Ketpy EMS
Home About Features Products Resources Case studies AI assistants Partner Contact Pricing Start free signup

Legal

GDPR & DPDP compliance

How Ketpy meets India's DPDP Act 2023 and the EU General Data Protection Regulation.

Two laws, one approach

Ketpy is built India-first, but the engineering choices we made for India's Digital Personal Data Protection Act 2023 happen to also satisfy the EU's GDPR. Schools with international students can use Ketpy without bolt-on tooling.

Who is who

  • You (the school) are the data fiduciary (DPDP) / controller (GDPR). You decide what data is collected and why.
  • Ketpy is your data processor. We process the data only on your instructions.

Data subject rights we help you fulfil

RightHow Ketpy supports it
Right to accessOne-click "Download my data" export (Excel) from every panel.
Right to rectificationIn-app edit on every record + audit trail of changes.
Right to erasure"Delete account" wizard in super-admin → deletes within 30 days (90 days for tapes).
Right to portabilityFull Excel + JSON export of all student / parent / staff records.
Right to objectPer-feature opt-outs (e.g., disable AI defaulter prediction, disable photo facial detection).

Data Processing Agreement (DPA)

Pro and Enterprise customers can sign a DPA in < 5 minutes via DocuSign. Email info@ketpy.com; we send it back within one business day.

Data residency

All customer data is stored in Indian data centres (Mumbai, Bengaluru). EU schools can opt for Frankfurt residency on Enterprise plans — ask sales.

International transfers

We do not transfer personal data outside India by default. If your school enables a feature that requires it (e.g., a non-Indian payment gateway), you'll see an inline disclosure and have to explicitly opt in.

Breach notification

  • DPDP: we notify the Data Protection Board of India + affected fiduciaries (you) within 72 hours of discovery.
  • GDPR: same 72-hour window for affected controllers (you) and the EU supervisory authority.
  • You then have the obligation to notify the affected data principals (parents/students) — we provide draft templates.

Sub-processors

A current list of sub-processors (cloud, email, SMS, payment, video) is at /subprocessors. We notify 30 days in advance of any change.

Children's data

Schools that enrol learners under 18 act as significant data fiduciaries under DPDP. We give you:

  • Verifiable parental consent flows during admission.
  • Default-off settings for any feature that profiles minors.
  • No tracking, no advertising, no AI training on children's data — ever.

Contact

Our Data Protection Officer can be reached at info@ketpy.com. For EU data subjects, our EU representative is listed in the DPA.

Ready when you are

Ready to digitise your institution?

Join 2,000+ institutions that trust Ketpy to run admissions, attendance, exams, fees, and communications — under one roof.

Book a free demo See pricing
Call WhatsApp Book demo

Install Ketpy app

Add Ketpy to your home screen for offline access and faster load.

Tap Share then Add to Home Screen.

A small bite about cookies

Ketpy uses strictly-necessary session cookies to keep you signed in. We'd also like to set anonymised analytics cookies to understand which pages are useful. We do not run advertising trackers. Read our cookie policy →