In this Privacy Policy, the following terms shall have the meanings ascribed to them below unless the context otherwise requires:

"Service" means the Fee Tracker web application, progressive web application (PWA), and all associated features accessible at the domain on which this Policy is published.

"Operator" means the individual or entity that deploys, hosts, and maintains the Service. The Operator is the Data Controller as defined under applicable data protection law.

"User" means any natural person who accesses, registers for, or uses the Service in any capacity, including as a student or teacher.

"Personal Data" means any information relating to an identified or identifiable natural person, as defined under applicable law including the Information Technology Act, 2000 (India) and the Digital Personal Data Protection Act, 2023 (DPDPA).

"Processing" means any operation performed on Personal Data, including collection, storage, use, transmission, and deletion.

"Firebase" means Google Firebase, a cloud platform provided by Google LLC, used as the Service's backend infrastructure for authentication, database, and messaging services.

"IndexedDB / IDB" means the browser-native client-side database used for offline caching of Service data on the User's device.

The Service is operated by an independent developer ("Operator"). The Operator acts as the Data Controller in respect of Personal Data collected through the Service. The Operator's contact information is available in Section 15 of this Policy.

The Operator is not affiliated with, endorsed by, or a subsidiary of Google LLC, Alphabet Inc., or any of their subsidiaries. Firebase and Google Sign-In are third-party services subject to Google's own privacy policies.

The Operator does not employ staff dedicated to data processing. All Personal Data is processed automatically by the technical infrastructure described herein, without manual review except where legally required.

The Service collects the following categories of data:

The Service does not collect: precise geolocation, biometric data, financial account numbers, government-issued identification, or any special categories of Personal Data as defined under applicable law.

Student names and fee data entered by a teacher-role User relate to third parties. The teacher-role User is solely responsible for obtaining any necessary consents from those third parties prior to entering their information into the Service.

Processing of Personal Data is carried out under the following legal bases:

Contractual necessity (Article 6(1)(b) GDPR equivalent / DPDPA §4): Processing Identity Data, Role Data, Fee Records, and Payment History is necessary to perform the Service as agreed when the User creates an account.

Legitimate interests: Processing Device Data and Usage Metadata is carried out on the basis of the Operator's legitimate interest in maintaining the security, reliability, and offline functionality of the Service. This interest is not overridden by the rights and freedoms of Users.

Consent: Processing of Push Tokens and delivery of push notifications is based on the User's explicit, revocable consent granted through the browser's Notification Permission API. Withdrawal of consent can be effected at any time through the device or browser notification settings without affecting the lawfulness of prior processing.

Personal Data is used exclusively for the following purposes and is not processed in any manner incompatible with those purposes:

(a) Authentication: Verifying User identity via Google Sign-In to grant access to User-specific data.

(b) Core Service functionality: Storing, retrieving, and displaying fee records, payment histories, and batch information as entered by the User.

(c) Offline capability: Caching data to the User's device (IndexedDB, localStorage) so the Service remains functional without an active internet connection.

(d) Notifications: Sending push notifications for fee due-date reminders and payment receipts, where notification permission has been granted.

(e) Service integrity: Replaying offline write queues upon reconnection; detecting and resolving data synchronisation conflicts.

The Operator does not use Personal Data for: targeted advertising, profiling, automated decision-making with legal or similarly significant effects, sale or rental to third parties, or any purpose not listed above.

The Service relies on the following third-party sub-processors. Personal Data may be transmitted to and processed by these entities as described:

Google Firebase processes Personal Data pursuant to Google's Data Processing Addendum and applicable contractual obligations. The Operator has no control over Google's internal data handling practices beyond the contractual terms accepted at the time of Firebase project creation.

The Operator is not liable for any breach, loss, disclosure, or misuse of Personal Data by any sub-processor, including Google Firebase, where such event occurs within the sub-processor's own infrastructure or is attributable to the sub-processor's acts or omissions.

No Personal Data is shared with analytics platforms, advertising networks, or social media trackers. There are no third-party tracking scripts of any kind embedded in the Service.

Active accounts: Personal Data is retained in Firestore for as long as the User maintains an active account with the Service.

Account deletion: Users may request deletion of their account and all associated Personal Data by signing out and submitting a deletion request to the contact address in Section 15. The Operator shall effect deletion within 30 (thirty) days of a verifiable request. Deletion encompasses all Firestore documents under the User's UID path.

Client-side data: Data cached in the User's browser (IndexedDB, localStorage, Service Worker cache) is purged automatically upon sign-out (Service Worker CLEAR_CACHE and PURGE_QUEUE messages are dispatched). Users may also clear this data manually via browser settings at any time.

Push tokens: FCM device tokens stored in Firestore are deleted upon sign-out or upon revocation of notification permissions as detected by the Service.

Backup and disaster recovery: Firebase may retain data in backup snapshots for a period governed by Google's own retention policies, beyond the Operator's control. The Operator does not independently operate backups of Firestore data.

The following technical and organisational measures are in place to protect Personal Data:

Transport encryption: All data transmitted between the User's device and Firebase servers is encrypted using TLS 1.2 or higher.

Firebase Security Rules: Firestore access is governed by Firebase Security Rules that restrict read and write operations to the authenticated owner of each data path (/users/{uid}/). No User can access another User's data through the Service's Firestore configuration.

