Privacy Policy

Establio is a SaaS platform ("the Platform", "we", "us", or "our") that provides professional websites and admin tools for schools, coaching centres, clinics, and other institutions. Institutions that subscribe to Establio are referred to as "Tenants". The students, parents, staff, and members who use the Tenant's website through our platform are referred to as "End Users".

This Privacy Policy explains how we collect, use, and protect information when you interact with the Establio platform, whether as a prospective institution, a subscribed Tenant, or an End User.

We collect different categories of information depending on your role:

• Institution contact information: When an institution signs up or submits an enquiry — name, contact person, phone number, email address, and city.

• Billing information: Subscription plan details and payment records. We do not store raw card numbers; payments are processed through secure third-party gateways.

• Platform usage data: Pages visited, features used, browser type, device type, and interaction patterns — collected to improve the platform.

• Tenant-uploaded content: Logos, images, notices, events, fee structures, staff profiles, and other content that Tenants upload and manage through the admin panel.

• End User data: Student names, class details, attendance, results, enquiry submissions, and login credentials — collected by Tenants through our platform on their behalf.

We do not collect sensitive financial data (credit/debit card numbers) directly through our platform.

Platform-level data is used for:

• Providing and maintaining the Establio service to subscribed Tenants.

• Processing subscription billing and managing accounts.

• Responding to sales enquiries and onboarding support.

• Improving platform features and user experience through aggregated usage analytics.

• Communicating service updates, maintenance notices, and product announcements.

Tenant-managed End User data is used solely to provide the specific features of the platform (e.g., displaying student records, sending notices, generating reports). We do not use End User data for advertising or any purpose outside the scope of service delivery.

Tenants own all data they upload or collect through the Establio platform. We act as a data processor on behalf of Tenants for End User data.

Tenants are responsible for ensuring they have appropriate consent and legal basis to collect and manage End User data through our platform.

Tenants must maintain their own privacy policies for their End Users and inform them that the institution's website is powered by Establio.

We do not sell, share, or transfer Tenant data or End User data to other organisations for commercial purposes.

We do not sell or rent your personal information to third parties.

We may share information with:

• Infrastructure and hosting providers who store and serve platform data under strict data processing agreements.

• Payment processing services for subscription billing.

• Analytics tools that help us understand platform performance — these operate under anonymisation and data minimisation principles.

• Law enforcement or regulatory authorities when legally required.

All third-party service providers are bound by confidentiality obligations and are permitted to use data only to provide their services to us.

All data is transmitted over HTTPS encryption. Tenant data is stored in isolated environments — each institution's data is logically separated and cannot be accessed by other Tenants.

We implement role-based access control (RBAC) so that only authorised users within an institution can access their data.

Regular automated backups are maintained. Access to production infrastructure is restricted to authorised personnel only.

No method of electronic transmission or storage is 100% secure. While we take industry-standard precautions, we cannot guarantee absolute security.

We use essential session cookies to maintain authentication state for the admin panel and student/staff portal.

Platform-level analytics may use anonymised usage signals to help us understand feature adoption. We do not use advertising cookies or third-party tracking pixels.

Tenants may configure Google Analytics on their websites, in which case Google's privacy policy applies to analytics data collected on the Tenant's website.

You can disable cookies through your browser settings; however, this may prevent login functionality from working.

We retain platform account data for as long as a Tenant's subscription is active, plus a grace period of 30 days after account termination.

Upon a Tenant's written request for data deletion, we will permanently delete their data and all associated End User data within 30 days, except where retention is required by applicable law.

Billing records may be retained for up to 7 years as required by financial regulations.

As a Tenant or prospective customer, you have the right to:

• Access the personal information we hold about you.

• Request correction of inaccurate data.

• Request deletion of your account and associated data.

• Withdraw consent for marketing communications at any time.

End Users wishing to exercise data rights should contact their institution (the Tenant), who manages those records through the platform.

To exercise your rights as a Tenant or to raise a privacy concern, contact us at legal@establio.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law.

We will notify active Tenants of material changes by email or in-platform notice at least 14 days before changes take effect.

Continued use of the platform after the effective date constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or how we handle data, please contact us:

✉️ legal@establio.com

🌐 establio.com