Privacy Policy
Last updated: June 11, 2026
Nachiketa is operated by Pedon Ki Chhanv Mein Foundation, a Section 8 (non-profit) company registered in India.
Nachiketa AI ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information, and the rights you have over it. We process personal data in accordance with India's Digital Personal Data Protection Act, 2023 ("DPDP Act"). For the purposes of the DPDP Act, you (or the parent/guardian of a child user) are the Data Principal and Nachiketa AI is the Data Fiduciary that determines how and why your personal data is processed.
1. Information We Collect
When you use Nachiketa AI, we collect information you provide directly, such as your name, email address, and role (student or teacher) during registration. If you sign in with Google, we receive your name, email, and profile picture from your Google account. We also collect learning activity data — such as lessons viewed, quiz attempts, worksheet responses, and mastery progress — that is generated as you use the platform. We collect only the personal data that is necessary for the educational purposes described below.
2. How We Use Your Information
We use your information to provide and improve our educational services, track your learning progress, personalize your experience, and send you service messages about your account (such as sign-in, security, and transactional notices) that are necessary to operate the platform. We share a student's learning reports only with that student, their parent or guardian, and their teacher or mentor. We do not sell your personal data, and we do not use it for third-party advertising. Optional marketing messages are handled separately and only with your consent — see section 3 below.
3. Marketing & Promotional Communications
Separately from the service messages described above, we may occasionally send you product updates, learning tips, and other promotional emails — but only if you have given your explicit, opt-in consent. This marketing consent is entirely optional and is not a condition of creating an account or using the platform; it is requested through a separate, unticked checkbox at sign-up and is never bundled with your acceptance of our Terms.
You can withdraw this consent at any time, and withdrawal is as easy as giving it. You may turn off "Email updates" in your account settings, use the unsubscribe link included in any marketing email we send, or contact our Grievance Officer (section 10). Withdrawing marketing consent will not affect the essential service messages you receive about your account, and will not affect the lawfulness of any processing carried out before the withdrawal.
4. Consent and Legal Basis
We process your personal data on the basis of your consent, which you provide when you create an account and agree to this Privacy Policy, and for certain legitimate uses permitted under the DPDP Act. Your consent is limited to the purposes described in this policy. You may withdraw your consent at any time by contacting us or by deleting your account; withdrawing consent will not affect the lawfulness of processing carried out before the withdrawal, and may mean we can no longer provide certain services.
5. Children's and Students' Data
Nachiketa AI is an educational platform used by children (persons under 18 years of age). In accordance with the DPDP Act, we process a child's personal data only with the verifiable consent of a parent or legal guardian(or, in a school setting, the school acting on the parent's behalf). We do notundertake any tracking, behavioural monitoring, or targeted advertising directed at children, and we do not process a child's data in any way that is likely to cause harm to their well-being. A parent or guardian may review, correct, or request deletion of their child's data, and may withdraw consent at any time, by contacting us using the details below. If you believe a child has registered without parental consent, please contact us and we will take appropriate action.
6. Data Storage and Security
Your data is stored securely using industry-standard encryption and security practices. We use Supabase for data storage, which provides enterprise-grade security and compliance. We apply reasonable security safeguards to protect personal data against unauthorised access, disclosure, alteration, or loss. In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals as required under the DPDP Act.
7. Data Retention
We retain your personal data only for as long as your account is active or as needed to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. When your account is deleted, or when the data is no longer required for these purposes, we will erase your personal data within a reasonable period, except where we are required by law to retain it.
8. Third-Party Services
We use third-party services including Google (for authentication), Supabase (for data storage), and Vercel (for hosting). These providers process data on our behalf as Data Processors under appropriate safeguards, and each has its own privacy policy. We do not authorise them to use your personal data for their own purposes.
9. Your Rights as a Data Principal
Under the DPDP Act, you have the right to:
- Access a summary of the personal data we hold about you and how we process it.
- Correct, complete, or update inaccurate or incomplete personal data.
- Erase your personal data where it is no longer needed for the purpose it was collected.
- Withdraw consent to processing at any time.
- Nominate another individual to exercise your rights in the event of your death or incapacity.
- Grievance redressal — raise a complaint with our Grievance Officer about how your data is handled.
You can exercise these rights by contacting us using the details below, or by managing your account through your account settings. If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India.
10. Grievance Officer
In accordance with the DPDP Act, you may contact our Grievance Officer for any questions, requests, or complaints regarding your personal data:
Grievance Officer
Nachiketa AI
Email: support@nachiketaai.com
We will acknowledge and respond to grievances within the timelines required under applicable law.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the platform.
12. Contact Us
If you have questions about this Privacy Policy, please contact us at support@nachiketaai.com.