Privacy Policy
Last Updated: April 2026
1. Who We Are
InstitutionKit is a self-hosted WordPress ERP plugin developed and maintained by Kashif Mukhtar (“we,” “our,” or “us”). Our website address is: https://institutionkit.com.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or communicate with us.
2. The Core Principle: Your Data Stays on Your Server
InstitutionKit is a self-hosted software plugin. Once installed on your WordPress server, the software operates entirely within your own hosting environment. We do not have access to:
- Your student records
- Your staff or teacher data
- Your financial information, invoices, or payroll
- Attendance logs, gradebooks, or examination results
- Any parent, student, or staff personally identifiable information (PII) stored within your InstitutionKit installation
You own and control 100% of your data at all times. Nothing is transmitted to our servers as part of normal operation.
3. Information We Do Collect
When you interact with institutionkit.com — our marketing and license management website — we may collect the following:
3.1 Information You Provide Voluntarily
| Activity | Data Collected |
|---|---|
| Purchasing a license | Name, email address, billing details, domain name |
| Contacting support | Name, email address, message content |
| Subscribing to updates | Email address |
3.2 Information Collected Automatically
| Data | Purpose |
|---|---|
| IP address | Security, fraud prevention, geographic analytics |
| Browser type & version | Compatibility optimization |
| Pages visited on our site | Content improvement |
| Referring URL | Traffic source analysis |
This data is collected through standard server logs and may use cookies or similar technologies.
4. License Verification
InstitutionKit performs periodic license verification to validate active subscriptions and enable automatic updates. During this process:
- Your domain name and license key are transmitted to our license server via an encrypted HTTPS connection
- No student, staff, financial, or operational data is ever transmitted — only the license key and domain are checked
- This verification is essential for receiving security updates, new features, and support access
5. How We Use Your Information
We use the limited information we collect for these purposes only:
| Purpose | Details |
|---|---|
| License management | Activating, validating, and renewing software licenses |
| Customer support | Responding to your inquiries and providing technical assistance |
| Service improvement | Understanding how our website is used to improve user experience |
| Communication | Sending important updates about your license, security notices, or product changes |
| Legal compliance | Responding to lawful requests and protecting our legal rights |
We never sell, rent, or trade your personal information to third parties.
6. Payment Processing
All payments for InstitutionKit licenses are processed through secure, PCI-compliant third-party payment gateways. We do not store or have access to your complete credit card numbers, bank account details, or payment credentials. Our payment processors may collect and process your payment information according to their own privacy policies.
7. Cookies
Our website may use cookies for the following purposes:
| Cookie Type | Purpose |
|---|---|
| Essential cookies | Required for website functionality and license verification |
| Analytics cookies | Understanding site usage (if analytics tools are active) |
| Preference cookies | Remembering your preferences for future visits |
You can disable cookies through your browser settings. However, some features of our website and license verification may not function properly without them.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information:
- All data transmission between your browser and our servers is encrypted via HTTPS/SSL
- License verification communications are encrypted end-to-end
- Our servers employ firewalls, intrusion detection, and regular security audits
- Access to personal data is restricted to authorized personnel only
Regarding your InstitutionKit installation: Security is your responsibility and depends on your own hosting environment. InstitutionKit includes a 7-layer security model (authentication, role verification, capability enforcement, campus boundaries, nonce protection, input sanitization, and SQL escaping) to protect data within your installation.
9. Data Retention
| Data Type | Retention Period |
|---|---|
| License & purchase records | Duration of license + 3 years for legal/accounting compliance |
| Support communications | 2 years from last interaction |
| Website analytics | 26 months (or as configured in analytics tools) |
| Email subscriptions | Until you unsubscribe |
10. Third-Party Services
We may use the following third-party services that have their own privacy policies:
| Service | Purpose |
|---|---|
| Payment processors | Handling license purchases |
| Email service providers | Delivering support emails and notifications |
| Website analytics | Understanding site traffic |
These third parties are contractually obligated to protect your data and use it only for the specified purposes.
11. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data we hold |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your personal data |
| Restriction | Limit how we process your data |
| Portability | Receive your data in a structured format |
| Objection | Object to processing based on legitimate interests |
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
12. Children’s Privacy
InstitutionKit is a tool used by educational institutions. The school or institution that installs InstitutionKit is the data controller for any student data entered into the system. We do not directly collect, store, or process student data on our servers.
If you are a parent or guardian and have questions about how your child’s school handles their data, please contact the school directly.
13. International Data Transfers
Our website and license servers may be hosted in various locations. If you are accessing our services from outside the hosting country, your information may be transferred across international borders. We ensure appropriate safeguards are in place for such transfers.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via:
- A notice on our website
- Email to license holders (for significant changes)
- Updated “Last Updated” date at the top of this page
Continued use of our services after changes constitutes acceptance of the updated policy.
15. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
| Channel | Details |
|---|---|
| [email protected] | |
| 📞 Phone | +92 300 455 1325 |
| 🌐 Website | https://institutionkit.com |
This Privacy Policy is effective as of the “May-16-2026” date and supersedes all prior versions.
