Privacy Policy
Last Updated and Effective: 05.September.2025
Your Privacy Matters
At Glens, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sports academy management platform.
1. Introduction
GLENSCRAFT TECHNOLOGIES LLP ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our academy management platform and related services.
2. Information We Collect
2.1 Personal Information
- Name, email address, phone number, and contact information
- User credentials, authentication tokens, and session data
- Profile information, preferences, and role-based permissions
- Biometric data (facial recognition for attendance tracking)
- QR code identifiers and device association data
- Payment information and transaction details
2.2 Academy-Related Information
- Student records, academic performance, and attendance data
- Staff and trainer profiles, qualifications, and certifications
- Class schedules, enrollment information, and course materials
- Academy and branch management data, financial records
- Guardian and emergency contact information
2.3 Technical Information
- Device information, IP addresses, and geolocation data
- Usage analytics, system logs, and performance metrics
- Browser type, operating system, and device identifiers
- Network information and connection details
- Error logs and crash reports
2.4 AI and Machine Learning Data
- Facial recognition training data and accuracy metrics
- Attendance pattern analysis and predictive models
- User behavior analytics and system optimization data
- Performance improvement algorithms and feedback loops
3. Data Processing and Legal Basis
3.1 Legal Basis for Processing
- Contractual Necessity: Processing required to provide our services
- Legitimate Interests: System improvement, security, and fraud prevention
- Consent: For optional features and marketing communications
- Legal Obligations: Compliance with educational and tax regulations
- Vital Interests: Emergency situations and safety concerns
3.2 Data Processing Purposes
- Account management and authentication
- Attendance tracking and academic record keeping
- Payment processing and financial transactions
- Communication and notification delivery
- System security and fraud prevention
- Service improvement and feature development
- Compliance with legal and regulatory requirements
4. How We Use Your Information
4.1 Primary Uses
- Provide and maintain our academy management services
- Process attendance tracking using AI and QR code technology
- Manage user accounts, roles, and access permissions
- Send important notifications and system updates
- Generate reports and analytics for educational institutions
4.2 AI and Automation
- Facial recognition for automated attendance marking
- Pattern analysis for attendance prediction and optimization
- Automated report generation and data insights
- Intelligent scheduling and resource optimization
4.3 Service Improvement
- Analyze usage patterns to improve our platform
- Develop new features and functionality
- Provide customer support and troubleshooting
- Ensure system security and prevent fraud
- Conduct research and development activities
5. Information Sharing and Disclosure
We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except in the following circumstances:
- Service Providers: We may share data with trusted third-party service providers who assist in operating our platform (cloud hosting, payment processing, analytics)
- Legal Requirements: We may disclose information when required by law, court order, or government request
- Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred
- Consent: We may share information with your explicit consent for specific purposes
- Educational Partners: Data may be shared with educational institutions as required for academic purposes
- Emergency Situations: Information may be disclosed to protect health, safety, or vital interests
6. Data Security and Protection
We implement comprehensive technical and organizational measures to protect your information:
6.1 Technical Security Measures
- AES-256 encryption for data in transit and at rest
- Multi-factor authentication and secure session management
- Regular security assessments, penetration testing, and vulnerability scans
- Secure API endpoints with rate limiting and access controls
- Automated backup systems with disaster recovery procedures
6.2 Organizational Security Measures
- Employee background checks and security training
- Role-based access controls and principle of least privilege
- Regular security audits and compliance monitoring
- Incident response procedures and breach notification protocols
- Data protection impact assessments (DPIAs)
7. Data Retention and Deletion
7.1 Retention Periods
- Account Data: Retained for the duration of account activity plus 7 years
- Student Records: Retained according to educational record requirements (typically 7-25 years)
- Financial Data: Retained for 7 years for tax and audit purposes
- System Logs: Retained for 2 years for security and troubleshooting
- Analytics Data: Retained for 3 years for service improvement
7.2 Data Deletion
- Right to erasure ("right to be forgotten") upon request
- Automated deletion of inactive accounts after 2 years
- Secure data destruction procedures for physical and digital media
- Notification to third parties when data is deleted
8. Your Rights and Choices
8.1 GDPR Rights (EU Users)
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restriction: Limit how we process your data
- Right to Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
8.2 CCPA Rights (California Users)
- Right to know what personal information is collected
