Privacy Policy

Last Updated: April 29, 2026

1. Who we are

Padhai Se Aage ("PSA", "we", "our", "us") operates the website padhaiseaage.com and the Padhai Se Aage Android application. We are based in India and may be contacted at support@padhaiseaage.com.

2. Audience

PSA is intended for users aged 13 and above. Accounts for users under 13 should be created and supervised by a parent or guardian. Sensitive in-app actions such as account deletion are gated by a parental challenge.

3. Information we collect

Account & profile: name, email, password hash, optional avatar, school name, city, state, role (student/teacher/admin).

App activity: courses enrolled, lesson progress, quiz results, XP/coins/streak, projects authored, items wish-listed, cart contents, orders placed.

Push tokens: Firebase Cloud Messaging device tokens so we can send you reminders and order updates.

Diagnostics: Firebase Analytics screen-view events and crash reports (no personally identifying content).

Photos & media: only if you tap an upload control (e.g. publishing a project thumbnail). We never read your gallery in the background.

Payment metadata: order ID, amount, payment status, shipping address. We do not store card numbers, UPI PINs, or CVVs; those are handled by Razorpay.

WhatsApp messages: if you opt in to WhatsApp notifications, we collect your phone number and message content (inbound and outbound) via Meta's WhatsApp Cloud API. Messages are stored for customer support and order communication purposes. We do not share WhatsApp message content with third parties.

4. How we use your information

Operate your account and personalise lessons/projects.

Process orders and deliver kits.

Send push reminders, achievement nudges, and order updates.

Improve product quality (aggregated analytics, crash fixes).

Comply with Indian tax and consumer-protection law.

Send order confirmations, shipping updates, and customer support via WhatsApp (only with your explicit opt-in).

5. Sharing

We do not sell your personal data and we do not share it for advertising. We share the minimum required with the following processors:

Google Firebase (Auth, Firestore, Storage, Messaging, Analytics, Crashlytics) — hosting and infrastructure.

Razorpay — payment processing for kit purchases.

Shipping partners (e.g. Delhivery, India Post) — only the address fields needed to deliver your order.

Government / law-enforcement — only when compelled by valid legal process.

Meta (WhatsApp Cloud API) — when you opt in to WhatsApp notifications, your phone number and message content are processed by Meta's WhatsApp Cloud API for message delivery. Meta's privacy policy applies to their processing.

6. Data security

All traffic between the app and our servers uses TLS 1.2+. Auth tokens are stored in the OS keychain on Android. Firestore access is gated by per-document security rules that check the signed-in user's UID and role. Payment data never touches our servers in raw form.

7. Retention

Profile and progress: kept while your account is active.

Order and tax records: 7 years (Indian GST law), with the user reference anonymised after account deletion.

Server access logs: 90 days, then purged.

Push tokens: removed at sign-out.

8. Your rights

You can at any time:

Access & correct your profile from the Me tab (mobile) or Profile page (web).

Delete your account and personal data — see our Account & Data Deletion page for the in-app, web, and email-fallback options.

Opt out of push notifications from your device settings.

Export your data — email support@padhaiseaage.com.

9. Changes to this policy

We will revise the "Last Updated" date above and notify you in-app at next launch when material changes are made.

10. Contact

Privacy questions, deletion requests, or law-enforcement inquiries: support@padhaiseaage.com.