Privacy Policy

Introduction

Last Updated: 25 May 2026

1. About This Policy

This Privacy Policy ("Policy") explains how Ikiguru Technology Private Limited ("Ikiguru", "we", "our", "us"), a company incorporated under the Companies Act, 2013 with its registered office at 1409, 1410 & 1411, OCUS QUANTAM, Sector-51, Sadar Bazar, Gurgaon — 122001, Haryana, India, and Corporate Identification Number (CIN) U62099HR2026PTC145880, collects, uses, stores, transfers, and protects personal data when you access or use the Ikiguru mobile application ("App") and website at ikiguru.com ("Website"), together referred to as the "Platform".

This Policy is published in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"), the Information Technology Act, 2000 and the rules made thereunder (including the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021), and other applicable Indian laws.

Ikiguru is a career guidance and decision-support platform designed for students aged 13 to 18 years in India. We take the protection of young users' data seriously.

By accessing or using the Platform, you confirm that you have read this Policy and, where you are under 18 years of age, that a parent or legal guardian has reviewed and given verifiable consent in accordance with this Policy.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Information You Provide Directly

• Full name.
• Date of birth or age.
• Email address.
• Mobile phone number (optional).
• Class or grade, stream, subjects, and other academic preferences.
• Career interests, saved careers, saved colleges, and saved degrees.
• Profile picture, if you choose to upload one.
• Information submitted through contact, support, or grievance forms.

2.2 Parent or Guardian Information (for Users Under 18)

• Parent or guardian's full name.
• Parent or guardian's email address and mobile phone number.
• Relationship to the student (parent, legal guardian).
• Verifiable consent records, including consent timestamps and any identity verification token issued by an authorised provider (such as DigiLocker, where applicable).

2.3 Information We Collect Automatically

• Device type, operating system, app version, and unique device identifiers.
• App usage data, including pages visited, features used, search queries within the App, time spent on screens, and tap events.
• Approximate location (city or state level) inferred from your IP address. We do not collect precise GPS location.
• Session duration, crash logs, and diagnostic information.
• Referral source (how you found the Platform).

2.4 Information from AI Features (When Offered)

Where Ikiguru offers an AI-powered feature (such as the "Counsellor AI") and you choose to use it, we may collect:

• The questions, prompts, and messages you send to the AI feature.
• The responses generated by the AI feature.
• Conversation metadata such as timestamps, session identifiers, and any feedback you provide on AI responses.

See Section 7 (Artificial Intelligence Features) for how this information is processed.

2.5 Information We Do Not Collect

• We do not collect Aadhaar numbers, PAN, government ID images, or biometric data from students.
• We do not collect precise GPS location.
• We do not access your contacts, SMS, photos, microphone, or camera, except where you explicitly upload a profile picture.
• We do not collect health data, financial data beyond what is required for payment, or sensitive religious or political information.

3. How We Use Your Personal Data

We process personal data only for the following specific purposes, after obtaining your consent (and your parent's or guardian's verifiable consent, if you are under 18):

• To create and operate your Ikiguru account.
• To deliver career, stream, exam, degree, and college information and personalised recommendations.
• To respond to your queries, support tickets, and grievances.
• To send service-related communications (transactional emails and OTPs such as account verification, password resets, and security notifications).
• To send product updates, newsletters, or other communications, where you (and your parent or guardian, if under 18) have given separate consent. You may withdraw this consent at any time.
• To analyse aggregated usage patterns and improve the Platform, its content, and its features.
• To detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms of Service.
• To comply with applicable laws, court orders, or requests from competent authorities.

We do not use your personal data for behavioural advertising, advertising profiling, or for the purpose of tracking children's activity for advertising. We do not sell your personal data to any third party under any circumstances.

4. Legal Basis for Processing

Under the DPDP Act, we process your personal data only:

• With your consent (and, where you are under 18, with verifiable parental or guardian consent), which is free, specific, informed, unconditional, and unambiguous.
• For certain limited "legitimate uses" expressly permitted under Section 7 of the DPDP Act, such as responding to medical emergencies or complying with a legal obligation.

You may withdraw your consent at any time. See Section 13 (Your Rights Under the DPDP Act).

