Privacy Policy

Effective date: 15 April 2026  ·  Last updated: 15 April 2026

This Privacy Policy describes how Shrey Aadi Defence Academy ("Shrey Aadi", "we", "us", or "our") collects, uses, discloses, and protects the personal data of users ("you", "your", or "student") of the Shrey Aadi learning platform (the "Service"), available at https://shreyaadi.co.in. We are committed to protecting your privacy in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and applicable Indian law.

1. Who we are (Data Fiduciary)

Shrey Aadi Defence Academy is the Data Fiduciary responsible for your personal data processed on the Shrey Aadi platform. For any privacy-related query, contact our Grievance Officer at support@shreyaadi.co.in.

2. Personal Data We Collect

2.1 Information you provide

• Identity data: full name, role (student / teacher / parent / admin), city, academy or institute name.
• Contact data: mobile number (used for OTP login over SMS and WhatsApp), email address.
• Authentication data: one-time passwords (OTPs) sent to your phone or email, PIN hashes for staff accounts (we never store plaintext PINs).
• Enrolment data: selected exam (e.g. NDA, CDS, AFCAT, JEE, NEET, GATE), plan, expiry date, coupons applied.
• Payment data: amount, plan, order and payment identifiers, coupon code. Card numbers, UPI IDs, and bank details are processed directly by Razorpay and are never stored on our servers.

2.2 Information generated while you use the Service

• Learning data: quiz attempts, answers, time spent per question, accuracy, exam readiness scores, streaks, badges, and notes shared by your teacher.
• Device and log data: browser type, operating system, approximate IP address (for rate-limiting and abuse detection), service-worker cache version, error reports.
• Cookies and local storage: we use browser localStorage, sessionStorage, IndexedDB, and a service-worker cache to keep you logged in, to store your preferences (theme, large-text, high-contrast), and to make the app work offline. We do not use third-party advertising cookies.

2.3 Children's data

Shrey Aadi is intended for students preparing for competitive and board examinations, including users below the age of 18. Where a user is a child as defined under the DPDP Act, we require verifiable parental or lawful-guardian consent through the academy before processing their personal data, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children.

3. Purposes and Lawful Basis of Processing

We process your personal data only for the following specified purposes, on the lawful basis of your consent or of legitimate uses permitted by the DPDP Act:

• To create and authenticate your account and to provide the Service.
• To deliver quizzes, previous-year papers, analytics, and AI-generated content personalised to your exam.
• To process subscription payments via our payment partner Razorpay and to issue invoices.
• To communicate with you about account activity, results, feedback, renewals, and important service notices.
• To detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms.
• To comply with applicable laws, regulations, court orders, and lawful government requests.
• For internal analytics that help us improve question quality and teaching effectiveness. Such analytics are conducted on aggregated or pseudonymised data wherever feasible.

4. Sharing and Disclosure

We do not sell your personal data. We share it only with:

• Data Processors acting on our instructions under binding contracts:
  • Google Firebase (Authentication, Firestore, Cloud Functions, Hosting) — cloud infrastructure.
  • Razorpay — payment processing.
  • Anthropic (Claude API) — AI-assisted question generation (only anonymised prompts are sent; we do not send student identifiers).
• Your academy / teachers: teachers and admins of your enrolled academy can view your quiz attempts, performance reports, and notes relevant to your learning.
• Legal and safety disclosures: where required by law, to respond to lawful requests from public authorities, or to protect the rights, property, or safety of our users, the public, or Shrey Aadi.

5. Cross-border Transfers

Some of our processors (e.g. Google, Anthropic) may process data on servers located outside India. Such transfers are carried out only to jurisdictions that are not restricted by the Central Government under Section 16 of the DPDP Act, and are subject to contractual safeguards.

6. Data Retention

• Account deletion (in-app): when you delete your account, your data is moved to a 30-day soft-delete window. During those 30 days you can restore the account and recover everything (including learning history). On day 30, account profile, quiz attempts, learning analytics, push tokens, and audit logs are permanently deleted; only the financial records described below are retained.
• Active accounts: account and profile data are retained for as long as your account is active.
• Payment and invoice records: retained for 8 years as required under the Income-tax Act and GST law. Personal contact fields (phone, email, name) on those records are scrubbed at the same 30-day deletion mark; only the order amount, plan, and payment ID are kept for accounting purposes.
• Quiz attempts and learning analytics: while your account is active, retained for up to 36 months to enable progress tracking and longitudinal feedback; you may request earlier deletion.
• Error logs and rate-limit records: retained for a maximum of 90 days.

Once retention periods expire, we delete or irreversibly anonymise the data.

7. Your Rights under the DPDP Act

Subject to the DPDP Act, you have the right to:

• Access a summary of the personal data we process about you and the processing activities undertaken.
• Correct, complete, or update your personal data, and to have inaccurate data rectified.
• Erase your personal data when it is no longer necessary for the purpose it was collected, or where you withdraw consent.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.
• Nominate another individual to exercise your rights in case of your death or incapacity.
• Grievance redressal — raise concerns about the handling of your data.

To exercise any of these rights, email support@shreyaadi.co.in from the address registered with your account. We will respond within 30 days. If you are not satisfied, you may escalate the matter to the Data Protection Board of India.

8. Security

We implement reasonable security safeguards including TLS 1.2+ in transit, encryption at rest for Firestore data, server-side hashing of staff PINs, strict Firebase Security Rules, HTTP security headers (HSTS, CSP, X-Frame-Options), rate limiting of login attempts, and least-privilege access for our team. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Breach Notification

In the event of a personal-data breach that is likely to cause harm, we will notify you and the Data Protection Board of India without undue delay, in accordance with the DPDP Act.

10. Third-Party Links

The Service may contain links to third-party websites or services (for example, WhatsApp, YouTube tutorial videos). We are not responsible for their content or privacy practices. Please review their policies separately.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified in-app or by email before they take effect. The "Last updated" date at the top always reflects the current version.

12. Contact Us

Grievance Officer: Col Vishal Sharma (Retd) — Proprietor, Shrey Aadi Defence Academy
Designation: Data Protection & Privacy Lead
Email: grievance@shreyaadi.co.in (general support: support@shreyaadi.co.in)
Response time: Within 30 days of receipt, per DPDP Act, 2023.
Operator: Shrey Aadi Defence Academy, India
Governing law: This Policy is governed by the laws of India. Courts at the principal place of business of Shrey Aadi Defence Academy shall have exclusive jurisdiction.

← Back to Shrey Aadi  ·  Terms of Service