Contents
- Who this applies to
- Information we collect
- How we use it
- Who we share it with
- AI processing & your content
- Children's privacy
- Referral program & rewards
- Cookies & local storage
- How long we keep data
- Security
- Your rights
- School-managed accounts
- International data transfers
- Changes to this policy
- Contact & grievance officer
1. Who this applies to
This Privacy Policy applies to everyone who uses AISTeA — students, parents, teachers, school administrators, and anyone who visits aistea.in, app.aistea.in, or our Android application.
It is published by the AISTeA team, the data fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act).
2. Information we collect
We collect only what we need to deliver the service. Specifically:
| Category | Examples | Source |
|---|---|---|
| Account details | Name, email, phone, password (hashed), grade, board, regional language | You, at registration |
| School details (if applicable) | School name, admin name, school logo, plan tier | School admin, when onboarding |
| Learning activity | Topics studied, quiz scores, homework history, study plan progress | Generated as you use the app |
| AI inputs | Homework photos, chat messages, voice clips you record | You, when you use the AI features |
| Device & usage data | Browser type, OS, app version, IP address, anonymous error reports | Automatically |
| Payment data | Plan name, billing amount, payment ID, payment date | Razorpay (we never see your card / UPI credentials) |
| Push notification token | Firebase Cloud Messaging device token | Your device, when you install the app |
| Student referral data | Your referral code, the code (if any) you used at signup, your in-app points balance, list of friends who joined via your code, gift redemptions. No bank, UPI, or PAN. | Generated when you participate in the Student Referral Program |
| Physical gift shipping | Parent-confirmed shipping name, contact phone, address — only when you claim a milestone gift | You, when claiming a gift; deleted 12 months after dispatch |
| Partner payout data (adult partners only) | Full name, contact phone, email, UPI / bank account in the partner's own name, and PAN where annual payouts cross statutory thresholds | You, when registering as an AISTeA partner — see § 6A |
3. How we use your information
- Deliver the service — generate personalised study plans, grade quizzes, surface book-grounded summaries, and answer homework questions.
- Improve the AI — analyse aggregated, de-identified usage patterns to refine prompts and content quality. We do not use your individual chats or homework photos to train third-party AI models.
- Communicate with you — send transactional emails (account confirmations, receipts, password resets) and a one-time renewal reminder to your registered email address roughly 3 days before a paid plan expires so you can renew before losing access. The renewal reminder is sent only to users who provided an email at registration; phone-only accounts receive no email reminder. Optional study reminders via push or email are sent only with your opt-in consent.
- Process payments — fulfil subscriptions through our payment processor.
- Keep the service safe — detect abuse, prevent cheating on school exams, and enforce our Terms.
- Comply with law — respond to lawful requests from courts or authorities under Indian law.
5. AI processing & your content
- When you submit a homework photo, chat message, or voice clip, the content is sent to Google Gemini for processing.
- Google's API terms for Gemini state that content sent via the paid API is not used to train Google's foundation models.
- We cache AI-generated summaries (book-grounded topic notes) at the platform level so that the same topic doesn't need to be regenerated repeatedly. Cached summaries are linked to the topic, not to your account.
- Chat messages and homework photos are stored in Firestore so you can revisit them in your chat history. You can delete individual chat sessions or your entire account to remove them.
6. Children's privacy
- AISTeA is designed for students in Grades 1–12. Many of our users are under 18.
- Under the DPDP Act 2023, processing of a child's personal data requires verifiable parental consent. When a user is identified as a minor, we expect the parent or guardian to register or to consent during registration.
- We do not show behavioural advertising to children and do not profile a child's data for marketing purposes.
- A parent can request access to, correction of, or deletion of their child's data by emailing karthikeyan@aistea.in.
6A. Referral program & rewards
AISTeA operates two structurally separate referral programs, designed so that no cash payment is ever directed to a minor.
Student Referral Program (default — in-app rewards only)
- Every signed-in user (student, parent, school administrator) automatically receives a unique referral code.
- When a friend signs up using your code and goes on a paid plan, you earn in-app referral points (see our Terms § 17 for the per-plan rate). Lifetime qualified referrals also unlock physical study-material gifts.
- Points are redeemable only inside AISTeA — as a discount on a plan purchase, or as a milestone study-material gift. Points have no cash value, are non-transferable, and cannot be withdrawn as money or money-equivalent.
- We therefore do not collect — and explicitly refuse to process — any bank account, UPI handle, or PAN for a student referrer.
- The only personal data tied to a redemption is a parent-confirmed shipping address when a physical milestone gift is claimed (deleted 12 months after dispatch).
