Privacy Policy
Effective Date: 01 January 2025
Last Updated: 13 November 2025
Governing Law & Jurisdiction: Laws of India. Exclusive jurisdiction of the courts in Hyderabad, Telangana, India.
1.1 Introduction
LearningPad Education Solutions Private Limited ("LearningPad", "we", "us" or "our") is committed to protecting the privacy and security of personal data processed in connection with our platform, services, website, and mobile applications (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, transfer, and retain personal data. It also describes the rights available to data principals and the process for exercising those rights.
This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), Information Technology Act, 2000 and rules made thereunder. Any dispute arising out of this Policy shall be subject to the exclusive jurisdiction of courts in Hyderabad, Telangana, India.
Scope
This Policy applies to all LearningPad users, including students, parents, teachers, institutional administrators, visitors, subscribers, and other data principals whose information we collect or process.
Effective Date and Changes
This Policy is effective from the 01st January 2025. We may update this Policy periodically. Material changes will be notified by email and by posting a notice on the Platform before the change takes effect.
1.2 Key Contacts
Registered Office: PLOT NO. 20, 21, 22, 26, 27 & 28, KONDAPUR, GACHIBOWLI, SERI LINGAMPALLY, V. RANGAREDDY – 500032, TELANGANA, INDIA.
DPO / Grievance Officer:
- LearningPad Education Solutions Private Limited
- Email: [email protected]
- Phone: +91-9390938141
- Working hours: Monday–Friday, 09:00 AM – 06:00 PM IST
For general queries: [email protected]
1.3 Who This Policy Applies To
This Policy applies to:
- Registered users (students, parents, teachers, institutional staff)
- Visitors to the Platform
- Individuals whose data is provided to us by educational institutions
Children: We consider "children" to be individuals under 18 years of age. For users aged 13–17, verifiable parental/guardian consent is required prior to creating an account and before we process their personal data. Users under 13 are not permitted to create accounts on the Platform.
1.4 Data We Collect
We collect categories of personal data necessary for carrying out our operations and providing Platform services. Categories include, but are not limited to:
Identity & Profile
Full name, date of birth, gender, profile photo, student/employee ID
Contact Information
Email addresses, phone numbers, postal address, emergency contact details
Account & Credentials
Username, password (stored hashed), security questions
Educational & Academic Information
Grade/class, school/institution name, enrollment number, attendance records, assessment scores, course progress, certificates
Payment & Billing
Billing name, billing address, transaction history. Note: credit/debit card details are collected by and stored with our third-party PCI-DSS compliant payment processors; LearningPad does not store raw card PAN data on its systems.
Device & Technical Data
IP address, device type, operating system, browser type/version, unique device identifiers, device locale and timezone
Usage & Analytics
Pages viewed, time spent, features used, clickstream data, crash logs, error reports, search queries
User-Generated Content
Assignments, forum posts, uploaded files, audio/video submissions
Communications
Messages to/from support, feedback, chat logs (where applicable)
Location Data (where enabled)
Approximate location derived from IP; precise GPS only when a user explicitly enables location services for a feature
Biometric Data (only with explicit consent)
Face images, facial recognition data for proctoring or secured login — processed strictly on an opt-in basis with enhanced safeguards
Sensitive Categories
We do not collect sensitive personal data beyond the narrow categories described above unless explicit, informed consent is obtained for a specific purpose.
1.5 How We Collect Personal Data
We collect data by the following means:
- Directly from you: via registration forms, profile updates, course enrolments, support interactions, assessments
- Automatically: cookies, logs, analytics tools, SDKs integrated in our apps
- From third parties: institutions providing student rosters, single-sign-on (SSO) providers, social login providers (Google), payment gateways, analytics providers
- From parents/guardians: verifiable parental consent records and related communications
1.6 Purposes of Processing & Legal Basis
We process personal data only for specific, lawful purposes. These include:
- Service delivery & account management — to register users, authenticate accounts, enable course access, deliver learning content and certificates. (Legal basis: contractual necessity / consent.)
- Personalisation & adaptive learning — to recommend content, tailor learning paths, and improve learning outcomes. (Legal basis: consent; aggregated anonymised uses for product improvement.)
- Communications — transactional emails (enrolment confirmation, receipts), service notices, optional marketing communications (only with opt-in). (Legal basis: consent for marketing; contractual/legitimate interest for transactional.)
- Payments & refunds — processing payments and billing records. (Legal basis: contractual necessity / legal obligations.)
- Customer support & troubleshooting — responding to queries and investigating issues. (Legal basis: contractual necessity / legitimate interest.)
- Security, fraud detection & compliance — protecting the Platform, complying with legal obligations, responding to legal process. (Legal basis: legitimate interest / legal obligation.)
