Privacy Policy
Last Updated: February 5, 2026
GlobalIDPRO collects zero biometric data from students, parents, or visitors. Our OTP-based login uses phone numbers schools already have, and Runtime QR codes are ephemeral — they expire in seconds and store no permanent data. This policy explains exactly what we collect, why, and how we protect it.
Introduction
GlobalIDPRO ("we," "us," "our") operates a digital identity verification platform designed specifically for K-12 schools, colleges, and educational institutions. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform — including the Parent/Student app, Staff app, Admin dashboard, and Vendor portal.
We are committed to protecting the privacy of students, parents, guardians, staff, visitors, and vendors. GlobalIDPRO is designed with a privacy-first architecture: we collect zero biometric data (no fingerprints, no facial recognition, no iris scans), use OTP-based authentication via phone numbers schools already possess, and generate ephemeral Runtime QR codes that expire in seconds and store no permanent data on the device.
We comply with applicable data protection laws including India's Digital Personal Data Protection (DPDP) Act 2023, the European General Data Protection Regulation (GDPR), the U.S. Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), the Illinois Biometric Information Privacy Act (BIPA), and CBSE/ICSE institutional compliance requirements.
Zero Biometric Data Commitment
Our foundational privacy principle
GlobalIDPRO does not collect, store, process, or transmit any biometric data from any user — including students, parents, staff, visitors, or vendors. Specifically:
Why this matters for schools: Biometric data (fingerprints, facial scans) collected from children is permanent — it cannot be changed if breached. India's DPDP Act, GDPR, and US state laws (Illinois BIPA, Texas CUBI) impose strict requirements on biometric data collection from minors. By collecting zero biometric data, GlobalIDPRO eliminates this entire category of privacy risk, requires no special biometric consent forms, and achieves 100% parent adoption with zero privacy objections.
Information We Collect
Student Information
Provided by school via CSV/ExcelParent / Guardian Information
Verified via OTPStaff Information
Provided by adminVisitor Information
Collected at gate check-inVendor / Print Partner Information
Vendor registrationTechnical & Usage Information
Auto-collectedWhat We Do NOT Collect
How We Use Your Information
Identity Verification
Generate Digital IDs, produce Runtime QR codes for gate entry, verify student/staff identity during scans, and confirm parent/guardian authorization during pickup.
OTP Authentication
Send one-time passwords to registered mobile numbers for secure, passwordless login. Phone numbers used solely for auth — never for marketing or third-party sharing.
Runtime QR Generation
Generate time-bound, cryptographically unique QR codes that expire in seconds. Runtime QR data is ephemeral — generated on-demand, validated server-side, not stored permanently.
Parent / Guardian Verification
Verify that the person picking up a child is on the authorized guardian list. System checks OTP-verified identity against parent-child relationship data from the school.
Visitor Management
Log visitor check-ins/check-outs, capture photos for identification, notify hosts of arrival, and maintain audit trails for school safety compliance.
ID Card Printing (Vendor Platform)
Deliver print-ready data to school-selected vendors. Only data needed for printing (name, photo, class, ID, blood group) is shared with the vendor the school selects.
Transport Safety
Verify student identity at bus stops via Runtime QR scan, confirm parent authorization for bus routes, and log boarding/alighting events for safety records.
Session Rollover & Continuity
Carry forward student data (photos, parent OTP, guardian lists) during academic year transitions. Schools control timing — no data carried forward without explicit admin action.
Compliance & Audit Reports
Generate CBSE/ICSE compliance reports, safety audit logs, visitor records, scan summaries, and gate entry reports for inspections and regulatory requirements.
Service Improvement
Analyze aggregated, anonymized usage patterns (never individual data) to improve app performance, fix bugs, and develop features requested by schools.
Data Security
We implement industry-leading security measures to protect all data entrusted to us by schools, parents, and visitors:
Runtime QR Security: Unlike static QR codes that can be photographed and reused, GlobalIDPRO's Runtime QR codes are generated fresh on every display, include a cryptographic timestamp, and are validated server-side. A screenshot of a Runtime QR is useless — it expires within seconds. This eliminates ID sharing, proxy attendance, and QR cloning attacks entirely.
