Edka Privacy Policy

Your privacy is important to Edka. This Privacy Policy ("Policy") explains how we collect, use, and protect personal information provided through our website (edka.app) and related services ("Services"). By accessing or using our Services, you confirm that you understand and agree to this Policy.

As a business-to-business (B2B) service provider, Edka operates under agreements with educational institutions ("Institutions"). We are committed to complying with global data protection standards, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable laws. Our role is to process personal data on behalf of Institutions while maintaining transparency and adhering to strict data security practices.

Information We Collect

To deliver our Services, we collect the following categories of information:

• Account Information: Name, email address, and other details necessary for account creation, as provided by your Institution.
• Usage Data: Information such as IP address, browser type, and pages visited to monitor and enhance our Services.
• Optional Data: Feedback, uploaded files, or other content you choose to share through the platform.

Cookies and Tracking Technologies

Edka uses cookies and similar tracking technologies to optimize performance and personalize user experiences. Cookies are small data files stored on your device. You may adjust your browser settings to manage cookie preferences. For further details, please refer to our Cookies Policy.

How We Use Your Information

Edka processes your information to:

• Provide and improve the Services under our agreements with Institutions.
• Respond to inquiries and communicate necessary updates.
• Fulfill legal obligations and safeguard the Services from misuse.
• Analyze usage data to enhance functionality and user experience.
• Enable integrations with approved third-party tools and services.

Third-Party Services

To deliver our Services, we may share data with trusted third-party providers, such as:

• Authentication providers to ensure secure user access.
• Analytics platforms to optimize system performance.
• Email service providers for administrative communications.

These providers are contractually obligated to use data only for the specified purposes and to adhere to stringent security standards.

Data Retention

We retain personal data as required to provide Services and comply with the operational and legal requirements of the Institution. Temporary data may be stored locally on your device using browser technologies to enhance functionality.

Locally stored data is linked to your active session and may be automatically deleted upon logout or when revisiting the Service after session expiration, as determined by session cookies. If you do not revisit the Service, locally stored data may persist on your device until manually cleared or overwritten by your browser.

Data retention policies, including the duration and purpose of retention, are governed by the Institution. Requests for deletion or further inquiries must be directed to the Institution, which retains primary control over the data.

Retention Guidelines:

• Account Information: Retained in accordance with the Institution’s operational and compliance requirements.
• Locally Stored Data: Deleted upon logout or session expiration, unless otherwise required by the Institution.

Your Rights Under GDPR and CCPA

Depending on your jurisdiction, you may have the following rights:

• Access and update your personal information.
• Request deletion of your personal data.
• Restrict or object to data processing.
• Request a portable copy of your data.
• Opt-out of the sale of personal data (CCPA).
• Withdraw consent, where applicable (GDPR).

To exercise these rights, contact your Institution. Edka acts as a data processor and cannot directly fulfill user requests without authorization from the Institution.

Data Security

We implement robust security measures, including encryption and secure servers, to protect personal data. While no system is entirely secure, we continuously monitor and improve our safeguards. Users are responsible for maintaining the confidentiality of their account credentials.

Data Breach Policy

In the event of a data breach, we will notify affected users and relevant authorities as required by law. We will work with Institutions to mitigate risks and investigate the breach.

International Data Transfers

If you access the Services outside your home country, your data may be transferred to and processed in jurisdictions with different data protection laws. We ensure that such transfers comply with applicable legal requirements and include appropriate safeguards.

Changes to This Policy

This Policy may be updated to reflect changes in legal requirements or our practices. The latest version will be available on our website and will include the revision date.

Last Updated: January 2025