- All referral activity (points earned, points redeemed, gift shipments) is visible to the parent on the Profile page, so the parent retains oversight of how the child uses the program.
Partner Program (adults only, opt-in — cash rewards)
- A separate account type ("Partner") is available for adults aged 18 or above — parents acting as affiliates, tutors, tuition-centre owners, school teachers, employees, friends-of-AISTeA. Partners sign up at the registration page by selecting "Register as a partner".
- Partner sign-up is reviewed and approved by AISTeA's super-admin before a referral code is issued.
- Partners earn cash rewards in their own name. Payouts are made via Razorpay to the partner's own UPI handle or bank account — payouts to a third party are not permitted.
- We collect the partner's full name, contact phone, email, UPI handle / bank details, and — where annual payouts cross the statutory threshold (currently ₹50,000 per financial year) — PAN, to satisfy Income-Tax and PMLA obligations.
- A minor cannot register as a Partner. Under the Indian Contract Act, 1872, a contract with a minor is void. If a parent wishes to monetise referrals beyond the in-app program, the parent must register as a Partner using the parent's own contact and payment details, in the parent's own legal capacity.
Retention specific to referrals
- Referral codes, signup links, points balances, and redemption history: life of the account + 24 months after closure (for fraud-investigation and reward-dispute purposes).
- Shipping addresses for physical-gift claims: 12 months after dispatch, then deleted.
- Partner payout records (PAN, UPI, cash transfers): at least 8 years (Income-Tax Act, 1961).
8. How long we keep your data
- Active accounts — as long as your account is open.
- Deleted accounts — personal data is purged within 30 days of account deletion, except where retention is legally required (e.g. payment records for tax purposes).
- Aggregated/de-identified data — may be retained indefinitely for product analytics.
- Backups — full deletion from backups may take up to 90 days.
9. Security
- Data in transit is protected by HTTPS (TLS 1.2+).
- Passwords are hashed using industry-standard algorithms — we never store plaintext passwords.
- Access to production data is restricted to a small number of authorised AISTeA team members and is audited.
- No system is perfectly secure. If we discover a data breach affecting your information, we will notify affected users and the Data Protection Board of India where required by the DPDP Act.
10. Your rights
Under the DPDP Act and applicable law, you have the right to:
- Access — ask for a copy of the personal data we hold about you.
- Correct — update inaccurate information from your profile page or by emailing us.
- Delete — close your account, which triggers deletion (see Retention above).
- Withdraw consent — opt out of optional processing like push notifications or marketing emails.
- Nominate — designate another person to exercise your rights in case of death or incapacity.
- Grievance redressal — raise a complaint with our grievance officer (contact below). If unresolved, escalate to the Data Protection Board of India.
To exercise any of these rights, email karthikeyan@aistea.in. We respond within 30 days.
How to delete your account
You can permanently delete your AISTeA account and erase your personal data in either of two ways:
- In-app delete (fastest). Sign in to the app or web app → Profile → scroll to Danger Zone → Delete my account → re-enter your password to confirm. You will be signed out immediately and the data is purged within 30 days.
- Public deletion page (no app needed). Visit aistea.in/delete-account.html for step-by-step instructions, including the email path if you no longer have the app installed.
The 30-day window between the deletion request and the physical purge exists so a mistaken deletion can be reversed — write to support@aistea.in within that window to restore the account. After 30 days, personal data is purged from production systems and within a further 90 days from backups. Payment and partner-payout records are retained for 8 years to satisfy the Income-Tax Act, 1961.
11. School-managed accounts
If your account was created by a school administrator, the school is treated as the data principal's representative for routine matters (creating the account, setting class rosters, viewing performance dashboards). AISTeA remains the data fiduciary responsible for security and lawful processing. If you want to take your data with you when leaving the school, contact us and we'll export it for you.
12. International data transfers
Our infrastructure is hosted primarily in Google Cloud's asia-south1 region (Mumbai, India) to keep your data inside India. Some sub-processors (e.g. Google Gemini API endpoints, Firebase Cloud Messaging) may temporarily process data in other regions. We rely on Google's standard contractual clauses and data-processing terms to govern these transfers.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or an in-app banner at least 7 days before they take effect. The "Last updated" date at the top of this page tells you when the policy last changed.
14. Contact & grievance officer
For any privacy question, request, or complaint, contact our grievance officer:
- Name: Karthikeyan (Founder, AISTeA)
- Email: karthikeyan@aistea.in
- WhatsApp: +91 93458 41136
If you believe your rights under the DPDP Act have not been honoured, you may escalate to the Data Protection Board of India.