Data Sharing & Third Parties
GlobalIDPRO does not sell, rent, or trade personal data to any third party. We share limited data only in these specific circumstances:
Print Vendors (School-Selected Only)
When a school orders ID cards, we share print-necessary data (name, photo, class, ID, blood group) with the vendor the school explicitly selects. No additional data is shared.
Cloud Infrastructure Providers
Data is hosted on SOC 2 certified cloud (AWS / Google Cloud). Providers process data under strict DPAs and have no independent access.
OTP Delivery Partners
Phone numbers shared with SMS gateway solely to deliver OTP codes. Providers are contractually prohibited from storing or using numbers for any other purpose.
Legal Obligations
We may disclose data if required by law, court order, or government authority — only the minimum data necessary to comply.
School Administration
School admins access data for their institution only. Multi-campus admins access their assigned campuses. No cross-school data access.
We never: Sell data to advertisers · Share with data brokers · Use student data for targeted advertising · Share across schools without authorization · Allow vendors to retain data after order fulfillment.
Your Privacy Rights
Depending on your location and applicable law, you have the following rights regarding your personal data:
Right to Access
Request a complete copy of all personal data we hold about you or your child. Provided within 30 days in machine-readable format.
Right to Correction
Request correction of inaccurate or incomplete data. Schools can also correct data directly from the admin dashboard.
Right to Deletion
Request deletion of all personal data (right to be forgotten). All data permanently deleted within 30 days of account termination.
Right to Data Portability
Request your data in a structured, commonly used format (CSV/JSON) for transfer to another service.
Right to Restrict Processing
Request that we stop processing your data while a dispute is being resolved or while you exercise other rights.
Right to Withdraw Consent
Withdraw consent for data processing at any time. For school-managed accounts, contact your admin or our DPO.
Right to Object
Object to data processing based on legitimate interests. We will stop unless we demonstrate compelling legitimate grounds.
Right to Non-Discrimination
We will not deny services, charge different prices, or reduce quality based on your exercise of privacy rights.
To exercise any of these rights, contact our Data Protection Officer at privacy@globalidpro.com — we respond within 72 hours and complete all requests within 30 days.
Data Retention
We retain personal data only as long as necessary. Specific retention periods:
Cookies & Tracking
Our web dashboard and marketing website use cookies. Our mobile apps do not use cookies — they use secure token-based authentication.
Essential Cookies
RequiredRequired for login session management and dashboard functionality. Cannot be disabled.
Analytics Cookies
OptionalHelp us understand dashboard usage patterns (page views, feature adoption). Aggregated and anonymized. Can be disabled.
Preference Cookies
OptionalRemember your dashboard settings, language, and display preferences. Can be disabled.
We do not use advertising cookies, tracking pixels, or cross-site tracking. We do not share cookie data with third-party advertisers.
Children's Privacy
Special protections for students under 18
GlobalIDPRO is designed for use by educational institutions serving students aged 5-18. We take children's privacy extremely seriously:
Institutional Consent Model
Student data is provided by the school (data controller) under institutional authority. Schools obtain required parental consent per jurisdiction before uploading.
Minimal Data Collection
Only what is necessary for identity verification (name, photo, class, parent contact). No browsing behavior, social connections, or profiling data.
Zero Biometric Data from Children
Unlike fingerprint or facial recognition systems, we collect no biometric data from children. A fingerprint taken at age 6 cannot be changed if breached — we eliminate this risk.
No Direct Child Accounts
For students under 13 (or 16 in GDPR jurisdictions), the parent's phone holds the Digital ID. Children don't create accounts or provide email addresses.
No Student Data Monetization
Student data is never used for advertising, profiling, analytics targeting, or any commercial purpose beyond identity verification.
Parent Access & Control
Parents view uploaded data via the app. They can request correction or deletion through their school or directly through our DPO.
Compliance: Our children's data handling complies with COPPA (US), GDPR Article 8 (EU), India's DPDP Act Section 9, FERPA (US education records), Illinois BIPA, and California's SOPIPA.
International Data Transfers
GlobalIDPRO stores data in the region closest to the school's location:
Changes to This Policy
Questions About Privacy?
Contact our Data Protection Officer for any privacy-related questions, data access requests, or concerns about how your school's data is handled.