- Right to know whether personal information is sold or disclosed
- Right to say no to the sale of personal information
- Right to access personal information
- Right to equal service and price
8.3 Account Settings and Controls
- Manage privacy preferences and notification settings
- Update profile information and contact details
- Control PIN settings and security features
- Manage device associations and QR code access
- Export your data in standard formats
9. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience and provide essential functionality:
9.1 Types of Cookies
- Essential Cookies: Required for basic platform functionality and security
- Authentication Cookies: Maintain your login session and security state
- Analytics Cookies: Help us understand usage patterns and improve services
- Preference Cookies: Remember your settings, theme, and language preferences
- Performance Cookies: Monitor system performance and error rates
9.2 Third-Party Tracking
- Google Analytics for website usage analysis
- Error tracking services for system monitoring
- Payment processors for transaction security
- Cloud service providers for infrastructure monitoring
10. Children's Privacy and COPPA Compliance
Our platform is designed for educational institutions and may process information about students under 18. We comply with applicable laws regarding children's privacy:
- COPPA Compliance: We comply with the Children's Online Privacy Protection Act
- Parental Consent: Student data collection requires parental consent for children under 13
- Educational Purpose: Data is collected and used solely for educational purposes
- Limited Collection: We collect only the minimum data necessary for educational services
- Parental Rights: Parents can review, delete, and refuse further collection of their child's data
- School Authorization: For students 13-17, data may be collected under school authorization
11. International Data Transfers
Your information may be transferred to and processed in countries other than your own:
- Data Transfer Safeguards: We ensure appropriate safeguards for international transfers
- Adequacy Decisions: Transfers to countries with adequate data protection laws
- Standard Contractual Clauses: EU-US transfers use approved SCCs
- Certification Programs: Participation in Privacy Shield or equivalent programs
- Local Compliance: Compliance with local data protection laws in all jurisdictions
12. Data Breach Procedures
In the event of a data breach, we have established procedures to protect your information:
- Immediate Response: 24/7 incident response team activation
- Assessment: Rapid assessment of breach scope and impact
- Containment: Immediate steps to contain and mitigate the breach
- Notification: Timely notification to affected users and authorities (within 72 hours for GDPR)
- Investigation: Thorough investigation to determine cause and prevent recurrence
- Remediation: Implementation of additional security measures
13. Third-Party Integrations and APIs
Our platform may integrate with third-party services and APIs:
- Payment Processors: Secure payment processing for subscriptions and services
- Cloud Services: AWS, Google Cloud, or Azure for infrastructure and storage
- Communication Services: Email and SMS providers for notifications
- Analytics Services: Usage analytics and performance monitoring
- Educational Tools: Integration with learning management systems
- Security Services: Authentication, fraud detection, and security monitoring
14. Payment Processing and Financial Data
We facilitate payment processing for academy services through secure payment gateways:
14.1 Payment Collection
- On Behalf of Academies: We collect payments on behalf of educational institutions for their services
- Direct Customer Payments: We collect payments directly from customers for services they opt for
- Payment Methods: We support various payment methods including cards, UPI, net banking, and digital wallets
- Transaction Security: All payment transactions are encrypted and processed through secure payment gateways
14.2 Payment Gateways
- Thirdparty Payment Gateways: We use Cashfree / Razarpay for secure payment processing
- Data Sharing: Payment information is shared with these gateways to process transactions
- Gateway Privacy: Payment gateways have their own privacy policies and terms of service
14.3 Financial Data Handling
- PCI DSS Compliance: We maintain PCI DSS compliance for payment card data security
- Limited Storage: We do not store complete payment card details on our servers
- Transaction Records: We maintain transaction records for accounting and compliance purposes
- Refund Processing: Refunds are processed through the same payment gateways
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements:
- Notification: We will notify you of material changes via email and in-app notifications
- Review Period: Significant changes will be communicated 30 days in advance
- Consent: Changes requiring new consent will require explicit opt-in
- Version History: Previous versions will be archived and accessible
- Continued Use: Continued use after changes constitutes acceptance
16. Contact Us and Data Protection Officer
For privacy-related inquiries, data requests, or to exercise your rights:
GLENSCRAFT TECHNOLOGIES LLP
Email: info@glens.app
Address: Skylite Vesta, 264, Sarjapur Bagalur Road, Bangalore, India - 562125
Data Protection Officer: info@glens.app
Privacy Complaints: info@glens.app
Response Time: We aim to respond to all privacy requests within 30 days. For urgent matters or data breach reports, please contact us immediately.
