PRIVACY POLICY

• Athena Platform means the Athena School Management System including associated websites, portals, APIs, communication modules, mobile applications, and white-label implementations.
• Institution means the school, educational institution, organization, or tenant using Athena.
• User means any authorized administrator, staff member, student, parent, guardian, or other approved user.
• Personal Data means information relating to an identified or identifiable person as defined under applicable laws.
• Data Controller and Data Processor carry the meanings assigned under applicable data protection legislation.

In most implementations:

The educational institution determines:

• Information collected
• Modules enabled
• User permissions and access
• Records maintained
• Retention requirements

Accordingly, the institution generally acts as the Data Controller.

LankaCom generally acts as the Data Processor, processing information solely to provide and support the Athena Platform.

LankaCom may independently process limited operational information relating to:

• Platform administration
• Service support
• Billing and invoicing
• Audit and security monitoring
• Compliance obligations
• Tenant administration

This Privacy Policy applies to:

• Athena School Management System
• Administrator portals
• Student / Parent / Staff portals
• Mobile applications
• White-label applications
• Communication services
• Support services
• Associated websites and domains

Example implementations may include school-branded applications and portals such as:

This schedule may be updated as new institutions are onboarded.

Information processed depends on modules enabled by each institution.

Student Information

• Admissions and enrolment records
• Student profiles
• Academic records
• Attendance records
• Timetables
• Examination records
• Discipline records
• Extracurricular activities
• Transport / hostel information
• Health notes entered by authorized users

Parent / Guardian Information

• Names
• Contact details
• Addresses
• Relationship information
• Emergency contacts
• Billing information

Staff Information

• Employee records
• Attendance and leave information
• Timetables
• Administrative records

Account Information

• Usernames
• Email addresses
• Mobile numbers
• Encrypted credentials
• Permissions and roles
• Login activity logs

Communication Data

• Notices
• Messages
• Notifications
• Uploaded files
• Images and documents

Billing Information

Where billing modules are enabled:

• Invoices
• Payment references
• Receipts
• Outstanding balances

Technical Information

• IP addresses
• Browser details
• Device information
• Operating system information
• Session records
• Application version information
• Crash reports
• Push notification identifiers

Information is processed only for purposes connected with operating and supporting the service including:

• School administration
• Student management
• Admissions
• Examination administration
• Attendance management
• Timetable management
• Communication services
• Billing administration
• Authentication and access control
• Audit logging
• Technical support
• Security monitoring
• Backup and disaster recovery
• Service improvements
• Fraud prevention
• Legal and regulatory compliance

LankaCom does not use school data for unrelated advertising or third-party marketing.

Processing may occur based on:

• Contractual obligations
• Legal obligations
• Legitimate operational interests
• Security and fraud prevention requirements
• Protection of vital interests
• Consent where applicable
• Other lawful bases permitted by applicable law

Institutions remain responsible for determining lawful grounds applicable to their implementation.

Athena applications may request permissions including:

• Camera access
• File / photo access
• Push notifications
• Local storage
• Biometric authentication

Permissions are used solely for authorized platform functions including:

• Secure authentication
• Uploading documents
• Receiving notices
• Accessing authorized records

Users may manage permissions via device settings.

Athena is designed for educational institutions and therefore processes information relating to minors.

Student information is processed solely for educational and administrative purposes determined by the institution.

LankaCom does not knowingly collect children's information for unrelated commercial purposes.

Parents or guardians seeking access, corrections, or actions relating to student records should contact the relevant institution.

Personal information is not sold.

Information may be shared only:

• With authorized institutional users
• Approved service providers and subprocessors
• Hosting and infrastructure providers
• Communication providers
• Technical support providers
• Security service providers
• Where legally required
• During lawful investigations
• During mergers, restructuring, or service transitions

All providers are expected to maintain confidentiality and security obligations.

Athena may use:

• Cloud infrastructure providers
• SMS gateways
• Email services
• Analytics platforms
• Notification services
• Backup systems
• Security monitoring tools

These services may operate inside or outside Sri Lanka.

Where international processing occurs, LankaCom takes reasonable contractual and organizational safeguards.

Security controls may include:

• Role-based access controls
• Tenant segregation
• Authentication controls
• Encrypted communications
• Audit logging
• Restricted administrative access
• Monitoring and vulnerability management
• Backup procedures
• Disaster recovery controls

Athena operates as a multi-tenant SaaS platform, and reasonable segregation controls are implemented between tenants.

No online platform can guarantee absolute security.

LankaCom maintains incident response procedures intended to:

• Detect incidents
• Investigate events
• Contain threats
• Mitigate impacts

Where legally required or contractually applicable, LankaCom may notify affected institutions of confirmed incidents.

Institutions remain responsible for:

• Endpoint protection
• Credential management
• User controls
• Internal security procedures

Information is retained according to:

• Contractual obligations
• Operational requirements
• Legal obligations
• Audit requirements
• Backup cycles

Upon termination of services:

LankaCom may provide reasonable export or transition assistance subject to service agreements.

Backup retention and archival periods may continue for legal, operational, audit, or disaster recovery purposes.

Subject to applicable law, individuals may request:

• Access to information
• Correction / rectification
• Restriction of processing
• Objection to processing
• Withdrawal of consent
• Deletion where legally permissible
• Copies of applicable records

Requests concerning school-managed records should first be directed to the relevant institution.

Users may also submit privacy requests to:

Email: privacy@athenaerp.lk

Users wishing to delete accounts or request removal of information should contact the relevant institution first.

Where LankaCom directly administers operational accounts, requests may be submitted to:

privacy@athenaerp.lk

Certain records may continue to be retained where required for:

• Legal obligations
• Contractual obligations
• Audit purposes
• Backup systems
• Security investigations
• Operational continuity

Removal of accounts may affect application functionality and service access.

LankaCom does not use student or institutional data processed through Athena for training unrelated public AI systems or unrelated commercial data-mining activities.

Limited aggregated or de-identified technical information may be used for:

• Reliability improvements
• Security monitoring
• Analytics
• Troubleshooting
• Platform enhancement

LankaCom employees, contractors, and authorized service providers are subject to confidentiality and access control obligations where applicable.

Athena may use:

Essential Cookies

Used for:

• Authentication
• Session management
• Security

Preference Cookies

Used for:

• User settings
• Interface preferences

Analytics Technologies

May be used for:

• Performance monitoring
• Usage statistics
• Reliability improvements

Users may manage cookies through browser settings.

Disabling essential cookies may affect platform operation.

This Privacy Policy may be updated due to:

• Service changes
• New applications
• Regulatory updates
• Security changes
• Operational improvements

Updates may be published through websites, portals, applications, or notices.

Continued use after updates may constitute acknowledgment subject to applicable law.