Terms & Conditions
Clear guidelines that define how Asaman works and protects its users.
Terms of Services
Global Privacy Policy
Data Processing Agreement
Cookies And Tracking Policy
Acceptable Use Policy (AUP)
AI And Safeguarding Statement
Data Protection And Security Overview
Data Retention And Off-Boarding Policy
Parental Consent And Minor Data Notice
Asaman Data And Privacy Governance Framework
Asaman Data And Privacy Governance Framework
Effective Date: Oct 28th, 2025
The Asaman Data and Privacy Governance Framework establishes the comprehensive structure for managing data privacy across our organization. It includes governance roles, decision-making processes, and accountability measures to ensure consistent and compliant data handling practices.
- Overview
- General Data Protection Regulation (GDPR) (EU)
- Family Educational Rights and Privacy Act (FERPA) (USA)
- Children's Online Privacy Protection Act (COPPA) (USA)
- Personal Information Protection Law (PIPL) (China)
- Global Legal And Operational Structure
- Infrastructure And Data Protection Standards
- Policy And Documentation Suite
- Implementation & Oversight
- Public Transparency: All public policies are published on www.asaman.net/terms-and-policies for review by schools, parents, and regulators.
- Contractual Assurance: After onboarding, each client school signs the Terms of Service, DPA, and SLA.
- Internal Governance: Asaman maintains version-controlled policies, breach-response protocols, and an access-log audit trail that is reviewed quarterly.
- Compliance Contact
- Contact email: support@asaman.net
- Website: www.asaman.net
- Entity: Asaman Technologies Ltd. (United States) and Regional Operations in Asia (China)
- Commitment Statement
Asaman Technologies Ltd. is a globally operated education technology (Ed-Tech) company incorporated in the United States, with regional operations in Asia to support schools across Mainland China and the Asia-Pacific region. Our mission is to deliver secure, compliant, and efficient digital tools for School Activities Management.
Asaman adheres to international and local data-protection laws, including:
Our governance model ensures that each school retains ownership and control of its data, while Asaman acts strictly as a data processor providing technical infrastructure and support.
The following table summarizes Asaman's global legal and operational structure:
| Area | Asaman Standard | Purpose & Compliance Reference |
|---|---|---|
| Legal Entity | Operates as Asaman Technologies Ltd., a global company headquartered in the United States with regional operations in China. | Establishes international legal standing and enables local compliance for Chinese operations. |
| Legal Jurisdiction | Contractual and privacy matters governed by Singapore or Hong Kong law. | Provides neutral, English-law-based jurisdiction accepted by international schools. |
| Hosting & Infrastructure | Global cloud infrastructure across AWS and Azure with regional hosting in Asia Pacific (including Alibaba Cloud for Mainland China), Europe, and North America. | Ensures data residency flexibility in compliance with GDPR Art. 44 (data transfers) and PIPL Art. 40 (local storage). |
| Privacy Wording (Disclosure) | "For schools operating in Mainland China, data is hosted regionally in compliance with PIPL. For all other clients, data is hosted in AWS/Azure data centers nearest to their region." | Clarifies that China hosting is a compliance measure, not a corporate base. |
| Domain Strategy | All services provided through asaman.net (global domain). A mainland mirror is operated under ICP license for regulatory compliance. | Maintains international brand identity while fulfilling Chinese ICP obligations. |
| ICP / Local Partner | Mainland operations filed via a licensed partner entity for compliance with Chinese network and hosting laws. | Meets PRC legal hosting requirements without altering global governance structure. |
Core Principle: Data is always processed within the region of the school's choice. No cross-border transfer occurs without explicit, written authorization from the school.
The table below outlines Asaman's infrastructure and data-protection standards across key operational areas:
| Area | Asaman Standard | Purpose & Compliance Reference |
|---|---|---|
| Hosting Architecture | Multi-region, fault-tolerant infrastructure across Asia-Pacific, Europe, and North America. | Guarantees service continuity and compliance with GDPR Art. 32 (security of processing). |
| Data Isolation | Each school is assigned a dedicated logical database; backups are encrypted and regionally stored. | Prevents cross-institution data access and supports ISO 27001 segmentation principles. |
| Encryption & Security | All data encrypted in transit (TLS 1.3) and at rest (AES-256); admin access protected by MFA and logged. | Meets international security standards and minimizes breach risk. |
| Support & Service Availability | Human support available 10:00 – 19:00 local time (Beijing & Americas); emergency coverage during enrollment periods; 98.5–99% uptime target. | Exceeds standard SaaS response SLAs; aligned with ISO 22301 (business continuity). |
| Data Scope | Processes only activity-related data (enrollment, schedules, attendance, payments, communications). No medical or biometric information is stored. | Limits scope to non-sensitive categories under GDPR Art. 9 and PIPL Art. 28. |
| Data Retention & Offboarding | Schools may export data (CSV/Excel) upon termination. Data retained for 90 days for retrieval, then securely deleted within 12 months. | Complies with GDPR Art. 5 (data minimisation) and PIPL Art. 47 (deletion). |
| Data Sovereignty | Data hosted regionally; no transfers outside the region without written consent. | Protects institutional autonomy and complies with cross-border data-transfer regulations. |
| Compliance Standards | Controls aligned with ISO 27001 and SOC 2 principles; certification in progress. | Demonstrates commitment to global information-security frameworks. |
The table below summarizes Asaman's core policy and documentation suite, along with visibility and compliance purpose:
| Document | Visibility | Purpose & Compliance Reference |
|---|---|---|
| Terms of Service (China + International) | Contractual | Defines the service relationship, obligations, liability limits, and data-return procedures. |
| Acceptable Use Policy | Public | Establishes conduct and safeguarding expectations for staff, parents, and providers. |
| Global Privacy Policy + China Appendix | Public | Outlines data-collection scope, processing basis, retention, and rights of access and deletion. |
| Data Processing Agreement (DPA) | Contractual | Identifies School = Controller and Asaman = Processor; details breach-notification and sub-processor obligations. |
| Parental Consent & Minor Data Notice | Public / Internal | Confirms parental consent management is handled by schools; Asaman doesn't collect data directly from minors. |
| Service Level Agreement (SLA) | Contractual / Public summary | Defines uptime targets, backup cycles, and support availability. |
| Cookie & Tracking Policy | Public | Describes cookie use for authentication and analytics in accordance with GDPR Art. 6. |
| Data Protection & Security Overview (Trust Pack) | Sales Collateral | Summarizes technical safeguards for prospective partners and auditors. |
| Data Retention & Offboarding Policy | Contractual | Provides clear retention timelines and deletion verification process. |
| AI & Safeguarding Usage Notice | Public (optional) | Ensures AI features never process identifiable or cross-school datasets. |
Operational Practices
Asaman Technologies Ltd. is committed to upholding the highest standards of data protection and operational integrity. We guarantee that every record entrusted to our platform is handled with transparency, accountability, and full respect for the rights of students, parents, and educators.