Back to home

Privacy Policy

This policy explains what data Xoredge processes when you use Xoredge College Admin — across LIP Cloud, Managed Cloud, and Self-Hosted deployments — including how AI features handle institutional data.

Effective date: 29 April 2026

1. Who we are

Xoredge (“Xoredge”, “we”, “us”) designs and operates Xoredge College Admin (the “Software”). For deployments hosted by us (LIP Cloud / Managed Cloud) we are the data processor; the institution that signs the order is the data controller. For self-hosted deployments Xoredge is neither, and this policy describes only data we receive from you about your account, support tickets, and licence status.

Contact: legal@xoredge.com.

2. What data we collect

Institutional records

When you operate the Software, your authorised users enter institutional records: students, staff, classes, attendance, fees, exams, leave, expenses, files. This content is your data. Xoredge accesses it only to deliver the Software, on your instruction (e.g. a support ticket where you ask us to investigate a record), or where required by law.

Account & billing

For paid plans we collect your billing contact, address, payment instrument (processed by our PSP — we do not store full card numbers), tax IDs, and order history.

Telemetry & logs

The Software writes audit logs for every mutating action (UI / AI / API / cron sources). On hosted deployments these logs stay inside your tenant — we only read them when you ask us to. We collect aggregate metrics (request counts, latency, error rates) for capacity planning; these are pseudonymised at the tenant level (no individual PII).

Cookies & this marketing site

The marketing site uses Firebase Analytics for aggregate visitor stats. The Software itself uses session cookies for authentication and a small CSRF token; no third-party advertising cookies.

3. AI features and third-party providers

The College Assistant routes prompts through an AI gateway that may call Google Gemini, OpenAI, Anthropic Claude, GitHub Copilot, OpenRouter (which itself is a router across 400+ models), or a local Ollama instance — depending on which keys you configure. Whichever provider answers a given prompt sees the prompt content, including any institutional details the user mentions.

To minimise exposure:

  • Per-user RBAC is enforced before the AI sees data. A Teacher account cannot ask the AI to read salary records and have it succeed; the relevant tools are not in their tool list.
  • CNIC / ID numbers are masked in tool outputs by default; only roles with explicit view_pii permission see the unmasked value.
  • Self-hosted deployments can disable cloud AI entirely and route only to your local Ollama, in which case no prompt ever leaves your network.

Each provider operates under its own terms (Anthropic, OpenAI, Google, Meta / OpenRouter, GitHub). For Managed deployments we contract with these providers as sub-processors and forward our data-processing terms downstream.

4. Where data is stored

  • LIP Cloud: Pakistan-region VPS infrastructure (Hostinger / a similar provider). Daily encrypted backups in the same region for 30 days.
  • Managed Cloud: AWS, GCP or Azure region you select at provisioning. Backups in the same region.
  • Self-Hosted: wherever you deploy. Xoredge has no copy.

5. Retention

We keep institutional data for as long as your subscription is active plus 30 days, during which you can request an export. After that we wipe encrypted backups within a further 60 days. If you request earlier deletion under Your rights, we wipe within 14 business days, retaining only what we’re legally required to keep (invoices, tax records).

6. Sub-processors

For Managed deployments we use:

  • Hosting (Hostinger / AWS / GCP / Azure depending on tier)
  • AI providers (Anthropic, OpenAI, Google, GitHub, OpenRouter — your choice)
  • Email delivery (Postmark)
  • Error monitoring (Sentry)
  • Payments (Stripe / 2Checkout)

We will give 30 days’ notice before adding or replacing a sub-processor. You may object during that window; if we can’t reasonably accommodate the objection, you can terminate the affected service for a pro-rata refund of the unused term.

7. Your rights

For institutional data you control: ask the data controller (your institution’s Director account). For data we hold about you directly (account, support tickets, billing) email legal@xoredge.com:

  • Request a copy
  • Request correction
  • Request deletion (subject to legal retention)
  • Withdraw consent for marketing communications

We respond within 30 days. There is no fee for the first request in any 12-month window.

8. Security

  • HTTPS / TLS 1.3 in transit; AES-256 at rest on managed deployments
  • Argon2 / bcrypt for password hashing
  • Audit log of every mutating action
  • Field-level RBAC (50+ permissions)
  • CNIC / ID masking by default
  • Daily encrypted backups, restore-on-demand
  • Vulnerability scanning on dependencies (Dependabot / Snyk)

If you discover a security issue, please email security@xoredge.com — we run a responsible-disclosure programme and will acknowledge within 2 business days.

9. Changes to this policy

We’ll post material changes here at least 14 days before they take effect and email the primary billing contact on the affected account.

Questions about this document? Email legal@xoredge.com or contact us at hello@xoredge.com.