Firebase App Check: reCAPTCHA v3-based App Check is enforced to prevent abuse of Firebase resources by unauthorised clients.

Authentication: User authentication is delegated entirely to Google's OAuth 2.0 infrastructure. The Service does not store passwords.

Client-side isolation: Locally cached data is keyed by UID and is not accessible to other origins or browser tabs by virtue of the Same-Origin Policy.

Notwithstanding the foregoing, no security measure is infallible. The Operator cannot guarantee absolute security of data transmitted over public networks or stored in third-party infrastructure. The Operator is not liable for security incidents that originate within Firebase's or Google's infrastructure.

Subject to applicable law, Users have the following rights in respect of their Personal Data:

Right of access: You may request a summary of Personal Data held about you. As the Service displays your data in real time through the application interface, most data is directly accessible without a formal request.

Right to rectification: You may correct inaccurate Personal Data at any time through the in-app profile and data editing interfaces.

Right to erasure ("right to be forgotten"): You may request deletion of your account and all associated data as described in Section 7.

Right to data portability: The Service provides CSV and XLSX export functionality for payment history data, enabling data portability in machine-readable formats.

Right to withdraw consent: Where processing is based on consent (push notifications), you may withdraw consent at any time through device or browser settings.

Right to lodge a complaint: If you believe your data protection rights have been violated, you may lodge a complaint with the relevant data protection authority in your jurisdiction. For Users in India, this is the Data Protection Board of India established under the DPDPA 2023.

To exercise rights not addressable through the in-app interface, contact the Operator via the address in Section 15. The Operator will respond within 30 days. The Operator reserves the right to verify your identity before acting on a request.

The Service does not use browser cookies for tracking or advertising purposes.

The Service uses the following browser storage mechanisms, all of which are strictly necessary for Service functionality:

localStorage: Stores User UID (for offline boot), theme preference (ft_theme), and PWA installation state flags. No personal tracking data is stored in localStorage.

IndexedDB (fee-tracker-cache): Stores a local cache of Firestore data (teachers, batches, payments, profile) to enable offline access. Data is keyed by UID and automatically cleared on sign-out.

Service Worker cache storage: Stores application shell assets (HTML, CSS, JS, images) for offline PWA functionality. No Personal Data is stored in the Service Worker cache.

All client-side storage is automatically cleared on sign-out. Users may also clear all stored data at any time through their browser's storage management settings without affecting their Firestore data.

The Service is not directed at children under the age of 13 (or such higher age as applicable under local law). The Operator does not knowingly collect Personal Data from children under this age threshold.

Where a teacher-role User enters the name or other details of a student who is a minor, the teacher-role User warrants that they have obtained all necessary parental or guardian consents required by applicable law prior to doing so. The Operator bears no responsibility for data entered relating to minors by teacher-role Users.

If you are a parent or guardian and believe your child's data has been collected without appropriate consent, please contact the Operator via Section 15 to request deletion.

To the maximum extent permitted by applicable law:

(a) No warranty: The Service is provided "as is" and "as available" without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, accuracy, reliability, or non-infringement.

(b) Data loss: The Operator shall not be liable for any loss, corruption, or unavailability of Personal Data or User-entered data arising from: Firebase infrastructure failures, network disruptions, browser storage limitations, device loss or failure, or any force majeure event.

(c) Third-party breaches: The Operator shall not be liable for any data breach, unauthorised access, or disclosure of Personal Data that occurs within Google Firebase's or any other sub-processor's infrastructure.

(d) Consequential damages: In no event shall the Operator be liable for any indirect, incidental, special, punitive, or consequential damages whatsoever, including but not limited to loss of profits, loss of data, business interruption, or reputational harm, even if advised of the possibility of such damages.

(e) Aggregate cap: The Operator's total aggregate liability to any User under or in connection with this Policy, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall not exceed ₹0 (zero rupees), as the Service is provided free of charge with no consideration exchanged.

(f) User responsibility: The User is solely responsible for the accuracy, legality, and appropriateness of all data they enter into the Service, including third-party data (student names, fee amounts). The Operator assumes no responsibility for errors, omissions, or legal consequences arising from User-entered data.

The Operator reserves the right to amend this Privacy Policy at any time. Material changes will be notified to active Users via an in-app notification or push notification where notification permission has been granted.

Continued use of the Service following the effective date of any amendment constitutes acceptance of the amended Policy. If you do not agree to any amendment, your sole remedy is to discontinue use of the Service and request deletion of your data per Section 7.

The version number and effective date at the top of this document identify the currently operative version.

This Privacy Policy shall be governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (to the extent in force).

Any dispute arising out of or in connection with this Policy that cannot be resolved by direct negotiation shall be referred to arbitration in accordance with the Arbitration and Conciliation Act, 1996. The seat and venue of arbitration shall be determined by the Operator. The language of arbitration shall be English.

Nothing in this section prevents the Operator from seeking injunctive or other equitable relief from a court of competent jurisdiction where necessary to protect its legitimate interests.

For all privacy-related queries, data subject rights requests, or to report a data breach, contact the Operator through the Fee Tracker application's feedback mechanism or via the support channel published on the Service's hosting domain.

The Operator will endeavour to respond to all verifiable requests within 30 (thirty) calendar days. Complex or voluminous requests may require additional time, in which case the Operator will notify you of the expected response timeline.