EdukshaPrivacy Policy
Effective date: 5 May 2026 · Last updated: 5 May 2026
This Privacy Policy explains what information Eduksha (“we”, “us”) collects when a parent and their child use the Eduksha mobile application and this website (together, the “Service”), how we use it, who we share it with, and the choices available to families.
Eduksha is operated as a personal venture from India and is intended for use by parents on behalf of their children, primarily aged 8–13. Parents are the account holders. Children use the Service through a parent-managed profile.
1. Who this policy applies to
The Service has two roles:
- Parents — sign up with a phone number, set up child profiles, and review submissions.
- Children — use a child profile created by a parent. Children do not create their own accounts and do not log in with email or social-media credentials.
Because Eduksha is directed in part to children under 13, we treat all child-profile data with the stricter standard required by India's Digital Personal Data Protection Act, 2023 (DPDPA) and, where applicable, the United States' Children's Online Privacy Protection Rule (COPPA) and the EU General Data Protection Regulation (GDPR). Parental consent — captured the first time a parent signs in — is required before any child profile is created.
2. Information we collect
We only collect the data we need to operate the Service. We do not buy data from third parties or build advertising profiles.
From the parent
- Phone number (used for OTP-based sign-in via Firebase Authentication).
- Parent display name and avatar emoji, if provided.
- Push notification token (Firebase Cloud Messaging) so we can notify you of pending reviews.
- Device identifiers required by Google Play Integrity App Check to confirm the request is coming from a legitimate Eduksha install.
From / about the child
- Child's first name (or nickname).
- Class / grade and board (e.g. CBSE).
- Gender (used only to pick a default avatar; never disclosed to third parties or other users).
- Optional date of birth, if the parent provides one.
- 4-digit PIN set by the parent for the child's device (stored hashed).
- Push notification token, if the child is on a paired device.
Activity created inside the app
- Photos of homework, notes, and worksheets uploaded by the child.
- Selected MCQ answers and last-attempt scores.
- Written-answer text and the AI-generated feedback we return.
- Tasks assigned by the parent, the child's submission, and the parent's review note.
- Streak and milestone counters.
- A short list of friend connections (parent ID, child ID, name, class), created only when one parent shares a referral link and another parent claims it for their child.
From the device / network
- Approximate IP address (collected automatically by Google Cloud when the app talks to our servers — used for security and abuse prevention).
- Crash and stability logs if you opt in to Google Play crash reporting.
- Install-referrer code from Google Play, used once on first launch to attribute deferred deep-link friend invites.
We do not collect: precise location, contacts, microphone audio, camera video (the camera permission is used only to take homework photos that the child manually submits), browsing history outside the app, or any social-media data.
3. How we use the information
| What we do | What it relies on |
|---|---|
| Sign you in and keep your session | Phone number + Firebase Auth |
| Show your child their daily learning, news, and lessons | Profile + activity records |
| Generate practice quizzes and grade written answers | Photo / text + Google Gemini API |
| Notify the parent or child about milestones and submissions | FCM token + activity records |
| Show streaks, accuracy, and topic counts in the Profile tab | Aggregated activity |
| Show kid-safe news in “Eduksha Times” | One Gemini call per day for the entire user base; no per-user data is sent |
| Connect children whose parents share a referral link | Friend connection records on both child profiles |
| Detect abuse and block fraudulent installs | Play Integrity App Check + IP address |
We do not use any of this information for behavioural advertising, profiling for marketing, or selling to data brokers.
4. Who we share information with
We share data only with the third parties strictly required to run the Service:
- Google LLC / Firebase — authentication, Firestore database, Cloud Storage for photos, Cloud Functions, Cloud Messaging, App Check, Crashlytics (if enabled). Google acts as our data processor.
- Google Gemini API — receives a child's homework photo or written answer when generating quizzes / feedback. We do not include the child's name or any PII in the prompt; only the academic content. Per Google's API terms, prompts and outputs are not used to train Google's general-purpose models.
- Google Play / Android — install-referrer and notification delivery infrastructure.
We do not share information with any other third party. We do not sell, rent, or trade personal data.
5. Where data is stored
Your data is stored on Google Cloud infrastructure (regions managed by Google, primarily Mumbai-based for Indian users). Photos are stored in Cloud Storage. Profile and activity records are stored in Firestore. We rely on Google's encryption-at-rest and TLS-in-transit by default.
6. How long we keep it
We retain data for as long as your account is active. If a parent deletes the account, child profile, or specific upload, we delete the underlying records and photos within 30 days. Backup copies are purged within an additional 90 days according to Google Cloud's normal retention. See Account Deletion for the exact steps.
7. Your rights
Under DPDPA, GDPR, and similar regimes, you can:
- Access the personal data we hold about you and your child.
- Correct inaccurate information from inside the app, or by emailing us.
- Delete your account and all child data — see here.
- Object to specific processing.
- Withdraw consent at any time. Note that withdrawing consent will end the Service for the affected child profile.
- Lodge a complaint with India's Data Protection Board or your local supervisory authority.
To exercise any of these rights, email privacy@eduksha.in. We will respond within 30 days.
8. Children's privacy
Eduksha is built for kids, and we take this seriously:
- No child can sign up without a parent's verified phone-OTP session creating their profile.
- News and AI-generated content is filtered against a strict child-safety prompt that excludes violence, politics, religion, and scary or distressing themes.
- The app contains no advertising, no behavioural tracking, no chat with strangers, and no in-app purchases targeted at children.
- Friend connections are limited to other children whose parents have explicitly shared and claimed a referral link. Children cannot search for or contact other users.
- If we ever learn a child has signed up without parental consent, we will delete the relevant data and the parent's record promptly.
9. Security
We rely on Google Cloud's enterprise security stack: TLS for data in transit, AES-256 encryption at rest, and Firestore security rules that limit each parent / child to their own subtree. Cloud Functions are protected by App Check. Despite these controls, no system is perfectly secure, and we encourage you to use a strong password / lock on your device and not share OTPs or PINs.
10. Changes to this policy
We may update this policy from time to time as the Service evolves. The “Last updated” date at the top will reflect the most recent revision. Material changes will also be announced inside the app.
11. Contact us
For privacy questions, deletion requests, or anything in this document:
- Email: privacy@eduksha.in
- General support: hello@eduksha.in
You can also reach the operator at the postal address listed in the Google Play store listing.