Privacy Policy
Legal
Privacy Policy
Effective date: 1 June 2025 · Applies to: https://vidhyaai.app
This Privacy Policy explains how VidhyaAI (“we”, “our”, “us”) collects, uses, stores, and protects information when you use our application. It is governed by the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and its Rules, and the Consumer Protection Act, 2019.
1. Who we are
VidhyaAI is an AI-powered educational technology platform designed to help children in Grades 1–8 understand their school curriculum. The platform is operated for use within India and is intended for use by parents on behalf of their minor children.
We act as the Data Fiduciary as defined under the DPDP Act, 2023. If you have any questions about this policy, contact us at hello@vidhyaai.app.
2. Information we collect
We collect the minimum information necessary to provide the service:
- Parent account: name, email address, and Google account identifier (via Google Sign-In). No password is stored by us.
- Child profile: first name, grade, school board, state, preferred explanation language. No surname, date of birth, photograph, or government ID is collected.
- Learning activity: textbook pages scanned (image data), AI-generated explanations viewed, quiz attempts, revision card interactions, and doubts asked.
- Device and usage data: device type, operating system, app version, session timestamps, and error logs — collected automatically to maintain service quality.
- Payment: if you subscribe to the paid plan, payment is processed by Razorpay. We do not store your card number, UPI ID, or bank details.
We do not collect: precise location, contacts, microphone audio (voice input is processed in-browser and not sent to our servers), or any biometric data.
3. Children's data — special protections
- Child data is NEVER sold, rented, or shared with advertisers or third-party marketers.
- Child data is NEVER used to build advertising profiles or to target advertising of any kind.
- Child data is used ONLY to personalise and improve the child's learning experience within the VidhyaAI application — specifically: generating grade-appropriate explanations, tracking revision progress, identifying weak topics, and producing the parent's weekly digest.
- Textbook page images are sent to Google Gemini (our AI provider) solely to generate educational explanations. Images are not stored by Google for training purposes under our API agreement.
- The parent's email is the only contact point. We do not collect the child's email address, phone number, or social media profiles.
- Parents may request deletion of all child data at any time by writing to hello@vidhyaai.app. We will delete within 30 days.
Under the DPDP Act 2023, processing of personal data of children requires verifiable parental consent. By creating an account and setting up a child profile, the parent provides that consent on behalf of the child.
4. How we use your information
We use collected data for the following purposes only:
- Providing the service: generating AI explanations, quizzes, revision schedules, and video recommendations.
- Parent dashboard: compiling the weekly learning digest sent to the parent's registered email.
- Service improvement: analysing aggregate, anonymised usage patterns to improve AI accuracy and app performance.
- Security and fraud prevention: detecting abuse, rate-limiting scan requests, and protecting account integrity.
- Legal compliance: retaining records as required by Indian law.
We do not use your data for: advertising, cross-app tracking, selling to data brokers, or any purpose not listed above.
5. Data sharing and third parties
We share data only with the following sub-processors, each bound by a data processing agreement:
- Google Firebase — authentication, database, cloud storage, hosting, and analytics. Data stored in Google's servers (us-central1 region by default).
- Google Gemini API — AI explanation and quiz generation. Images and text sent are processed per Google's API data usage policy; not used for model training under enterprise API terms.
- YouTube Data API — fetching relevant educational video recommendations. No user data is sent to YouTube; only topic keywords are used in search queries.
- Razorpay — payment processing for the ₹100/month subscription. Razorpay is a PCI-DSS compliant Indian payment processor.
- SendGrid / Gmail SMTP — sending weekly email digests to the parent's registered email.
We do not share data with any other third parties. We do not sell data under any circumstances.
6. Data retention
- Active accounts: data retained while the account is active.
- Deleted accounts: all personal data deleted within 30 days of a deletion request.
- Scan images: deleted from our servers within 7 days of processing. Only the AI-generated explanation is retained.
- Payment records: retained for 7 years as required by the Income Tax Act, 1961.
- Anonymised aggregate analytics: retained indefinitely (no personal identifiers).
7. Your rights under the DPDP Act 2023
As a Data Principal under the DPDP Act, you have the right to:
- Access: request a summary of personal data we hold about you.
- Correction: request correction of inaccurate or incomplete data.
- Erasure: request deletion of your account and all associated data.
- Grievance redressal: raise a complaint with our Grievance Officer (see Section 11).
- Nomination: nominate a person to exercise your rights in case of death or incapacity.
To exercise any of these rights, email hello@vidhyaai.app with the subject line “Data Rights Request”. We will respond within 72 hours and complete the request within 30 days.
8. Security
We implement industry-standard security measures including:
- All data in transit encrypted via TLS 1.2+.
- Firestore data encrypted at rest by Google.
- Firebase Authentication handles all credential management — we never see your password.
- Parent PIN stored as a salted bcrypt hash — never in plain text.
- Role-based access controls on all Cloud Functions.
- Rate limiting on all AI-powered endpoints to prevent abuse.
No system is 100% secure. If you discover a security vulnerability, please report it responsibly to hello@vidhyaai.app.
9. Cookies and local storage
We use browser local storage and session storage solely to maintain your login session and application preferences (theme, language). We do not use advertising cookies or third-party tracking cookies. The app does not use Google Analytics or Facebook Pixel.
10. Changes to this policy
We will notify you of material changes to this policy via email to your registered address at least 14 days before the change takes effect. Continued use of the app after that date constitutes acceptance of the revised policy.
11. Grievance Officer
In accordance with the Information Technology Act, 2000 and the DPDP Act 2023, we have appointed a Grievance Officer:
Grievance Officer
VidhyaAI
Email: hello@vidhyaai.app
Response time: within 72 hours of receipt
12. Governing law and jurisdiction
This Privacy Policy is governed by the laws of India. Any disputes arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts of Mumbai, Maharashtra.