 Transparency in Data Handling

Upon request, institutes may receive:

  • Information about where data is hosted
  • Cloud region details
  • Security certifications of the hosting provider
  • Data transfer and processing documentation

Roadmint IMS believes in complete transparency regarding how, where, and why user data is stored or processed.

10. Children’s Privacy, Policy Updates & Contact Information

10.1 Children’s Privacy & Student Protection

Roadmint IMS is designed for educational institutions and therefore collects information about minors (students under 18) strictly for academic and administrative purposes. We take children’s privacy very seriously and implement strict measures to protect their information.

All student-related data is:

  • Accessible only to authorized school/institute staff
  • Protected under industry-standard security measures
  • Not shared with external parties without institutional permission
  • Used only for academic, administrative or communication needs

Parents and legal guardians have the right to access, review and request corrections to their child’s personal or academic information through their institute’s administration.

10.2 Changes to This Privacy Policy

Roadmint IMS may update this Privacy Policy from time to time to reflect:

  • New features or modules added to the platform
  • Changes in legal, regulatory or compliance requirements
  • Enhancements in security or data protection practices
  • Infrastructure or hosting environment updates

Whenever substantial changes are made, institutes will be notified through official communication channels or in-app notifications. Continued use of Roadmint IMS after any update constitutes acceptance of the revised policy.

10.3 Contact Information

For questions, inquiries, data-related requests or concerns regarding this Privacy Policy, institutes may contact us directly. Only authorized institute personnel should submit sensitive requests such as data export or deletion.

Contact Email: support@roadmint.in
Website: https://www.roadmint.in
Platform: Roadmint IMS (Institute Management System)

Roadmint IMS is committed to ensuring the privacy, security and proper handling of all data belonging to educational institutions, students, staff, and parents. Your trust is important to us and we continue to improve our systems to maintain a safe and reliable digital environment.