LearningPad

Why Choose Us Curriculum Content Licensing Our Customers Contact Us About Us

Privacy Policy

Effective Date: 01 January 2025

Last Updated: 13 November 2025

Governing Law & Jurisdiction: Laws of India. Exclusive jurisdiction of the courts in Hyderabad, Telangana, India.

1.1 Introduction

LearningPad Education Solutions Private Limited ("LearningPad", "we", "us" or "our") is committed to protecting the privacy and security of personal data processed in connection with our platform, services, website, and mobile applications (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, transfer, and retain personal data. It also describes the rights available to data principals and the process for exercising those rights.

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), Information Technology Act, 2000 and rules made thereunder. Any dispute arising out of this Policy shall be subject to the exclusive jurisdiction of courts in Hyderabad, Telangana, India.

Scope

This Policy applies to all LearningPad users, including students, parents, teachers, institutional administrators, visitors, subscribers, and other data principals whose information we collect or process.

Effective Date and Changes

This Policy is effective from the 01st January 2025. We may update this Policy periodically. Material changes will be notified by email and by posting a notice on the Platform before the change takes effect.

1.2 Key Contacts

Registered Office: PLOT NO. 20, 21, 22, 26, 27 & 28, KONDAPUR, GACHIBOWLI, SERI LINGAMPALLY, V. RANGAREDDY – 500032, TELANGANA, INDIA.

DPO / Grievance Officer:

LearningPad Education Solutions Private Limited
Email: [email protected]
Phone: +91-9390938141
Working hours: Monday–Friday, 09:00 AM – 06:00 PM IST

For general queries: [email protected]

1.3 Who This Policy Applies To

This Policy applies to:

Registered users (students, parents, teachers, institutional staff)
Visitors to the Platform
Individuals whose data is provided to us by educational institutions

Children: We consider "children" to be individuals under 18 years of age. For users aged 13–17, verifiable parental/guardian consent is required prior to creating an account and before we process their personal data. Users under 13 are not permitted to create accounts on the Platform.

1.4 Data We Collect

We collect categories of personal data necessary for carrying out our operations and providing Platform services. Categories include, but are not limited to:

Identity & Profile

Full name, date of birth, gender, profile photo, student/employee ID

Contact Information

Email addresses, phone numbers, postal address, emergency contact details

Account & Credentials

Username, password (stored hashed), security questions

Educational & Academic Information

Grade/class, school/institution name, enrollment number, attendance records, assessment scores, course progress, certificates

Payment & Billing

Billing name, billing address, transaction history. Note: credit/debit card details are collected by and stored with our third-party PCI-DSS compliant payment processors; LearningPad does not store raw card PAN data on its systems.

Device & Technical Data

IP address, device type, operating system, browser type/version, unique device identifiers, device locale and timezone

Usage & Analytics

Pages viewed, time spent, features used, clickstream data, crash logs, error reports, search queries

User-Generated Content

Assignments, forum posts, uploaded files, audio/video submissions

Communications

Messages to/from support, feedback, chat logs (where applicable)

Location Data (where enabled)

Approximate location derived from IP; precise GPS only when a user explicitly enables location services for a feature

Biometric Data (only with explicit consent)

Face images, facial recognition data for proctoring or secured login — processed strictly on an opt-in basis with enhanced safeguards

Sensitive Categories

We do not collect sensitive personal data beyond the narrow categories described above unless explicit, informed consent is obtained for a specific purpose.

1.5 How We Collect Personal Data

We collect data by the following means:

Directly from you: via registration forms, profile updates, course enrolments, support interactions, assessments
Automatically: cookies, logs, analytics tools, SDKs integrated in our apps
From third parties: institutions providing student rosters, single-sign-on (SSO) providers, social login providers (Google), payment gateways, analytics providers
From parents/guardians: verifiable parental consent records and related communications

1.6 Purposes of Processing & Legal Basis

We process personal data only for specific, lawful purposes. These include:

Service delivery & account management — to register users, authenticate accounts, enable course access, deliver learning content and certificates. (Legal basis: contractual necessity / consent.)
Personalisation & adaptive learning — to recommend content, tailor learning paths, and improve learning outcomes. (Legal basis: consent; aggregated anonymised uses for product improvement.)
Communications — transactional emails (enrolment confirmation, receipts), service notices, optional marketing communications (only with opt-in). (Legal basis: consent for marketing; contractual/legitimate interest for transactional.)
Payments & refunds — processing payments and billing records. (Legal basis: contractual necessity / legal obligations.)
Customer support & troubleshooting — responding to queries and investigating issues. (Legal basis: contractual necessity / legitimate interest.)
Security, fraud detection & compliance — protecting the Platform, complying with legal obligations, responding to legal process. (Legal basis: legitimate interest / legal obligation.)
Analytics & performance monitoring — to understand usage patterns and improve the Platform (consent for non-essential analytics).
Research & aggregated insights — anonymised/aggregated data may be used for educational research and product development.

