Privacy Policy

Effective: 13 May 2026 · Applies to all GenixEdu accounts and users

At TronicGen, we are committed to protecting the privacy and security of data processed through the GenixEdu platform. This Privacy Policy describes how we collect, use, store, and protect information on behalf of our client institutions. We act as a data processor — the client institution is the data controller responsible for the lawful collection of student and parent data.
1

Who We Are

TronicGen is the developer and service provider of the GenixEdu student management platform. We are an independent software company based in Sri Lanka. For any privacy-related enquiries, contact us at tronicgen@gmail.com.

2

Data We Process

GenixEdu processes the following categories of data on behalf of client institutions:

  • Student records — full name, index number, date of birth, gender, NIC, school, address, academic stream, admission date, and active/archived status
  • Contact details — parent or guardian phone number, student email address (where provided)
  • Academic data — enrolled batch, subjects, exam marks, part marks, Z-scores, rank lists, and attendance records
  • Financial data — monthly fee payment status, payment dates, exemption types and amounts
  • Communication logs — message type (SMS or email), delivery status, and timestamp (OTP content is never stored)
  • Staff account data — username, hashed password, role, mobile number, email, profile picture (optional), and login activity
  • Demo request records — institution name, full name, mobile or email address, and submission timestamp
3

How We Use This Data

Data processed through GenixEdu is used exclusively for the following purposes on behalf of the client institution:

  • Managing student enrolment, records, and academic history
  • Recording and reporting daily class attendance
  • Tracking exam performance, generating rank lists, and Z-score analytics
  • Monitoring tuition fee collection and generating financial reports
  • Sending automated SMS notifications to parents about marks, attendance, and fees
  • Authenticating and auditing staff access through login and logout events

TronicGen does not use client institution data for advertising, profiling, or any commercial purpose beyond providing the GenixEdu service.

4

Data Controller and Processor Roles

The client institution is the data controller — it determines what data is collected, for what purpose, and is responsible for obtaining lawful consent from students and parents.

TronicGen acts solely as a data processor — processing data only on the documented instructions of the client institution and not beyond the scope required to operate the platform.

5

Data Storage and Security

All data is stored on secure servers. TronicGen implements the following technical and organisational measures:

  • JWT-based authentication with 4-hour expiry and token blacklisting on logout
  • bcrypt password hashing (strength 10) — passwords are never stored in plain text
  • SMS or email OTP verification for sensitive account operations
  • IP-based rate limiting on login, OTP, and messaging endpoints
  • HTTPS encryption for all data in transit (HSTS enforced)
  • Role-based access control (SUPER_ADMIN, ADMIN, USER) limiting data visibility
  • Automated brute-force detection and login alert notifications
  • Exception handling that never exposes internal error details to end users

In the event of a data breach affecting client data, TronicGen will notify the affected institution as soon as reasonably possible.

6

Third-Party Services

GenixEdu may use the following third-party services to deliver platform functionality:

  • SMSLenz (smslenz.lk) — a Sri Lanka-based SMS gateway for parent and staff notifications. Only the destination phone number and message content are transmitted.
  • Gmail SMTP (Google) — used to deliver email notifications and OTP codes for institutions outside Sri Lanka. Google's privacy policy applies.
  • Cloud infrastructure providers — used for hosting the application and database under their own data protection agreements.

TronicGen does not share data with any advertising networks or analytics platforms beyond those required to operate the service.

7

Data Retention

Student and academic records are retained for as long as the client institution requires. Archived student records remain accessible until permanently deleted by authorised institution staff.

Message logs and system audit records are subject to periodic cleanup by the institution's system administrator using the platform's built-in report cleanup tools.

Upon termination of service, institutions may request a data export within 30 days before records are permanently purged from TronicGen's systems.

8

OTP and Authentication Security

One-time passwords (OTPs) are delivered via SMS (Sri Lanka) or email (other countries) and are never stored in the database. Only a generic log entry is retained — the OTP code itself is held in server memory and expires within 10 minutes.

Staff members are responsible for keeping OTP codes, passwords, and PINs confidential. TronicGen will never ask for your password or OTP via email or phone.

9

Cookies and Local Storage

GenixEdu uses browser local storageto persist user interface preferences (such as theme and exam entry mode settings) on the user's device. This data is stored locally and is not transmitted to TronicGen's servers.

The platform uses session-level authentication tokens (JWT) stored in browser memory. We also use analytics cookies (Google Analytics) to understand how visitors use the site — you can decline these via the cookie banner on your first visit.

10

Your Rights

Individuals whose data is held within GenixEdu may request the following through their institution's authorised administrator:

  • Access to personal data held about them in the system
  • Correction of inaccurate or incomplete records
  • Deletion of records where no longer required
  • Information about how their data is processed

For concerns about how TronicGen processes data as a processor, contact tronicgen@gmail.com.

11

Changes to This Policy

TronicGen may update this Privacy Policy periodically to reflect changes in the platform, applicable law, or our data practices. Client institutions will be notified of material changes via the platform or email. The effective date at the top of this page indicates the most recent revision.

Privacy enquiries & data requests — contact TronicGen:

tronicgen@gmail.com
Colombo, Western Province, Sri Lanka
tronicgen.com