AISTeA AISTeA

Privacy Policy

What we collect, why we collect it, and your rights

Effective date: 23 June 2026  ·  Last updated: 23 June 2026

Your privacy matters. AISTeA is built for students — many of whom are minors — so we treat the data you share with extra care. This page explains what we collect, why, and how to control it.

Contents

  1. Who this applies to
  2. Information we collect
  3. How we use it
  4. Who we share it with
  5. AI processing & your content
  6. Children's privacy
  7. Referral program & rewards
  8. Cookies & local storage
  9. How long we keep data
  10. Security
  11. Your rights
  12. School-managed accounts
  13. International data transfers
  14. Changes to this policy
  15. Contact & grievance officer

1. Who this applies to

This Privacy Policy applies to everyone who uses AISTeA — students, parents, teachers, school administrators, and anyone who visits aistea.in, app.aistea.in, or our Android application.

It is published by the AISTeA team, the data fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act).

2. Information we collect

We collect only what we need to deliver the service. Specifically:

CategoryExamplesSource
Account details Name, email, phone, password (hashed), grade, board, regional language You, at registration
School details (if applicable) School name, admin name, school logo, plan tier School admin, when onboarding
Learning activity Topics studied, quiz scores, homework history, study plan progress Generated as you use the app
AI inputs Homework photos, chat messages, voice clips you record You, when you use the AI features
Device & usage data Browser type, OS, app version, IP address, anonymous error reports Automatically
Payment data Plan name, billing amount, payment ID, payment date Razorpay (we never see your card / UPI credentials)
Push notification token Firebase Cloud Messaging device token Your device, when you install the app
Student referral data Your referral code, the code (if any) you used at signup, your in-app points balance, list of friends who joined via your code, gift redemptions. No bank, UPI, or PAN. Generated when you participate in the Student Referral Program
Physical gift shipping Parent-confirmed shipping name, contact phone, address — only when you claim a milestone gift You, when claiming a gift; deleted 12 months after dispatch
Partner payout data (adult partners only) Full name, contact phone, email, UPI / bank account in the partner's own name, and PAN where annual payouts cross statutory thresholds You, when registering as an AISTeA partner — see § 6A

3. How we use your information

4. Who we share information with

We do not sell your data. We share it only with the following categories of recipients, each strictly limited to what's needed for the service:

5. AI processing & your content

6. Children's privacy

6A. Referral program & rewards

AISTeA operates two structurally separate referral programs, designed so that no cash payment is ever directed to a minor.

Student Referral Program (default — in-app rewards only)

Partner Program (adults only, opt-in — cash rewards)

Retention specific to referrals

7. Cookies & local storage

8. How long we keep your data

9. Security

10. Your rights

Under the DPDP Act and applicable law, you have the right to:

To exercise any of these rights, email karthikeyan@aistea.in. We respond within 30 days.

How to delete your account

You can permanently delete your AISTeA account and erase your personal data in either of two ways:

  1. In-app delete (fastest). Sign in to the app or web app → Profile → scroll to Danger ZoneDelete my account → re-enter your password to confirm. You will be signed out immediately and the data is purged within 30 days.
  2. Public deletion page (no app needed). Visit aistea.in/delete-account.html for step-by-step instructions, including the email path if you no longer have the app installed.

The 30-day window between the deletion request and the physical purge exists so a mistaken deletion can be reversed — write to support@aistea.in within that window to restore the account. After 30 days, personal data is purged from production systems and within a further 90 days from backups. Payment and partner-payout records are retained for 8 years to satisfy the Income-Tax Act, 1961.

11. School-managed accounts

If your account was created by a school administrator, the school is treated as the data principal's representative for routine matters (creating the account, setting class rosters, viewing performance dashboards). AISTeA remains the data fiduciary responsible for security and lawful processing. If you want to take your data with you when leaving the school, contact us and we'll export it for you.

12. International data transfers

Our infrastructure is hosted primarily in Google Cloud's asia-south1 region (Mumbai, India) to keep your data inside India. Some sub-processors (e.g. Google Gemini API endpoints, Firebase Cloud Messaging) may temporarily process data in other regions. We rely on Google's standard contractual clauses and data-processing terms to govern these transfers.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or an in-app banner at least 7 days before they take effect. The "Last updated" date at the top of this page tells you when the policy last changed.

14. Contact & grievance officer

For any privacy question, request, or complaint, contact our grievance officer:

If you believe your rights under the DPDP Act have not been honoured, you may escalate to the Data Protection Board of India.