ONROL — AI Execution School

    — Legal

    Privacy Policy

    Last updated: 10 April 2026

    1. Who We Are

    ONROL is operated by Vivencia Educational Services (“Vivencia”, “we”, “us”), an Indian education and technology services provider based in Hyderabad, Telangana, India. ONROL covers two products under the same entity:

    • ONROL — AI Execution School: Live online programmes (e.g., the AI Generalist Program) for students, professionals, and freelancers.
    • ONROL Task Manager: A B2B field sales CRM and task coordination platform.

    This policy explains how Vivencia Educational Services collects, uses, stores, and protects data across both products and the onrol.in website.

    1A. Payment Data & Razorpay

    Course fees, programme enrolments, and any other paid offerings are processed by Razorpay Software Private Limited on behalf of Vivencia Educational Services. When you make a payment:

    • Your card details, UPI ID, net-banking credentials, and CVV are never seen, stored, or processed by Vivencia or ONROL — they are entered on Razorpay’s PCI-DSS compliant checkout and tokenised by Razorpay directly.
    • We receive only a Razorpay Order ID, Payment ID, the amount paid, the payment method category (UPI/card/netbanking), and your name and email as registered with Razorpay — enough to issue an invoice and confirm enrolment.
    • Razorpay’s privacy policy and PCI-DSS compliance are available at razorpay.com/privacy.
    • Refunds (when approved per the Refund Policy) are issued back to the original payment instrument via Razorpay only.

    2. Information We Collect

    We collect the following categories of data:

    • Account data: Your full name, email address, department, and role (admin or employee) when you register or are invited to the platform.
    • Profile photo: Images you upload are stored in Supabase Storage (avatars bucket) and are publicly readable via a URL tied to your user ID.
    • Task and visit data: Tasks you create, update, or complete, institution records, visit logs (check-in / check-out), activity events, pipeline stages, and follow-up notes.
    • GPS / location data: If you perform a visit check-in or use the Journey Planner, your device GPS coordinates may be recorded and stored against the visit log. Location is only read when you initiate a relevant action — we do not track location continuously.
    • Push notification tokens (FCM): If you grant notification permission on Android, a Firebase Cloud Messaging (FCM) device token is saved to your account so task assignment and reminder notifications can be delivered. Tokens are stored in our database and rotated automatically by Firebase.
    • Messenger messages: In-app messages between team members are stored in our database. Messages are not end-to-end encrypted and may be accessible to administrators within your organization.
    • File transfers: Files shared using the peer-to-peer File Transfer feature are transmitted directly between browsers using WebRTC and are not stored on our servers. No copy is retained after the transfer session ends.
    • Usage and diagnostic data: Error logs, boot step telemetry, and performance data may be collected to help us identify and fix issues.

    3. How We Use Your Data

    • To provide and operate the ONROL Task Manager service for your organization.
    • To deliver push notifications for task assignments, reminders, and alerts.
    • To display visit history and GPS-tagged check-in / check-out records in dashboards.
    • To power the Xulo AI assistant using your task and institution data as local context.
    • To enable team communication through the Messenger feature.
    • To generate reports, activity summaries, and performance dashboards for admins.
    • To maintain security and audit logs within your organization's workspace.

    We do not sell your personal data to third parties.

    4. Data Storage and Processors

    All application data is stored on Supabase (PostgreSQL database and object storage), hosted on cloud infrastructure. Firebase is used solely for push notification token management and delivery. Data may be processed in data centres outside India; however, both Supabase and Firebase maintain appropriate security certifications.

    Supabase enforces Row-Level Security (RLS) policies on all tables so that each user can only access data they are authorized to see.

    5. Data Retention

    Your data is retained as long as your organization's workspace is active. When an account is deactivated, personal data is retained for up to 90 days before permanent deletion, unless legal obligations require longer retention. Profile photos in storage are deleted when you overwrite or remove them.

    6. Cookies and Local Storage

    ONROL uses browser local storage and session cookies for authentication state management (provided by Supabase Auth). No third-party advertising or tracking cookies are used. You can clear local storage via your browser settings, which will sign you out of the application.

    7. Security Measures

    We implement the following security controls:

    • TLS encryption for all data in transit.
    • Row-Level Security (RLS) policies on all Supabase database tables.
    • JWT-based authentication with token refresh and expiry.
    • HTTP security headers (HSTS, X-Frame-Options, CSP, X-Content-Type-Options, Referrer-Policy).
    • Signed Android APK releases using a protected keystore.
    • FCM tokens are scoped per user and never shared across accounts.

    8. Your Rights

    You may exercise the following rights at any time:

    • Access: Request a copy of your personal data.
    • Correction: Update your name, department, or profile photo directly in Settings.
    • Deletion: Request deletion of your account and associated data.
    • Notification opt-out: Disable push notifications in Settings at any time.
    • Location withdrawal: Deny location permissions in device settings to prevent GPS capture.

    To exercise any right, contact us at info@onrol.in. We will respond within 30 days.

    9. Children's Privacy

    ONROL Task Manager is a professional tool intended for business users aged 18 and above. We do not knowingly collect data from minors.

    10. Changes to This Policy

    We may update this policy as the platform evolves. Significant changes will be communicated via in-app notification. Continued use of the platform after changes constitutes acceptance of the updated policy.

    11. Contact

    ONROL, Hyderabad, Telangana, India
    Email: info@onrol.in
    Phone: +91 96093 12345