Privacy Policy

1. INTRODUCTION

LenV ("we", "us", "our") is an AI-powered educational technology platform operated by Learning Environment Network, headquartered in Chennai, Tamil Nadu, India. We provide school management, AI-powered student assessment, diagnostic tools, parent-teacher communication, and gamified learning features through our mobile application and web platform.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, how we protect it, and your rights regarding your data.

By downloading, installing, or using the LenV application or website, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

This policy applies to all users of LenV including Students, Teachers, Parents, and School Administrators.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

For School Administrators / Principals:

• Full name
• Designation and school name
• Official email address
• Phone number
• School address and board affiliation (CBSE / Matriculation)
• Number of students enrolled

For Teachers:

• Full name
• Email address
• Subject(s) taught
• Class and section assignments
• School affiliation

For Parents:

• Full name
• Email address
• Phone number (optional — used only if provided voluntarily)
• Relationship to student

For Students:

• Full name
• Class and section
• School name
• Date of birth (to verify age group for content appropriateness)
• Gender (optional)
• Student roll number or ID (assigned by school)

Note: Student accounts are created by teachers or school administrators, NOT by students directly. Students do not self-register.

2.2 Information Generated Through App Usage

• Assessment and test responses (MCQ answers)
• Test scores and performance history
• Conceptual errors logged in the Deep Mistake Book
• Attendance records
• Rewards points earned and redeemed
• App session data (login times, feature usage)
• Device type, OS version, app version

2.3 Information Collected Automatically

• Device identifiers (Android ID, device model)
• IP address
• Crash logs and error reports
• Firebase Analytics events (anonymized)
• Push notification token (for missed-test alerts)

2.4 Information We Do NOT Collect

• Payment card details (no payments processed in the free tier)
• Biometric data
• Precise GPS location
• Photos or camera access (except if teacher uploads a profile picture voluntarily)
• Contacts list
• Microphone access
• Browsing history outside the LenV app

3. HOW WE USE YOUR INFORMATION

We use the data collected for the following purposes:

3.1 To Provide Core App Functionality

• Creating and managing user accounts across four roles (Student, Teacher, Parent, School)
• Generating AI-powered MCQ tests aligned to CBSE/Matric syllabus
• Auto-grading assessments and storing results
• Building and maintaining each student's Deep Mistake Book
• Triggering custom revision tests based on accumulated errors
• Generating teacher diagnostic dashboards
• Creating AI Mind Maps for classroom use
• Recording and storing digital attendance
• Delivering push notifications for missed tests
• Enabling teacher-to-parent messaging without phone number exposure
• Managing gamified rewards and parent-approval workflows

3.2 To Improve Our Services

• Analysing anonymized usage patterns to improve product features
• Monitoring app performance, bugs, and crash reports
• Conducting internal research on learning outcome improvements

3.3 To Communicate With You

• Sending service-related notifications (test reminders, missed-test alerts, reward approvals)
• Responding to support requests
• Sending onboarding guidance to new schools (email only)

3.4 To Comply With Legal Obligations

• Maintaining records as required under Indian law
• Responding to valid legal requests from government authorities

We do NOT use student data for advertising or ad targeting, selling to third parties, profiling for commercial purposes, or training AI models on identifiable student data.

4. LEGAL BASIS FOR PROCESSING (DPDPA 2023 + GDPR Awareness)

Under India's Digital Personal Data Protection Act 2023:

• Consent: Obtained during account registration for all adult users
• Legitimate Interest: App functionality, safety, and security
• Legal Obligation: Compliance with Indian IT laws and court orders

For children under 18 (students):

• Verifiable parental/guardian consent is obtained through the school administrator or parent account before any student account is activated
• Schools act as Data Fiduciaries on behalf of student users
• LenV operates as a Data Processor under the school's authority for student data

5. DATA SHARING AND THIRD PARTIES

5.1 Service Providers We Share Data With

We share minimal necessary data with trusted third-party service providers solely to operate LenV:

All third-party providers are contractually bound to process data only for specified purposes, maintain security controls, avoid resale, and delete data after termination.

5.2 We Do NOT Share Data With

• Advertisers or ad networks
• Data brokers
• Any third party for commercial purposes
• Other schools or institutions
• Any government body except under valid legal order

5.3 Business Transfers

In the event of a merger, acquisition, or sale of LenV, user data may be transferred. Users will be notified via email and in-app notice at least 30 days prior.

