Privacy Policy
Last updated: 16 May 2026
1. Introduction
Relayra Solutions ("Relayra", "we", "us", "our") operates the website https://relayrasolutions.com and provides a WhatsApp-based communication and fee management platform for educational institutions in India.
This Privacy Policy explains how we collect, use, share, and protect personal information in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 of India.
2. Who We Are
- Business Name: Relayra Solutions
- Address: Bareilly, Uttar Pradesh, India
- Email: hello@relayrasolutions.com
- Grievance Officer: Relayra Solutions Grievance Team (hello@relayrasolutions.com)
3. Information We Collect
From Schools (Our Customers)
- School name, address, registration details
- Administrator names, email addresses, phone numbers
- Payment information (processed via Razorpay)
- Login credentials (stored encrypted)
From Schools About Students and Parents
Schools upload information about their students and parents into our platform, including:
- Student name, class, section, admission number
- Parent/guardian name, WhatsApp number, email
- Fee records and payment history
- Attendance records
- Religion (optional, for festival greeting customization)
From Parents (Indirectly)
- WhatsApp message responses sent to school numbers via Relayra
- Payment confirmations sent via WhatsApp
- Communication preferences
Automatically Collected
- IP address, browser type, device information
- Pages visited, time spent, referral source
- Authentication session data
4. How We Use Information
We use information to:
- Provide and operate the Relayra platform
- Send fee reminders, attendance alerts, and school communications via WhatsApp
- Process payments and manage subscriptions
- Improve our services and develop new features
- Respond to support requests
- Comply with legal obligations
- Detect and prevent fraud or misuse
5. Lawful Basis for Processing (DPDP Act)
We process personal data based on:
- Consent: Schools obtain parent consent before adding parent contact information; we obtain school consent through our Terms of Service
- Contract Performance: To deliver the services schools have subscribed to
- Legal Obligation: Tax records, regulatory compliance
- Legitimate Interest: Fraud prevention, service improvement
6. Children's Data
Our platform processes information about students who may be minors. We implement special protections:
- We never collect data directly from children
- Schools are responsible for obtaining parental consent before uploading student data
- We do not market to children
- We restrict access to student data to authorized school personnel only
- Parents may request deletion of their child's data at any time (see Data Deletion)
7. Sharing of Information
We share information with the following third parties as necessary to provide our services:
| Party | Purpose | Data Shared | Location |
|---|---|---|---|
| Meta Platforms (WhatsApp) | Message delivery | Parent phone numbers, message content | Global |
| Razorpay | Payment processing | School payment information | India |
| Supabase | Database hosting | All platform data | Singapore |
| Anthropic | AI message generation | Anonymized message context | United States |
| Vercel | Website hosting | Anonymized visitor data | United States |
| Resend | Transactional emails | Email addresses, email content | United States |
We do not sell personal data to any third party.
8. International Data Transfers
Some of our service providers are located outside India (Supabase in Singapore; Vercel, Anthropic, and Resend in the United States). Where data is transferred outside India, we ensure appropriate safeguards including contractual data protection clauses, service providers' compliance with international privacy frameworks, and encryption in transit and at rest.
9. Data Retention
- Active customer data: Retained for the duration of the subscription
- Financial records: Retained for 7 years as required under Indian tax law
- Inactive accounts: Deleted 90 days after subscription ends, unless legally required to retain
- Marketing data: Retained until consent is withdrawn
10. Security
We implement industry-standard security measures including:
- End-to-end encryption for sensitive data in transit (TLS 1.3)
- Encryption at rest in Supabase
- Row-Level Security (RLS) on all database tables
- Multi-factor authentication for administrative access
- Regular security audits
- Access controls and audit logs
No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but commit to notifying affected parties of any data breach within 72 hours, as required by law.
11. Your Rights Under the DPDP Act
You have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Erasure: Request deletion of your data (subject to legal retention)
- Grievance Redressal: Lodge a complaint with our Grievance Officer
- Withdrawal of Consent: Withdraw consent at any time
- Nominate: Nominate someone to exercise rights in case of incapacity
To exercise these rights, visit our Data Deletion page or contact us at hello@relayrasolutions.com.
12. Changes to This Policy
We may update this policy and will notify schools via email of material changes.
13. Grievance Redressal
For any privacy-related complaints, contact our Grievance Officer:
- Designation: Grievance Officer, Relayra Solutions
- Email: hello@relayrasolutions.com
- Response Time: Within 30 days as per DPDP Act
You may also approach the Data Protection Board of India if your grievance is not resolved.
14. Contact Us
For any questions about this Privacy Policy, contact us at:
- Email: hello@relayrasolutions.com
- Address: Relayra Solutions, Bareilly, Uttar Pradesh, India