5. Sharing Personal Data with Third Parties

We do not sell, rent, or trade your personal data. We share personal data only with the following categories of recipients (called "Data Processors" under the DPDP Act), and only to the extent strictly necessary:

• Database provider — MongoDB, Inc. (MongoDB Atlas, Mumbai region, India) for hosting our primary application database. Personal data is stored on infrastructure located in India.
• Backend application hosting — our backend application server is hosted in Bangalore, India with [INSERT BANGALORE HOSTING PROVIDER].
• Authentication, push notifications, analytics, and crash reporting — Google LLC (Firebase Authentication, Firebase Cloud Messaging, Google Analytics for Firebase, and Firebase Crashlytics).
• Transactional email provider — Sendinblue SAS (operating as Brevo) for sending transactional emails such as account verification, password resets, and receipts.
• SMS and OTP provider — an Indian telecom partner registered under the TRAI DLT (Distributed Ledger Technology) framework, used for sending one-time passwords for account verification and parental consent verification. The specific provider may change from time to time.
• AI processing partners (described in Section 7) for operating the Counsellor AI feature for paid-tier users.
• Professional advisors such as auditors, accountants, and lawyers, under appropriate confidentiality obligations.
• Law enforcement, regulators, courts, and government authorities, where disclosure is required by law or to protect the rights, property, or safety of Ikiguru, our users, or the public.

Every Data Processor we engage is bound by a written contract requiring them to (i) process personal data only on our instructions, (ii) maintain reasonable security safeguards, (iii) not retain data longer than necessary, and (iv) cooperate with us in responding to user rights requests under the DPDP Act.

6. International Transfer of Personal Data

Our primary database and backend application servers are located in India (Mumbai and Bangalore respectively). However, some of our Data Processors are companies that are headquartered, or whose support and engineering teams operate, outside India. Where personal data is processed outside India:

• We transfer data only to countries that are not on the list of countries to which transfer is restricted by the Central Government of India under Section 16 of the DPDP Act, as updated from time to time.
• We require all overseas Data Processors to apply security and confidentiality standards equivalent to those required under Indian law.
• Cross-border processing applies primarily to (i) Google services (Firebase Authentication, Cloud Messaging, Analytics, and Crashlytics), and (ii) Sendinblue SAS / Brevo (headquartered in France), and (iii) our AI processing partners, where applicable.

If you have any questions about cross-border data transfers, please contact our Grievance Officer (see Section 16).

7. Artificial Intelligence Features

Ikiguru may, from time to time, make available AI-powered features, including (in future releases) an AI assistant referred to as the "Counsellor AI", which is intended to help students with questions about careers, streams, exams, degrees, and colleges. This Section 7 sets out how personal data is processed when you choose to use any such AI feature.

Any AI feature offered by Ikiguru:

• Is an artificial intelligence system, not a human counsellor. It may make mistakes, miss context, or produce outdated information.
• Does not replace qualified human career counsellors, teachers, or parents.
• Should not be relied on for medical, psychological, legal, or emergency advice.

Where you use such a feature, we may need to send your prompts and limited profile context (such as your stream and class) to third-party AI processing partners. These partners may be located in India or in other jurisdictions permitted under the DPDP Act. We will require all such partners to:

• Not use your data to train their models.
• Not retain your data beyond what is necessary to deliver a response.
• Maintain appropriate security and confidentiality safeguards.

Where we offer an AI feature, we may log AI conversations on our own servers in order to (i) provide you with conversation history, (ii) improve our prompts and content, and (iii) review safety incidents. You will be able to delete your AI conversation history at any time from the App.

We will obtain separate, specific consent (and parental or guardian consent, where you are under 18) before activating any AI feature on your account. AI features are not enabled by default.

8. Parental and Guardian Consent (Users Under 18)

Under the DPDP Act and the DPDP Rules, processing the personal data of a child (defined as any individual who has not completed eighteen years of age) requires the verifiable consent of a parent or legal guardian.

When you sign up and indicate that you are under 18:

• You will be asked to provide your parent or legal guardian's email address or mobile phone number.
• We will send a verification message to your parent or guardian explaining what data we collect, why, and how they can refuse, withdraw, or modify consent.
• Your parent or guardian must complete the verification (for example, an OTP confirmation or a verification token issued by an authorised identity provider such as DigiLocker) before your account is fully activated.
• We retain a record of each verification event, including timestamp, method, and parent/guardian contact, in order to demonstrate that consent was verifiable.

If we have reasonable doubt about the validity of any parental or guardian consent, we may pause or restrict the account until consent is re-verified.

A parent or legal guardian may at any time access, correct, or request deletion of their child's data, or withdraw consent, by writing to hello@ikiguru.com. See also our separate Children's Privacy Notice, which is written in plain language for parents and guardians.

9. Data Security

In accordance with Section 8(5) of the DPDP Act, Ikiguru implements reasonable security safeguards designed to protect personal data from unauthorised access, disclosure, alteration, loss, or destruction. These safeguards include:

• Encryption of personal data in transit using TLS 1.2 or higher.
• Encryption of personal data at rest where supported by our cloud infrastructure.
• Access controls limiting personal data access to authorised personnel on a need-to-know basis.
• Logging and monitoring of administrative access to personal data.
• Periodic review of our security controls, including vendor security where applicable.
• Secure software development practices, including code review and dependency scanning.
• Incident response procedures, including notification to the Data Protection Board of India and affected users as required under the DPDP Act.

