1. Introduction

Welcome to MyGyan (the "Platform"), an AI-powered learning service operated by GenSutra AI Technologies Pvt Ltd("GenSutra", "we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit mygyan.ai, use our mobile apps, or interact with any of our services (together, the "Services").

We are headquartered in Bengaluru, Karnataka, India and comply with all applicable Indian laws, including the Digital Personal Data Protection Act, 2023 ("DPDPA"), as well as international best practices where relevant.

2. Information We Collect

We collect three broad categories of data:

• Information you provide • Name, email, contact number, learning preferences, profile photo, content you upload or generate, payment details (processed through secure third-party gateways).
• Information collected automatically• Device identifiers (IP, OS, browser), usage logs, event data, cookie IDs, and interaction metadata captured by analytics tools (e.g., PostHog).
• Derived or inferred information• Personalised competency graphs, progress scores, and recommendations generated by our AI models based on your activity.

3. How We Use Your Information

• To create and maintain your account and learning workspace.
• To personalise courses, assessments, and feedback using AI algorithms.
• To process transactions and send administrative information (receipts, updates, policy changes).
• To improve, test, and enhance our Services and AI models.
• To protect the Platform, investigate fraud, and ensure legal compliance.
• To send marketing communications if you opt-in (you can opt-out any time).

4. How We Share Your Information

We do not sell or rent personal data. We disclose data only:

• To vetted service providers (cloud hosting, analytics, payment processors) bound by confidentiality obligations.
• To our group/affiliate companies for internal business operations, subject to this Policy.
• In connection with business transfers such as mergers or acquisitions.
• When required by law, subpoena, or court order, or to protect rights, property, or safety.
• With your express consent.

We may share aggregated or de-identified information that cannot reasonably identify you, for research or statistical purposes.

5. Legal Basis for Processing

Under the DPDPA, our lawful bases include:

• Consent - For optional features like marketing emails or third-party integrations.
• Contractual necessity - To deliver the Services you sign up for.
• Legitimate interests - To develop and secure the Platform (balanced against your rights).
• Legal obligation - Compliance with tax, accounting, and regulatory requirements.

6. Cookies & Tracking Technologies

We use first- and third-party cookies, pixels, and local storage to recognise repeat visits, remember preferences, measure campaign effectiveness, and analyse usage trends. You can manage cookies through your browser settings; disabling them may affect functionality.

7. Data Security & Retention

We implement ISO-aligned technical and organisational measures, including encryption in transit and at rest, role-based access controls, and regular penetration testing. No system is 100% secure; we therefore cannot guarantee absolute security.

Personal data is retained only as long as needed for the purposes outlined or as mandated by law (e.g., accounting records for 8 years). Thereafter, it is securely deleted or anonymised.

8. Your Data Protection Rights

You have the right to:

• Request access to and a copy of your personal data.
• Correct inaccuracies or complete incomplete data.
• Withdraw consent at any time where processing is based on consent.
• Request erasure or restriction of processing in certain circumstances.
• Nominate an authorised representative in the event of incapacity.
• Lodge a complaint with a supervisory authority once appointed under DPDPA.

To exercise any of these rights, please contact our Grievance Officer using the details below.

9. Children's Privacy

The Services are not directed to individuals under 18 years of age. If we learn that we have received personal data from a child without parental consent, we will delete it promptly.

10. International Data Transfers

We and our processors may transfer your data to jurisdictions outside India. When we do, we rely on contractual safeguards such as standard contractual clauses or other legally compliant mechanisms to ensure adequate protection.

11. Updates to This Policy

We may modify this Privacy Policy to reflect legal, technical, or business changes. The updated version will be posted on this page with a revised "Last Updated" date. Material changes will be notified via email or in-app notice.

12. Contact Us / Grievance Officer

Email: contact@mygyan.ai
Office: 72/12, 3rd Floor, Surya Office Spaces, Siddapura, Bengaluru 560066, Karnataka, India
CIN: U63119KA2025PTC203416

If you have any questions, comments, or complaints regarding our privacy practices, please contact the Grievance Officer. We will endeavour to resolve your enquiry within 15 days.