Contents
1. Who this applies to
This Privacy Policy applies to everyone who uses AISTeA — students, parents, teachers, school administrators, and anyone who visits aistea.in, app.aistea.in, or our Android application.
It is published by the AISTeA team, the data fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act).
2. Information we collect
We collect only what we need to deliver the service. Specifically:
| Category | Examples | Source |
|---|---|---|
| Account details | Name, email, phone, password (hashed), grade, board, regional language | You, at registration |
| School details (if applicable) | School name, admin name, school logo, plan tier | School admin, when onboarding |
| Learning activity | Topics studied, quiz scores, homework history, study plan progress | Generated as you use the app |
| AI inputs | Homework photos, chat messages, voice clips you record | You, when you use the AI features |
| Device & usage data | Browser type, OS, app version, IP address, anonymous error reports | Automatically |
| Payment data | Plan name, billing amount, payment ID, payment date | Razorpay (we never see your card / UPI credentials) |
| Push notification token | Firebase Cloud Messaging device token | Your device, when you install the app |
3. How we use your information
- Deliver the service — generate personalised study plans, grade quizzes, surface book-grounded summaries, and answer homework questions.
- Improve the AI — analyse aggregated, de-identified usage patterns to refine prompts and content quality. We do not use your individual chats or homework photos to train third-party AI models.
- Communicate with you — send transactional emails (account confirmations, receipts, password resets) and optional study reminders via push or email.
- Process payments — fulfil subscriptions through our payment processor.
- Keep the service safe — detect abuse, prevent cheating on school exams, and enforce our Terms.
- Comply with law — respond to lawful requests from courts or authorities under Indian law.
5. AI processing & your content
- When you submit a homework photo, chat message, or voice clip, the content is sent to Google Gemini for processing.
- Google's API terms for Gemini state that content sent via the paid API is not used to train Google's foundation models.
- We cache AI-generated summaries (book-grounded topic notes) at the platform level so that the same topic doesn't need to be regenerated repeatedly. Cached summaries are linked to the topic, not to your account.
- Chat messages and homework photos are stored in Firestore so you can revisit them in your chat history. You can delete individual chat sessions or your entire account to remove them.
6. Children's privacy
- AISTeA is designed for students in Grades 1–12. Many of our users are under 18.
- Under the DPDP Act 2023, processing of a child's personal data requires verifiable parental consent. When a user is identified as a minor, we expect the parent or guardian to register or to consent during registration.
- We do not show behavioural advertising to children and do not profile a child's data for marketing purposes.
- A parent can request access to, correction of, or deletion of their child's data by emailing karthikeyan@aistea.in.
8. How long we keep your data
- Active accounts — as long as your account is open.
- Deleted accounts — personal data is purged within 30 days of account deletion, except where retention is legally required (e.g. payment records for tax purposes).
- Aggregated/de-identified data — may be retained indefinitely for product analytics.
- Backups — full deletion from backups may take up to 90 days.
9. Security
- Data in transit is protected by HTTPS (TLS 1.2+).
- Passwords are hashed using industry-standard algorithms — we never store plaintext passwords.
- Access to production data is restricted to a small number of authorised AISTeA team members and is audited.
- No system is perfectly secure. If we discover a data breach affecting your information, we will notify affected users and the Data Protection Board of India where required by the DPDP Act.
10. Your rights
Under the DPDP Act and applicable law, you have the right to:
- Access — ask for a copy of the personal data we hold about you.
- Correct — update inaccurate information from your profile page or by emailing us.
- Delete — close your account, which triggers deletion (see Retention above).
- Withdraw consent — opt out of optional processing like push notifications or marketing emails.
- Nominate — designate another person to exercise your rights in case of death or incapacity.
- Grievance redressal — raise a complaint with our grievance officer (contact below). If unresolved, escalate to the Data Protection Board of India.
To exercise any of these rights, email karthikeyan@aistea.in. We respond within 30 days.
11. School-managed accounts
If your account was created by a school administrator, the school is treated as the data principal's representative for routine matters (creating the account, setting class rosters, viewing performance dashboards). AISTeA remains the data fiduciary responsible for security and lawful processing. If you want to take your data with you when leaving the school, contact us and we'll export it for you.
12. International data transfers
Our infrastructure is hosted primarily in Google Cloud's asia-south1 region (Mumbai, India) to keep your data inside India. Some sub-processors (e.g. Google Gemini API endpoints, Firebase Cloud Messaging) may temporarily process data in other regions. We rely on Google's standard contractual clauses and data-processing terms to govern these transfers.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or an in-app banner at least 7 days before they take effect. The "Last updated" date at the top of this page tells you when the policy last changed.
14. Contact & grievance officer
For any privacy question, request, or complaint, contact our grievance officer:
- Name: Karthikeyan (Founder, AISTeA)
- Email: karthikeyan@aistea.in
- WhatsApp: +91 93458 41136
If you believe your rights under the DPDP Act have not been honoured, you may escalate to the Data Protection Board of India.