No system is completely secure. We encourage you to use a strong, unique password, keep your device updated, and notify us promptly if you suspect unauthorised access to your account.

10. Data Retention

We retain personal data only for as long as is necessary for the purposes set out in this Policy or as required by applicable law:

• Active accounts: data is retained while your account is active and the Platform is being used.
• Inactive accounts: if your account is inactive for 24 consecutive months, we may notify you at your registered email and subsequently delete or anonymise the account data.
• Deleted accounts: when you delete your account, we will delete or anonymise your personal data within 30 days, except for data we are required to retain by law (for example, tax records, transaction records, or evidence of consent), which we will retain only for the period mandated by law and only for that purpose.
• AI conversation history (where AI features are offered and used): retained while your account is active, unless you delete it earlier.
• Verifiable parental consent records: retained for the duration of the user's account plus 7 years, in order to demonstrate compliance with the DPDP Act.

11. Cookies and Similar Technologies

The Ikiguru mobile application does not use cookies. It uses standard mobile software development kits (SDKs) for analytics and crash diagnostics, as described in Section 5.

The Ikiguru Website (ikiguru.com) uses a limited set of cookies and similar technologies, including:

• Strictly necessary cookies required for the Website to function.
• Analytics cookies (such as Google Analytics) used to understand aggregated traffic and improve the Website.

We do not use advertising cookies or third-party advertising trackers. Cookies set on the Website are deleted automatically when they expire or when you clear your browser data. You can also disable cookies through your browser settings, although some parts of the Website may not function correctly without them.

12. Children's Privacy Notice

We have published a separate Children's Privacy Notice, written in plain language for parents and guardians. It explains what data we collect from students, what parents and guardians can do, and how to contact us. The Children's Privacy Notice is available within the App (Settings → Privacy & Data → For Parents) and on our Website.

13. Your Rights Under the DPDP Act

As a Data Principal under the DPDP Act, you have the following rights with respect to your personal data:

• Right to access: request a summary of the personal data we hold about you and the processing activities we undertake.
• Right to correction and completion: request that we correct inaccurate or incomplete personal data.
• Right to erasure: request that we delete your personal data, subject to any legal retention obligations.
• Right to withdraw consent: withdraw any consent you have previously given, at any time.
• Right to nominate: nominate another person to exercise these rights on your behalf in the event of your death or incapacity.
• Right to grievance redressal: file a complaint with our Grievance Officer (Section 16) or, if unresolved, with the Data Protection Board of India.

All these rights are exercisable from within the Ikiguru App (Settings → Privacy & Data) or by writing to hello@ikiguru.com. We will respond to your request as soon as reasonably possible, and in any case within the timelines specified under the DPDP Rules.

14. Withdrawal of Consent

You (or your parent or guardian, if you are under 18) may withdraw consent for any specific processing activity at any time. Withdrawal is as easy as giving consent:

• Within the App: Settings → Privacy & Data → Manage Consents → toggle off the relevant consent.
• By email: write to hello@ikiguru.com from the registered email address.

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. Following withdrawal, we will stop the corresponding processing as soon as reasonably possible and may not be able to provide the related feature.

15. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, our Platform, or applicable law. When we do, we will:

• Revise the "Effective Date" and "Last Updated" date at the top.
• Notify registered users via email or in-App notification.
• Where the change is material, seek fresh consent before continuing to process your personal data.

Continued use of the Platform after the Effective Date of an update means you accept the updated Policy.

16. Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDP Act, Ikiguru has appointed the following Grievance Officer to address complaints related to your personal data or the Platform:

Name: Nimansh Jain

Designation: Director, Ikiguru Technology Private Limited

Address: 1409, 1410 & 1411, OCUS QUANTAM, Sector-51, Sadar Bazar, Gurgaon — 122001, Haryana, India

Email: hello@ikiguru.com

Working hours: Monday to Friday, 10:00 to 18:00 IST (excluding public holidays).

We will acknowledge your complaint within 24 hours of receipt and will endeavour to resolve it within 15 days, in accordance with the IT Rules, 2021. If your complaint relates to personal data and is not resolved to your satisfaction, you may escalate it to the Data Protection Board of India established under the DPDP Act.

17. Contact Us

For any questions about this Policy or our data practices, please contact us:

Ikiguru Technology Private Limited

Registered office: 1409, 1410 & 1411, OCUS QUANTAM, Sector-51, Sadar Bazar, Gurgaon — 122001, Haryana, India

CIN: U62099HR2026PTC145880

PAN: AAICI9045E

GSTIN: [INSERT GSTIN, if and when registered]

Email: hello@ikiguru.com

Website: https://ikiguru.com