We will seek explicit, informed consent for processing activities requiring consent under applicable law (for example, biometric processing, marketing communications to adults, and processing of children's data).

1.7 Data Sharing and Disclosure

We may share personal data in the following circumstances:

With educational institutions: for students enrolled through a school/institution, authorised school personnel (teachers and administrators) will have access to learner progress information as necessary to support education delivery.
With service providers (processors): hosting providers, analytics providers, payment processors, email service providers, and other vendors engaged under written data processing agreements which require them to process data only on our instructions and to implement appropriate security measures.
With law enforcement or regulators: when required by court order, subpoena, or other legal processes or to protect rights, property, or safety.
Business transfers: in the event of merger, acquisition, or sale, personal data may be transferred to the successor entity under contractual protections and notice to users.

We do not sell personal data. We will not share student data with advertisers and will not engage in cross-device tracking or behavioural profiling of minors.

1.8 Cross-Border Transfers

Primary data storage and processing occur in India (e.g., cloud infrastructure in Mumbai/India region). Certain service providers (CDNs, analytics, payment processors) may process data outside India. Where cross-border transfers occur, LearningPad will ensure lawful transfers by applying contractual safeguards, Board-approved transfer mechanisms, or other measures required by applicable law.

1.9 Retention & Deletion

We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Suggested retention schedules (subject to legal & contractual requirements):

Active account data: retained while account is active
Inactive accounts: deleted after 24 months of inactivity (30-day notice prior to deletion)
Course completion/learning records: retained for 5 years for certification & audit purposes
Payment & tax records: retained for 7 years to satisfy statutory obligations
Support communications: retained for 3 years

Deletion requests: Data principals may request deletion by using Account Settings > Delete Account, or by emailing [email protected]. We will verify identity and process deletion requests; certain data may be retained if required by law.

1.10 Security

We implement reasonable technical and organisational safeguards, including TLS for data in transit, encryption at rest where appropriate, password hashing (bcrypt/Argon2), role-based access controls, periodic security audits and penetration testing, secure development lifecycle practices, incident response planning, and employee data-protection training.

1.11 Data Breach Notification

If a personal data breach occurs that creates a risk to data principals, we will notify affected individuals and the relevant regulatory authorities in accordance with DPDP Act obligations and guidance issued by the Data Protection Board of India, providing details of the nature of the breach, data affected, mitigation steps, and contact information for the DPO.

1.12 Rights of Data Principals

Subject to verification and legal exceptions, data principals may exercise the following rights in accordance with the DPDP Act:

Right to access personal data
Right to correction/update
Right to erasure (right to be forgotten), subject to legal retention obligations
Right to data portability (request data in machine-readable format such as CSV/JSON)
Right to withdraw consent
Right to nominate a person to exercise rights on your behalf in case of death/incapacity
Right to lodge a grievance with our Grievance Officer and to approach the Data Protection Board of India

How to make requests: Email [email protected] or use the in-app privacy settings. We will verify your identity and endeavour to respond within the statutory timeframe (e.g., 30 days) or, where the law specifies otherwise, in accordance with the Board's timelines.

1.13 Consent Management

We record consent with timestamp, IP address, version of the policy presented, and consent choices. Consent will not be bundled with other terms; for non-essential processing categories (analytics, marketing), users will be offered granular opt-in choices.

1.14 Children's Privacy

We collect children's data only after verifiable parental consent. Typical verifiable mechanisms include parent email verification with an OTP, submission of signed consent forms, or institutional verification through school administrators.

We do not engage in behavioural tracking, targeted advertising, or marketing communications directed at children.

Parents/guardians may access, correct, or request deletion of their child's personal data by contacting [email protected].

1.15 Third-Party Links

Our Platform may contain links to third-party sites (YouTube, partner resources). This Policy does not apply to third-party sites. We recommend reviewing the privacy policies of any third-party websites you visit.

1.16 Complaints & Grievance Redressal

Grievance Officer: LearningPad Education Solutions Private Limited

Email: [email protected]
Phone: +91-9390938141
Address: PLOT NO. 20, 21, 22, 26, 27 & 28, KONDAPUR, GACHIBOWLI, SERI LINGAMPALLY, V. RANGAREDDY – 500032, TELANGANA, INDIA.

Complaints via email will be acknowledged within 48 hours and investigated with a view to providing a resolution within 30 days, unless a longer resolution period is necessary and communicated.

1.17 Updates to Policy

We may update this Policy; material changes will be notified via email and in-app banners where feasible. Continued use of the Platform after notification constitutes acceptance of the updated Policy.