6. DATA STORAGE AND RETENTION

Storage Location: All data is stored on Google Firebase infrastructure with servers located in the asia-south1 (Mumbai, India) region by default.

Retention Periods:

• Active student data: Retained for the duration of the school's active subscription or until deletion is requested
• Inactive accounts: Deleted after 12 months of inactivity
• Test and assessment data: Retained for 3 academic years for performance tracking purposes
• Attendance records: Retained for 3 years
• Crash logs and anonymous analytics: Retained for 90 days
• Support correspondence: Retained for 2 years

Upon account deletion request: All personally identifiable data is deleted within 30 days. Anonymized, aggregated statistical data may be retained indefinitely if it cannot be linked to individuals.

7. DATA SECURITY

We implement the following technical and organizational measures:

Technical Measures

• All data in transit encrypted using TLS 1.3 (HTTPS enforced)
• All data at rest encrypted using AES-256 via Firebase built-in encryption
• Firebase Security Rules with role-based access control
• Firebase Authentication with secure session management and token expiry
• Cloudflare Worker API endpoints protected with JWT bearer token validation
• Rate limiting on API endpoints
• No plaintext passwords stored; all passwords secured through Firebase Authentication
• Regular dependency audits and security patches

Organizational Measures

• Production data access restricted to core engineering team only
• No customer support personnel have direct database access
• Incident response plan in place for breaches
• Annual internal security review

In case of a data breach affecting user data, we will notify affected users within 72 hours, report to India's Data Protection Board as required, and publish a notice on lenv1.tech within 72 hours.

8. CHILDREN'S PRIVACY (Google Families Policy Compliance)

LenV serves students aged 6 to 18. We apply strict child data safeguards.

• Student accounts are created only by verified teachers or school administrators
• No advertisements are shown to students
• Only minimum necessary student data is collected
• No student data sharing for commercial purposes
• No profile-building for targeting or marketing
• Parents may request access, correction, or deletion via privacy@lenv1.tech
• AI processing uses anonymized question-response pairs; no student names are passed to AI APIs

We align with Google Play Families Policy, DPDPA 2023 child data provisions, and COPPA awareness principles for future international compliance.

9. YOUR RIGHTS

Under India's DPDPA 2023, users have rights to Access, Correction, Erasure, Grievance Redressal, Nomination, and Withdrawal of Consent.

• Request a copy of personal data
• Request correction of inaccurate data
• Request deletion of personal data (except legally required retention)
• File a complaint with the Grievance Officer and escalate if unresolved
• Nominate another individual to exercise rights if needed
• Withdraw consent at any time

To exercise rights, email privacy@lenv1.tech. We respond within 30 days.

10. GRIEVANCE OFFICER (Mandatory under IT Rules 2011 + DPDPA)

In accordance with the Information Technology Rules and DPDPA 2023, LenV has appointed a Grievance Officer:

• Name: [Grievance Officer Name]
• Designation: Data Privacy Officer
• Organization: LenV – Learning Environment Network
• Email: grievance@lenv1.tech
• Address: Chennai, Tamil Nadu, India
• Response Time: Within 30 days of receipt of complaint

11. COOKIES AND TRACKING (Web Platform)

The LenV website uses essential cookies (session auth and CSRF protection) and analytics cookies (GA4: _ga, _gid) which can be disabled via browser settings.

We do NOT use advertising cookies, third-party tracking pixels, or Facebook Pixel-like marketing trackers.

12. THIRD-PARTY LINKS

The LenV app or website may include links to third-party resources (for example NCERT or CBSE resources). We are not responsible for their privacy practices and recommend reviewing their policies before sharing personal data.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect legal, technical, or operational changes.

• "Last Updated" date will be revised
• In-app notice will be shown to active users
• For significant student-data changes, school administrators receive at least 14 days prior email notice

Continued use of LenV after the effective date means acceptance of the updated policy.

14. CONTACT US

For privacy questions, requests, or concerns:

Email: privacy@lenv1.tech
Grievance: grievance@lenv1.tech
Website: https://lenv1.tech/contact
Address: LenV – Learning Environment Network, Chennai, Tamil Nadu, India

We respond to privacy inquiries within 30 days.