Privacy Policy

1. Introduction & Privacy Principles

ShikshaMitra is an educational platform providing AI study generation, course planning, NoteSpace notebooks, whiteboard canvas editors, and watch progress widgets. We operate under strict principles of data minimization: we only request data essential to run our software features, and we store private study content locally on your browser device whenever possible to protect student privacy.

2. Categories of Data Collected

ShikshaMitra separates data collection into two distinct methods: Cloud Data Processing and Local Device Caching.

2.1. Cloud Data Processing (Sent to Databases)

When you register, authenticate, or share community documents, the following data is processed and stored on our Google Firebase servers:

• Account Identifiers: Display name, email address, password hashes, and selected role (Student or Teacher).
• Auth Metadata: Account creation timestamp, last sign-in timestamp, and device authorization tokens.
• Shared Library Materials: Class notes PDFs, syllabus templates, school announcements, and lecture video links submitted voluntarily by teachers or students to the public notes feed.

2.2. Local Device Caching (Kept on Your Browser)

To ensure complete private ownership of study files, the following categories of data are written directly to your device's browser memory via the `localStorage` and `IndexedDB` browser APIs, and do not sync to ShikshaMitra's databases:

• NoteSpace Editor Documents: Written note texts, folder directory structures, tag lists, and Markdown files created inside the editor dashboard.
• Whiteboard Canvas Sketches: Doodles and drawings drawn in the canvas workspace are saved locally as Base64-encoded PNG image strings inline within the note.
• XP and Study Progress: Watch histories, playlist collections, completed lecture lists, focus timer task lists, streak records, and level statuses.

3. How We Use and Process Data

We process your data under the following legal bases as defined by global regulations:

1. Contractual Necessity: To authenticate your account, verify your user role, and render the core Software features.
2. Legitimate Interests: To protect the Software against DDoS attacks, security exploits, or API abuse, and to optimize page performance.
3. Consent: When you voluntarily submit educational files to the public library, or explicitly link your external YouTube lecture uploads.

4. AI Services & Transmission Rules

4.1. Payload Transmission: When you run the AI Course Architect or use the NoteSpace chatbot, the context of your active document and prompt text is securely encrypted and sent over HTTPS to Google's Gemini API endpoints.

4.2. API Privacy Rules: Under Google Gemini API's commercial terms, data transmitted through Developer API endpoints is not used by Google to train its foundation models. The prompt payloads are utilized solely for real-time text generation and are not logged or stored permanently by ShikshaMitra.

5. Data Retention & Deletion

5.1. Cloud Accounts: Firebase auth data is retained as long as your account remains active. You can request account deletion at any time by contacting us by email, and all cloud records will be purged within thirty (30) days.

5.2. Local Storage Purges: All locally stored documents and streaks reside in your browser cache. You can delete them immediately by selecting the "Delete All Data" option, clearing browser cookies, or resetting site data.

6. Cookies and Cache Management

ShikshaMitra utilizes basic browser cookies to maintain auth tokens and local cache objects. We do not integrate third-party advertising cookies, marketing tracking scripts, or behavioural profiling scripts.

7. Data Security and Technical Shielding

We employ Secure Sockets Layer (SSL/TLS 1.3) encryption for all outgoing web requests. Cloud databases utilize server-side AES-256 encryption. Access permissions are strictly managed using Firestore Security Rules.

Security Limitation: Despite our technical standards, no electronic transmission over the internet can be guaranteed as 100% secure. You acknowledge this risk and are responsible for securing your personal device and credentials.

8. Children's Online Privacy (COPPA Compliance)

ShikshaMitra complies strictly with the Children's Online Privacy Protection Act (COPPA).

• Under 13 Registrations: We do not intentionally collect personal information from children under 13 without school authorization or verifiable parental consent.
• School Consent Exemption: Under COPPA guidelines, schools may act as intermediaries and authorize the collection of student information on behalf of parents for educational use.
• Deletion: If we learn that we have collected personal data from a child under 13 without verification, we will delete that account immediately. Parents can request deletion at shikshamitra.help@gmail.com.

9. European Union General Data Protection Regulation (GDPR) Rights

EEA residents possess the following rights under GDPR:

• Right of Access & Portability: You can download your private notes using the "Backup" button inside NoteSpace.
• Right to Rectification: You can update your display name and email address in your settings.
• Right to Erasure ("Right to be Forgotten"): You can delete local files by clearing browser memory, and submit cloud account deletion requests by email.
• Complaints: You have the right to lodge a complaint with a supervisory authority in your member state.

10. California CCPA/CPRA Rights

Under the California Consumer Privacy Act, California residents have the right to know what personal information is collected, request its deletion, and opt out of data sales.

• No Sale of Data: ShikshaMitra has never sold or rented user personal data to third parties, and will not do so.
• Deletion Requests: California residents can submit requests for data deletion by email.
• Non-Discrimination: We do not restrict features, downgrade services, or discriminate against users who choose to exercise their privacy rights.

11. Indian IT Act Compliance & Grievance Registration

This Privacy Policy is published in compliance with Section 43A of the Information Technology Act, 2000 and Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

11.1. Grievance Officer: In accordance with the IT Act, 2000, the name and contact details of the Grievance Officer are:

12. Policy Changes & Contact Information

We reserves the right to modify this Privacy Policy at any time. Changes will be posted to this URL with an updated timestamp. Continued use of ShikshaMitra following modifications indicates your consent to the terms.