- Analytics & performance monitoring — to understand usage patterns and improve the Platform (consent for non-essential analytics).
- Research & aggregated insights — anonymised/aggregated data may be used for educational research and product development.
We will seek explicit, informed consent for processing activities requiring consent under applicable law (for example, biometric processing, marketing communications to adults, and processing of children's data).
1.7 Data Sharing and Disclosure
We may share personal data in the following circumstances:
- With educational institutions: for students enrolled through a school/institution, authorised school personnel (teachers and administrators) will have access to learner progress information as necessary to support education delivery.
- With service providers (processors): hosting providers, analytics providers, payment processors, email service providers, and other vendors engaged under written data processing agreements which require them to process data only on our instructions and to implement appropriate security measures.
- With law enforcement or regulators: when required by court order, subpoena, or other legal processes or to protect rights, property, or safety.
- Business transfers: in the event of merger, acquisition, or sale, personal data may be transferred to the successor entity under contractual protections and notice to users.
We do not sell personal data. We will not share student data with advertisers and will not engage in cross-device tracking or behavioural profiling of minors.
1.8 Cross-Border Transfers
Primary data storage and processing occur in India (e.g., cloud infrastructure in Mumbai/India region). Certain service providers (CDNs, analytics, payment processors) may process data outside India. Where cross-border transfers occur, LearningPad will ensure lawful transfers by applying contractual safeguards, Board-approved transfer mechanisms, or other measures required by applicable law.
1.9 Retention & Deletion
We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Suggested retention schedules (subject to legal & contractual requirements):
- Active account data: retained while account is active
- Inactive accounts: deleted after 24 months of inactivity (30-day notice prior to deletion)
- Course completion/learning records: retained for 5 years for certification & audit purposes
- Payment & tax records: retained for 7 years to satisfy statutory obligations
- Support communications: retained for 3 years
Deletion requests: Data principals may request deletion by using Account Settings > Delete Account, or by emailing [email protected]. We will verify identity and process deletion requests; certain data may be retained if required by law.
1.10 Security
We implement reasonable technical and organisational safeguards, including TLS for data in transit, encryption at rest where appropriate, password hashing (bcrypt/Argon2), role-based access controls, periodic security audits and penetration testing, secure development lifecycle practices, incident response planning, and employee data-protection training.
1.11 Data Breach Notification
If a personal data breach occurs that creates a risk to data principals, we will notify affected individuals and the relevant regulatory authorities in accordance with DPDP Act obligations and guidance issued by the Data Protection Board of India, providing details of the nature of the breach, data affected, mitigation steps, and contact information for the DPO.
1.12 Rights of Data Principals
Subject to verification and legal exceptions, data principals may exercise the following rights in accordance with the DPDP Act:
- Right to access personal data
- Right to correction/update
- Right to erasure (right to be forgotten), subject to legal retention obligations
- Right to data portability (request data in machine-readable format such as CSV/JSON)
- Right to withdraw consent
- Right to nominate a person to exercise rights on your behalf in case of death/incapacity
- Right to lodge a grievance with our Grievance Officer and to approach the Data Protection Board of India
How to make requests: Email [email protected] or use the in-app privacy settings. We will verify your identity and endeavour to respond within the statutory timeframe (e.g., 30 days) or, where the law specifies otherwise, in accordance with the Board's timelines.
1.13 Consent Management
We record consent with timestamp, IP address, version of the policy presented, and consent choices. Consent will not be bundled with other terms; for non-essential processing categories (analytics, marketing), users will be offered granular opt-in choices.
1.14 Children's Privacy
We collect children's data only after verifiable parental consent. Typical verifiable mechanisms include parent email verification with an OTP, submission of signed consent forms, or institutional verification through school administrators.
We do not engage in behavioural tracking, targeted advertising, or marketing communications directed at children.
Parents/guardians may access, correct, or request deletion of their child's personal data by contacting [email protected].
1.15 Third-Party Links
Our Platform may contain links to third-party sites (YouTube, partner resources). This Policy does not apply to third-party sites. We recommend reviewing the privacy policies of any third-party websites you visit.
1.16 Complaints & Grievance Redressal
Grievance Officer: LearningPad Education Solutions Private Limited
- Email: [email protected]
- Phone: +91-9390938141
- Address: PLOT NO. 20, 21, 22, 26, 27 & 28, KONDAPUR, GACHIBOWLI, SERI LINGAMPALLY, V. RANGAREDDY – 500032, TELANGANA, INDIA.
Complaints via email will be acknowledged within 48 hours and investigated with a view to providing a resolution within 30 days, unless a longer resolution period is necessary and communicated.
1.17 Updates to Policy
We may update this Policy; material changes will be notified via email and in-app banners where feasible. Continued use of the Platform after notification constitutes acceptance of the updated Policy.