17. Intermediary Platform and User Responsibilities
Our platform serves as an intermediary connecting educational institutions, students, and service providers:
17.1 Platform Role
- Intermediary Status: We act as a platform facilitating connections between academies, students, and service providers
- No Direct Control: We do not have direct control over academy operations, course content, or service delivery
- User Interactions: All communications and transactions between users are outcomes of their direct interactions
- No Endorsement: We do not endorse any specific academies, courses, or service providers listed on our platform
17.2 User Responsibilities
- Verification: Users are responsible for verifying the credibility and authenticity of academies and service providers
- Due Diligence: Conduct appropriate due diligence before enrolling in courses or making payments
- Information Accuracy: Ensure all information provided during registration and usage is accurate and up-to-date
- Compliance: Adhere to all applicable laws and regulations while using our platform
17.3 Limitation of Liability
- Service Quality: We are not liable for the quality of services provided by academies or third-party service providers
- Disputes: Disputes between users and academies should be resolved directly between the parties involved
- Technical Issues: We are not liable for any technical issues, errors, or interruptions in service delivery
- Content Accuracy: While we strive for accuracy, we cannot guarantee the completeness or accuracy of all information
18. Disclaimers and Warranties
Our services are provided on an "as is" basis with the following disclaimers:
- No Warranty: We make no warranties, express or implied, regarding the accuracy, reliability, or completeness of information
- Service Availability: We do not guarantee uninterrupted, timely, secure, or error-free access to our services
- Third-Party Services: We are not responsible for the quality, safety, or legality of third-party services or products
- Technical Issues: We are not liable for any damage to computer systems or loss of data resulting from platform usage
- User Content: We disclaim liability for any user-generated content, including its accuracy, legality, or appropriateness
19. Indemnification and Legal Protection
By using our platform, you agree to the following indemnification terms:
- User Indemnification: You agree to indemnify and hold us harmless from any claims arising from your use of our services
- Third-Party Claims: You will defend us against any third-party claims related to your platform usage
- Legal Costs: You agree to cover any legal fees and costs incurred due to your actions or violations
- Intellectual Property: You will not violate any intellectual property rights while using our platform
- Regulatory Compliance: You agree to comply with all applicable laws and regulations
20. Termination and Account Management
20.1 Account Termination
- Our Rights: We may terminate or suspend your account at any time without prior notice
- Violation: Termination may occur due to violation of terms, illegal activities, or fraudulent behavior
- No Liability: We are not liable for any damages resulting from account termination
- Data Retention: Some data may be retained for legal and compliance purposes after termination
20.2 User Termination Rights
- Voluntary Termination: You may terminate your account at any time by contacting us
- Data Export: You may request export of your data before account termination
- Outstanding Obligations: Termination does not relieve you of any outstanding financial obligations
- Service Discontinuation: Upon termination, you must immediately discontinue use of our services
21. Governing Law and Dispute Resolution
21.1 Applicable Law
- Indian Law: These terms are governed by the laws of India
- Jurisdiction: Courts in Bangalore, Karnataka have exclusive jurisdiction over disputes
- International Users: International users are responsible for compliance with local laws
- Severability: If any provision is found invalid, the remaining provisions remain in full force
21.2 Dispute Resolution
- Direct Resolution: We encourage direct communication to resolve issues before legal action
- Mediation: Disputes may be resolved through mediation if mutually agreed
- Legal Action: Legal proceedings must be initiated in Bangalore courts
- Time Limitation: Claims must be brought within the applicable limitation period
22. Legal Framework and Compliance
22.1 Applicable Laws
- Information Technology Act, 2000 and related rules
- Personal Data Protection Bill (PDPB) - India
- General Data Protection Regulation (GDPR) - European Union
- California Consumer Privacy Act (CCPA) - California, USA
- Children's Online Privacy Protection Act (COPPA) - United States
- Local data protection laws in all jurisdictions we operate
22.2 Certifications and Standards
- ISO 27001 Information Security Management
- ISO 27701 Privacy Information Management
- SOC 2 Type II Compliance
- PCI DSS Compliance for payment processing
- Regular third-party security audits