KHYPRI

1.1 "Data Fiduciary" refers to KHYPRI, which determines the purpose and means of processing personal data.

1.2 "Data Principal" refers to the individual to whom the personal data relates (primarily our students and their parents/guardians).

1.3 "Processing" refers to any operation performed on personal data, including collection, storage, adaptation, and deletion.

2.1 Personal Identification Data

We collect names, email addresses, phone numbers, and academic profiles of parents and students to facilitate account creation and progress tracking.

2.2 Educational Performance Data

We process scores, curriculum progress, time-spent-on-task, and diagnostic performance metrics to personalize the AI learning journey.

2.3 Technical Data

We automatically collect IP addresses, device identifiers, browser types, and geolocation data (at a city level) solely for security and fraud prevention (as described in our ToS "Single-Household" rule).

When a student interacts with Khypri’s AI modules, we store the "Prompts" (questions) and "Outputs" (answers). This is used to:

• Maintain a conversational history for the student.
• Analyze pedagogical roadblocks.
• Ensure compliance with our safety filters.

We process data under the following legal foundations:

1. Consent: When you voluntarily provide information during signup.
2. Contractual Necessity: To fulfill our promise of delivering AI-driven educational services.
3. Legitimate Interests: For platform security, debugging, and preventing unauthorized account sharing.

We retain personal data only as long as necessary to fulfill the educational purposes for which it was collected. If an account remains inactive for more than *24 months*, all personal identification data is automatically purged or anonymized, unless a legal hold is required.

As a Data Principal (or Guardian), you hold the following rights under Indian law:

• Right to Access: Request a summary of the personal data being processed.
• Right to Correction: Rectify inaccurate or incomplete data.
• Right to Erasure: Request the deletion of data (subject to our retention policy).
• Right to Withdraw Consent: You may withdraw consent at any time, which may result in account termination if the data is essential for service delivery.

We employ "Defense in Depth" strategies, including:

• AES-256 encryption for data at rest.
• TLS 1.3 for data in transit.
• SOC 2 compliant cloud infrastructure (AWS/Google Cloud).
• Regular penetration testing of our AI orchestration layer.

We share data with third parties only when essential:

• Infrastructure Providers: Amazon Web Services, Google Cloud Platform.
• AI Partners: OpenAI, Google (for LLM inference). Note: We utilize enterprise APIs where data is not used for training.
• Payment Gateways: Razorpay/Stripe (we do not store your credit card numbers).

Your data may be stored on servers located outside of India. However, we ensure that such transfers comply with the DPDP Act's white-listing requirements and that data is afforded the same level of protection as required under Indian law.

We use strictly necessary cookies to maintain your login session and security preferences. We do not use third-party marketing cookies or cross-site tracking pixels that build commercial profiles of our minor users.

We may update this policy to reflect technological shifts or regulatory changes. Significant changes will be notified via email or a prominent notification in the Khypri interface 15 days prior to taking effect.

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, the details of the Grievance Officer are provided below:

Grievance Officer: Data Protection Lead, Khypri
Email: support@khypri.com
Location: Bengaluru, Karnataka, India
Turnaround Time: We will respond to grievances within 7 business days.