C
HBA Compass
← Back to Home

Privacy Policy

Effective Date: May 1, 2026  · Company: The HBA Company  · Product: HBA Compass

1. Introduction

Welcome to HBA Compass, a school management Software-as-a-Service (SaaS) platform developed and operated by The HBA Company. HBA Compass provides schools, teachers, students, and parents with an integrated suite of tools covering timetable management, attendance tracking, examination results, fee collection, notice distribution, and more.

This Privacy Policy explains how The HBA Company collects, uses, discloses, and safeguards personal information in connection with the HBA Compass platform (including the web portal at getcleartimetable.com and the mobile application). By accessing or using HBA Compass, you agree to the practices described in this Policy.

If you do not agree with this Policy, please discontinue use of the platform and contact us at support@thehbacompany.com to request account deletion.

2. Information We Collect

We collect only the information necessary to provide and improve the HBA Compass platform. The categories of information we collect are:

2.1 School Information

When a school registers on HBA Compass, we collect the school's legal name, postal address, city/state/PIN code, board affiliation (e.g., CBSE, ICSE), and the name and email address of the primary administrator. This information is used to create and manage the school's account.

2.2 User Data

For each user (school administrator, principal, vice-principal, HOD, class teacher, or teacher) we collect: full name, email address, role/designation, phone number, date of birth (where provided), and gender (where provided). Email addresses serve as the primary login identifier and are used for authentication and notifications.

2.3 Student Data

We collect student-related information as entered by the school administration, including: full name, class/section assignment, date of birth, gender, contact information, attendance records (daily present/absent/late status), examination results and marks, and fee assignment and payment records. This data is collected and managed exclusively by the school and is associated with the school's isolated account.

2.4 Parent Data

Where a school enables parent-portal access, we collect: parent or guardian name, email address, phone number, and the linkage between parent and student records. Parents receive notifications (attendance alerts, notices, fee reminders) on behalf of the school through this data.

2.5 Usage Data

We automatically collect technical and usage data when you interact with HBA Compass, including: login timestamps, IP addresses, browser or device type, pages or features accessed, and error or activity logs. This information is used solely for platform security, performance monitoring, and debugging.

2.6 Payment Data

Subscription and fee payments on HBA Compass are processed by Razorpay, a third-party payment gateway. We do not store, transmit, or have access to card numbers, CVVs, bank account details, or any other sensitive payment credentials. We retain only non-sensitive transaction metadata such as transaction ID, amount, status, and date, which is necessary for accounting and support purposes.

3. How We Use Your Information

The HBA Company uses the information collected solely for the following purposes:

  • Delivering school management features: We use school, user, and student data to power the core features of HBA Compass, including timetable generation, attendance tracking and reporting, examination result management, fee collection and installment tracking, notice distribution, and substitute teacher allocation.
  • Sending notifications: With school authorization, we send email notifications via Resend (e.g., attendance alerts, notice broadcasts, fee reminders, account credentials) and WhatsApp messages via Twilio (e.g., attendance alerts to parents).
  • Processing payments: We use Razorpay to process school subscription fees and student fee payments initiated through the platform. Transaction metadata is retained for billing records.
  • Monitoring platform health and security: Usage data, activity logs, and error reports are used to identify and resolve technical issues, detect unauthorized access, and improve the performance and reliability of the platform.
  • Legal and compliance obligations: We may process personal data to comply with applicable Indian laws, regulations, or lawful requests from competent government authorities.

4. Data Sharing

The HBA Company does NOT sell, rent, or trade your personal data to any third party for commercial purposes.

We share data only with the following sub-processors, strictly for the purpose of delivering HBA Compass services. Each processor is bound by its own privacy policy and contractual data protection obligations:

ProcessorPurposePrivacy Policy
SupabaseDatabase (PostgreSQL) and file storageView Policy
RazorpayPayment processingView Policy
ResendTransactional email deliveryView Policy
TwilioWhatsApp notification deliveryView Policy

We may also disclose personal data if required to do so by law, court order, or in connection with any legal proceedings, or in order to establish, exercise, or defend our legal rights.

5. Data Security

The HBA Company implements appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Password hashing: All user passwords are hashed using bcrypt with a minimum of 12 rounds before storage. Plaintext passwords are never stored or logged.
  • School-level data isolation: All data is stored in Supabase (PostgreSQL) and scoped to individual school accounts. No school can access another school's data. Row-level security policies enforce this isolation at the database level.
  • File storage: Uploaded files (e.g., question papers, report PDFs) are stored in Supabase Storage with server-side access controls. The Supabase service key is never exposed to client-side code.
  • Rate limiting: Sensitive API endpoints (login, password change, OTP) are rate-limited to mitigate brute-force and denial-of-service attacks.
  • Transport security: All data transmitted between your device and our servers is encrypted in transit using TLS (HTTPS).

Notwithstanding the above, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

6. Data Retention

We retain school and user data for the duration of the active subscription. Specifically:

  • Active subscriptions: All school data (users, students, attendance, results, fees, notices, timetables) is retained and accessible for the duration of the subscription.
  • Subscription cancellation or expiry: Upon subscription termination, data may be retained for up to 30 days to allow for account reactivation or data export, after which it will be permanently deleted.
  • Deletion on request: Schools or individual users may request permanent deletion of their data at any time by sending a written request to support@thehbacompany.com. We will process such requests within 30 days, subject to any legal obligations that require retention.

7. Your Rights

Subject to applicable Indian data protection laws, you have the following rights with respect to your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right of Correction: You may request correction of inaccurate or incomplete personal data.
  • Right of Erasure: You may request deletion of your personal data, subject to legal retention obligations.
  • Right to Object: You may object to processing of your personal data where we rely on legitimate interests as the legal basis.

To exercise any of these rights, please contact us at support@thehbacompany.com. We will respond to all legitimate requests within 30 days. Note that certain rights may be limited where we have a legal obligation to retain data or where the right conflicts with the legitimate interests of the school institution.

8. Children's Privacy

HBA Compass is a business-to-business platform licensed to schools and educational institutions. Student data on the platform - including minors' personal information - is entered, managed, and controlled exclusively by the contracting school institution, not directly by students or minors.

The HBA Company acts as a data processor with respect to student data; the school acts as the data controller and is responsible for obtaining any necessary parental or guardian consents required under applicable law before uploading minor student data to the platform.

We comply with applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDPA), as they apply to the processing of personal data of children and minors in an institutional education context.

9. Changes to This Policy

The HBA Company reserves the right to modify this Privacy Policy at any time. We will determine whether a change is material based on the nature and extent of the modification.

For material changes (such as changes to the categories of data we collect, new third-party processors, or changes to your rights), we will notify school administrators via email to the address registered with their account at least 14 days before the change takes effect.

Non-material updates (such as clarifications, corrections of typographical errors, or changes to contact information) may be made without prior notice, though the "Effective Date" at the top of this Policy will always reflect the date of the most recent revision. Continued use of HBA Compass after any modification constitutes acceptance of the updated Policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us at:

The HBA Company

Product: HBA Compass

Email: support@thehbacompany.com

We aim to respond to all privacy-related inquiries within 5 business days.