Privacy Policy for Gyain

Effective Date: September 1, 2025

1. Introduction

Gyain Applications Private Limited ("Gyain", "we", "us", or "our") operates the Gyain AI-powered educational platform ("Service"). This Privacy Policy describes how we collect, use, process, store, and disclose your personal information, especially for users who are minors (under 18 years of age), in compliance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules").

Your privacy, and particularly the privacy of children, is of utmost importance to us. By using Gyain, you (and your parent or legal guardian, if you are a minor) consent to the practices described in this policy.

2. What Information We Collect

We collect the following types of information:

a. Information You Provide Directly:

• Account Registration Data: When you create an account, we collect your name, email address, password, date of birth, and educational institution (optional). For minors, we also collect the Parent/Guardian's name, email address, and phone number for consent and verification.
• Profile Information: Any additional information you choose to add to your profile, such as grade level, subjects of interest.
• Payment Information: If you subscribe to a paid service, your payment details (e.g., credit card number, expiry date) are collected and processed by our third-party payment gateway (e.g., PhonePe). We do not store full payment card details on our servers but receive transaction confirmations and limited payment information (e.g., last 4 digits of card, transaction ID).
• Communications: Records of your correspondence with us (e.g., customer support inquiries, feedback).

b. Information We Collect Automatically (Usage Data):

• Device and Usage Information: When you access Gyain, we automatically collect information about your device and how you use the Service, including your IP address, browser type, operating system, device identifiers, pages viewed, features used, and the time and date of your visit.
• Interaction with AI: We collect data on your interactions with our AI (e.g., queries submitted, AI responses generated, engagement with learning materials). This data is anonymized where possible for product improvement.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to understand user activity, improve our Service, and for analytics. You can manage your cookie preferences through your browser settings.

3. Specific Provisions for Children's Personal Data (Users Under 18 Years of Age)

Gyain is committed to protecting the privacy of children. As per the DPDP Act, we adhere to the following:

• Verifiable Parental Consent: For any user identified as a Minor (under 18 years of age) during registration, we will implement a process to obtain verifiable consent from their Parent/Guardian before processing the Minor's personal data. This process may involve sending an email to the Parent/Guardian, asking for a confirmation step, or other reasonable methods to ensure consent is genuinely provided by an adult. Access to certain features may be limited until verifiable consent is obtained.
• No Tracking or Behavioral Monitoring: We do not engage in tracking or behavioral monitoring of Minors. We use aggregated and anonymized data for product improvement, but individual Minor activity is not tracked for profiling.
• No Targeted Advertising: We do not undertake targeted advertising directed at Minors.
• No Harmful Processing: We will not process personal data of Minors in a manner that is likely to cause harm to a child.
• Parent/Guardian Rights: Parents/Guardians have the right to review the personal information collected from their child, request its deletion, and refuse to permit its further collection or use. Please contact our Grievance Officer for such requests.

4. How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Maintain the Service: To operate Gyain, create and manage your account, provide AI-powered educational assistance, and deliver content.
• To Personalize Learning: To understand your learning patterns and preferences to offer a more tailored and effective educational experience (e.g., suggesting relevant topics).
• To Process Payments: To process your subscription fees and manage billing.
• To Improve Our Service: To analyze usage trends, identify areas for improvement, and develop new features. This often involves using aggregated and anonymized data.
• To Communicate with You: To send service-related notifications, updates, security alerts, and respond to your inquiries. For Minors, communication regarding their account may also be sent to their Parent/Guardian.
• For Security and Fraud Prevention: To protect Gyain and our users from unauthorized access, fraud, and other illegal activities.
• To Comply with Legal Obligations: To meet our legal and regulatory requirements, including those under the DPDP Act and IT Rules.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following limited circumstances:

• With Your Consent: We may share information if you (or your Parent/Guardian, for Minors) give us explicit consent.
• Third-Party Service Providers: We engage trusted third-party service providers to perform functions on our behalf, such as:
  • Payment Gateways: For processing payments (e.g., PhonePe). We share necessary transaction data but do not store full payment card details.
  • Cloud Hosting: For storing our data securely.
  • Analytics Providers: For analyzing user behavior (using anonymized and aggregated data where possible).
  • Email Communication Services: For sending transactional and marketing emails (only with opt-in consent for marketing).

  These providers are contractually obligated to protect your data and use it only for the purposes specified by us.

• Legal Requirements: We may disclose your information if required to do so by law, in response to a court order, subpoena, or other legal process, or if we believe it's necessary to protect our rights, property, or safety, or the rights, property, or safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you of any such transfer.
• Aggregated or Anonymized Data: We may share aggregated or anonymized data (which cannot be used to identify you personally) with third parties for research, analytics, or service improvement.

6. Your Rights (as a Data Principal under DPDP Act)

You (and your Parent/Guardian, for Minors) have certain rights regarding your personal data:

• Right to Access: You have the right to request access to your personal data held by us.
• Right to Correction: You have the right to request the correction of inaccurate or incomplete personal data.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data, subject to certain legal exceptions (e.g., data required for legal compliance).
• Right to Grievance Redressal: You have the right to have your grievances redressed by a Data Fiduciary.
• Right to Nominate: You have the right to nominate another individual who shall exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact our Grievance Officer at the contact details provided below. We will respond to your request within a reasonable timeframe as required by law.

7. Data Security

We implement reasonable security practices and procedures as per the SPDI Rules and industry best practices to protect your personal data from unauthorized access, loss, misuse, alteration, or destruction. These measures include:

• Encryption: Data is encrypted both in transit (using SSL/TLS) and at rest.
• Access Controls: Strict access controls are in place to limit who can access your personal data.
• Firewalls: We use firewalls and other network security measures.
• Regular Audits: Our security measures are regularly reviewed and updated.
• Employee Training: Our employees are trained on data protection and privacy best practices.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. When your personal data is no longer required for these purposes, we will securely delete or anonymize it.

9. Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you (and your Parent/Guardian if you are a Minor) of any material changes by posting the updated Privacy Policy on this page, updating the "Effective Date" at the top, and/or by sending an email notification to the email address associated with your account. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised terms.

11. Contact Information & Grievance Redressal

If you have any questions, concerns, or grievances about this Privacy Policy or our data practices, please contact our Grievance Officer:

Grievance Officer: Vinod Gupta
Email: grievance@gyain.com
Address: Gyain Applications Private Limited,
B-29, Second Floor, Kalkaji, Delhi 110019, India.

We are committed to resolving any complaints about our collection or use of your personal data.