Privacy Policy

1. Introduction

This Privacy Policy is provided by SG eSchool, a product of Star Group, located at Sultan Muzaffar Road, Erbil, Iraq ("we," "our," or "us"). We are committed to protecting the privacy and security of our users' personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our school management platform, website, mobile applications, third-party integrations (including our Zoom Marketplace app), and related services (collectively, the "Service").

By using SG eSchool, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not access or use our Service.

2. Information We Collect

2.1 Personal Information

We may collect personally identifiable information that you voluntarily provide, including but not limited to:

• Student names, dates of birth, and academic records
• Parent/guardian names, contact information, and emergency contacts
• Teacher and staff profiles, qualifications, and employment records
• Email addresses and phone numbers
• Financial information related to fee payments
• Attendance records and behavioral data

2.2 Usage Data

We automatically collect certain information when you access our Service, including device information, browser type, IP address, pages visited, and time spent on the platform. This data helps us improve performance and user experience.

2.3 Data from Third-Party Integrations

When you connect SG eSchool with third-party services such as Zoom, we may interact with those services to provide specific functionality. For Zoom specifically:

• We use the Zoom API solely to create meetings on behalf of authorized users.
• The only data we store from Zoom is the meeting join link, which is saved on our servers so that students, teachers, and parents can access the meeting.
• We do not store Zoom user profiles, authentication tokens, participant lists, chat messages, recordings, or any other Zoom account data.

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, maintain, and improve the SG eSchool platform
• To manage student enrollment, academic records, and attendance
• To facilitate communication between schools, teachers, and parents
• To process fee payments and generate financial reports
• To send notifications, alerts, and important updates
• To generate analytics and reports for school administrators
• To ensure security and prevent unauthorized access
• To comply with legal obligations and regulatory requirements
• To integrate with third-party services (e.g., Zoom) for virtual classroom and meeting features

4. Data Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

• With your school: Data entered into SG eSchool is accessible to authorized personnel within your institution based on their role and permissions.
• Third-party integrations: When you connect SG eSchool with third-party platforms (e.g., Zoom), data may be exchanged between services as necessary to provide the integrated functionality. Such integrations operate under the respective third-party's privacy policy in addition to this policy.
• Legal requirements: We may disclose information if required by law, regulation, or legal process.

5. Third-Party Integrations

5.1 Zoom Integration

SG eSchool integrates with Zoom Video Communications, Inc. to allow authorized users to create Zoom meetings directly from the platform. When you authorize the Zoom integration:

• Data accessed: We use the Zoom API only to create meetings. We do not read or access your Zoom profile, contacts, recordings, chat messages, or participant data.
• Data storage: The only Zoom-related data we store is the meeting join link, which is saved on our servers so that students, teachers, and parents can view and join the meeting. We do not store Zoom authentication tokens, user IDs, or any other Zoom account information.
• Data use: The stored meeting link is used exclusively for displaying the meeting within the SG eSchool dashboard so participants can join. We do not use any Zoom data for advertising, marketing to third parties, or any purpose unrelated to the Service.
• Revoking access: You may disconnect the Zoom integration at any time through your SG eSchool account settings or by removing the app from your Zoom account. Upon disconnection, we will stop creating new meetings via Zoom. Previously saved meeting links may remain in your school’s records for reference.

Zoom's own privacy practices are governed by Zoom's Privacy Statement. We encourage you to review it.

5.2 Other Integrations

SG eSchool may integrate with additional third-party services in the future. Each integration will only access the data necessary to provide its intended functionality, and this policy will be updated accordingly.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• TLS 1.3 encryption for data in transit
• Role-based access control (RBAC)
• Regular security audits and penetration testing
• Multi-factor authentication (MFA) support
• Automated backups with geographic redundancy
• Secure API communication for third-party integrations (no tokens stored)

While we strive to use commercially acceptable means to protect your personal information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. When data is no longer needed, it is securely deleted or anonymized.

For data obtained through third-party integrations (e.g., Zoom), we retain only the meeting join links necessary for academic records. We do not store authentication tokens or any other integration account data. Upon disconnection, no new data is collected from the integration.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal obligations.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to certain types of data processing.
• Withdraw consent: Withdraw your consent for data processing or third-party integrations at any time.

To exercise any of these rights, please contact us at info@grupystar.com. We will respond to your request within 30 days.

9. Children's Privacy

SG eSchool processes student data on behalf of educational institutions. Schools are responsible for obtaining necessary parental consent before entering student information into the system. We do not knowingly collect personal information from children under 13 without proper institutional authorization and parental consent.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data during such transfers, in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and where appropriate, sending a notification through the Service. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Group: Star Group (SG eSchool)
• Email: info@grupystar.com
• General Inquiries: info@grupystar.com
• Phone: +964 783 219 4529
• Address: Sultan Muzaffar Road, Erbil, Iraq