IndexburgIndexburg
FeaturesPricingAboutFAQ
Sign inGet started
FeaturesPricingAboutFAQ
Sign inGet started
IndexburgIndexburg

Teacher-first education platform. Streamline attendance, assignments, reports, and classroom communication.

Product

  • Features
  • Pricing
  • FAQ
  • Support

Legal

  • Privacy Policy
  • Terms of Service

Connect

  • About us
  • [email protected]
  • 01093942631

© 2026 Indexburg. All rights reserved.

Legal

Privacy Policy

Last updated: June 25, 2026

Scope

Indexburg is an education platform that helps teachers track attendance, manage Google Classroom data, generate reports, and communicate with guardians. This Privacy Policy applies to teachers, teacher assistants, students, and guardians whose data is processed through our service.

By using Indexburg, you agree to the collection and use of information as described in this policy.

Data We Collect

Account Information

Name, email address, and authentication credentials for teachers and assistants.

Google Classroom Data

Course rosters, assignments, grades, and coursework imported from Google Classroom after explicit teacher authorization.

Google Meet Data

Meeting participant join and leave timestamps used for attendance tracking. No meeting audio, video, or chat content is accessed or stored.

Zoom Data

  • Zoom OAuth access and refresh tokens (encrypted at rest using AES-256-GCM)
  • Meeting metadata: topic, ID, start time, duration, join URL
  • Participant join and leave timestamps from webhook events
  • Participant email addresses (encrypted at rest using AES-256-GCM and HMAC-SHA256 hashed)
  • Post-meeting participant reports (for licensed Zoom accounts only)

WhatsApp Data

Guardian and student phone numbers, message delivery status, and template message content sent through WhatsApp.

Student Academic Data

Names, coursework submissions, grades, and attendance records imported or computed through the service.

Usage and Audit Logs

Records of actions taken in the platform for security, debugging, and auditability purposes.

How We Use Your Data

  • To generate and deliver per-student attendance and academic reports
  • To create Zoom meetings directly from attendance sessions
  • To track real-time attendance via Zoom and Google Meet webhook events
  • To synchronize Google Classroom data after explicit teacher confirmation
  • To authenticate users and manage platform access
  • To send WhatsApp notifications to guardians
  • To improve the service through aggregated analytics
  • To comply with legal obligations and enforce our Terms of Service

Data Storage and Encryption

All sensitive data is encrypted at rest using industry-standard encryption:

  • OAuth tokens (Zoom, Google): AES-256-GCM with a unique 12-byte random initialization vector per encryption
  • Email addresses: AES-256-GCM for recoverable storage, HMAC-SHA256 for lookup and deduplication
  • Phone numbers: AES-256-GCM for recoverable storage, HMAC-SHA256 for lookup
  • Meeting metadata (IDs, timestamps, names): stored in plaintext as they are not personally identifiable
  • Attendance records: email fields encrypted; timestamps stored in plaintext

Encryption keys are stored exclusively as environment variables on the server — never in the database, source code, version control, or application logs. All data in transit is protected by TLS 1.2 or higher.

Third-Party Integrations

Indexburg integrates with the following services. Each integration is governed by its respective terms and privacy policies.

Google (Classroom, Meet)

We access Google APIs solely to import course data and track meeting attendance. Our use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including Limited Use requirements. We do not use Google user data for advertising and do not sell it to third parties.

Zoom

We access the Zoom API and receive webhook events to create meetings and track attendance on behalf of authorized teachers. Participant email data received through webhooks is encrypted before storage. OAuth tokens are used only to maintain API access and are never shared.

WhatsApp / Meta

We send templated notification messages to consenting guardians through the WhatsApp Business API. Phone numbers are encrypted at rest. We only send messages that teachers explicitly configure and approve.

Infrastructure Providers

We use secure VPS hosting with restricted access, isolated Docker networking, and encrypted communication between services.

We do not sell personal data to third parties. We do not share personal data except as necessary to provide the service or as required by applicable law.

Data Retention

  • Attendance records (meeting logs, participant data): 12 months from date of collection
  • OAuth tokens: until revoked by the user or upon teacher account deletion
  • Google Classroom imported data: until the teacher deletes the course or account
  • WhatsApp message logs: 12 months
  • Audit logs: 12 months
  • Account information: until account deletion is requested

You may request earlier deletion of any data by contacting our privacy team.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your data, subject to legal retention requirements
  • Withdraw consent for Zoom, Google, or WhatsApp integrations at any time from your account settings
  • Export your data in a machine-readable format

To exercise these rights, email [email protected] or use the settings page within the application. We will respond within 30 days.

Children's Privacy

Indexburg is designed for use by teachers and education professionals. The platform is not intended for use by individuals under the age of 16. Student data is collected only through teacher-managed integrations with Google Classroom and Zoom, where the educational institution has obtained appropriate consent. We do not knowingly collect personal information from children without parental or institutional consent.

Security

We implement industry-standard security measures including:

  • TLS 1.2+ encryption for all data in transit
  • AES-256-GCM encryption for all stored personally identifiable information and OAuth tokens
  • HMAC-SHA256 hashing for secure data lookups without exposing plaintext values
  • Encrypted environment variables for all secret and encryption keys
  • Restricted database access on isolated Docker networks
  • Regular security audits and system monitoring

Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or in-application notification. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

Contact

For privacy-related inquiries or data requests:

  • Email: [email protected]
  • Support page: indexburg.com/support