Back

Legal

Privacy Policy for Edyma AI / Edyma Academy

Effective date:
April 18, 2026
Last updated:
April 18, 2026

1. Introduction

Edyma AI (“we,” “our,” or “us”) provides an AI-powered educational platform designed for school-based environments. This policy describes how we handle data for our users (Students in Classes 5–10 and Teachers). We are committed to student privacy and maintain strict adherence to the Digital Personal Data Protection Act (DPDPA), 2023 and other applicable educational data protection standards.

2. Information We Collect

We collect data provided by educational institutions, as well as information generated through the use of the app:

  • Account Data: Names and school-issued email addresses. These accounts are provisioned by Edyma AI in coordination with the educational institution; users cannot create accounts independently within the app.
  • Profile Information: Users may optionally upload a profile picture. These images are stored in our secure database and are visible to the student's assigned teacher and school administrators to facilitate identification and classroom management.
  • Classroom Context: Grade level, section details, and academic year to deliver relevant curriculum.
  • Assignments: Answers submitted for evaluation and the resulting AI-generated feedback.
  • Audio Data (Voice-to-Text): The app uses the RECORD_AUDIO permission to allow users to speak prompts. Audio processing is handled entirely on the user's device using system-level libraries. Audio recordings are never transmitted to our servers, are not stored in our database, and are not shared with third parties.
  • User Interactions & Chat History: We store chat sessions between students and the AI “Ask” assistant. These interactions are saved in our secure database to provide learning continuity, safety monitoring, and quality assurance.
  • Diagnostic Data: We use Bugsnag to monitor app stability and performance. This includes non-identifiable technical data such as crash logs, device model, and OS version to help us troubleshoot errors.
  • Content: Teacher Learning Modules (TLM) including text and outlines. Images used within these modules are provided by Edyma AI and stored in our database; they do not contain personal student information.

3. App Permissions

The Edyma mobile app requests only the minimum Android permissions required for core functionality:

  • Internet (INTERNET): Required to communicate with our backend services for authentication, classroom content, and AI responses.
  • Microphone (RECORD_AUDIO): Used only when the user explicitly taps the voice input button. Audio is processed on-device via the system speech-to-text service and is never uploaded or stored.
  • Photos & Media (READ_MEDIA_IMAGES): Used only when the user chooses to upload a profile picture from their device. We do not access any other photos.

4. Data Usage & AI Processing

  • AI Tutoring: Queries submitted to the AI assistant are processed to generate educational responses. Personal identifiers (names, emails, or profile pictures) are never shared with AI sub-processors.
  • Academic Evaluation: AI is used to evaluate assignments to provide feedback on accuracy and conceptual understanding.
  • Visibility: Student performance data, chat histories, and profile pictures are shared exclusively with the student's assigned teacher and relevant school administrators.

5. Email Usage & Compliance

School-issued email addresses are used strictly for:

  • Secure authentication and account management.
  • Critical administrative notifications or account recovery.

Compliance: We do not use student or teacher emails for marketing, advertising, or any third-party commercial purposes.

6. Third-Party Services

  • Cloud Infrastructure: Data is securely hosted using Amazon Web Services (AWS) and managed via MongoDB.
  • Stability Monitoring: We use Bugsnag for real-time error reporting to ensure app reliability.
  • AI Processing: We utilize secure, enterprise-grade AI models for educational insights.

7. Data Sharing

We do not sell personal information. We share limited data only with:

  • The student's assigned teachers and school administrators, for legitimate educational purposes.
  • Sub-processors listed in Section 6, strictly to operate the service. These processors are bound by contract to protect user data and may not use it for any other purpose.
  • Law enforcement or regulators where required by applicable Indian law.

8. Security, Retention & Data Deletion

  • Encryption: All data is encrypted during transit (TLS/SSL) and at rest.
  • Retention: We retain academic records and chat histories for the duration of the school's contract to support the student's learning journey.
  • Data Deletion: As accounts are provisioned through schools, parents or school administrators can request the deletion of student data or profile pictures at any time. Upon a verified request from the school authority, we will securely purge the records from our servers within 30 days in accordance with DPDPA guidelines.
  • How to request deletion: Email team.edyma@gmail.com from your school-issued or registered address with the subject line “Data Deletion Request” and include the affected user's name and school.

9. Children's Privacy (DPDPA Compliance)

We comply with the Digital Personal Data Protection Act (DPDPA), 2023 regarding the processing of personal data of children. As a B2B service:

  • We process children's data based on the “Notice and Consent” framework where schools act as the authorized intermediaries for parental consent.
  • We do not engage in tracking, behavioral monitoring, or targeted advertising directed at children.
  • We maintain high standards of “Privacy by Design” to ensure no harm is caused to children through their use of the platform.

10. Your Rights

Subject to the DPDPA, 2023 and applicable law, users (or, in the case of children, their parents or school administrators acting on their behalf) have the right to:

  • Access the personal data we hold about them.
  • Request correction of inaccurate or incomplete data.
  • Request erasure of their personal data.
  • Withdraw previously given consent (this may limit the ability to use the service).
  • Lodge a grievance with us using the contact details in Section 12 below, or with the Data Protection Board of India.

11. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes we will update the “Last updated” date above and, where appropriate, notify schools by email. Continued use of the service after the update constitutes acceptance of the revised policy.

12. Contact & Grievance Officer

For data inquiries, grievances, or support:

We aim to acknowledge all grievances within 7 business days and resolve verified requests within 30 days.

13. Governing Law

This Privacy Policy is governed by the laws of India. Any disputes arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts located in India.