Privacy Policy

1. Introduction

PLANITT SOLUTIONS PVT LTD ("we", "us", or "our") is a company incorporated under the laws of India, operating a SaaS-based EdTech and FinTech platform accessible via web and mobile applications. We are committed to protecting the privacy and security of the personal data of our users ("you", "user") in accordance with the Information Technology Act, 2000 ("IT Act"), the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

This Privacy Policy explains how we collect, use, store, share, and protect your personal data. By accessing or using our platform, you consent to the practices described herein.

2. Information We Collect

2.1 Personal Information You Provide

• Full name
• Email address
• Mobile phone number
• Billing and payment information (processed via Razorpay / Stripe)
• Geographic location (when you grant permission)
• Account credentials (username, password — stored in hashed form)

2.2 Information Collected Automatically

• Device information (model, OS version, unique device identifiers)
• IP address and approximate location derived from it
• Browser type, version, and settings
• App usage data, clickstream data, session duration
• Cookies and similar tracking technologies

2.3 Information from Third Parties

• Authentication data when you sign in via Google OAuth
• Payment status, transaction IDs, and related metadata from Razorpay / Stripe
• Analytics and crash-reporting data from integrated SDKs

3. Purpose of Data Collection

We collect and process your personal data for the following purposes:

• Account Management: Account creation, identity verification, and authentication
• Education Services: Providing access to course content, assessments, and personalised learning paths
• Payments & Subscriptions: Processing subscription fees, managing recurring billing, and issuing invoices
• Communications: Delivering platform notifications, course updates, and transactional messages
• Analytics & Improvement: Improving app performance, personalising user experience, and conducting A/B tests
• Legal Compliance: Complying with the IT Act, DPDP Act, RBI guidelines, and other applicable Indian laws
• Security: Detecting fraud, unauthorised access, and security threats

4. Legal Basis for Processing

Under the DPDP Act, 2023, we process your personal data on the following lawful bases:

• Consent — You have provided explicit consent at the time of registration or when granting location/payment permissions.
• Contractual Necessity — Processing is necessary to fulfil our subscription and service agreement with you.
• Legitimate Interests — For analytics, security monitoring, and platform improvement.
• Legal Obligation — To comply with applicable Indian laws, RBI directions, and court orders.

5. Sensitive Personal Data or Information (SPDI)

Under the SPDI Rules, payment information constitutes Sensitive Personal Data. We apply the following additional safeguards:

• Payment card details are never stored on our servers; they are tokenised and processed exclusively through PCI-DSS-compliant gateways (Razorpay / Stripe).
• You will be asked for separate, explicit consent before we collect or process any SPDI.
• You have the right to withdraw your consent to SPDI processing at any time.

6. Third-Party Sharing and Disclosure

We do not sell or rent your personal data. We may share your data with:

• Razorpay / Stripe — for payment processing and recurring subscription management
• Google LLC — for OAuth authentication and analytics (subject to Google's Privacy Policy)
• Cloud infrastructure providers — for secure data hosting (data stored within India where required by law)
• Law enforcement or regulatory authorities — when required by a court order, SEBI, RBI, or other competent authority
• Successor entities — in the event of a merger, acquisition, or asset sale (you will be notified)

All third-party processors are contractually bound to handle your data in accordance with applicable Indian law and equivalent data protection standards.

7. Data Retention

We retain your personal data only as long as necessary for the purposes stated above or as required by law:

• Account and profile data — for the duration of your account, plus 5 years post-closure
• Payment records and transaction logs — 8 years (as mandated by RBI and Indian tax law)
• Usage and analytics data — 2 years in anonymised form
• Location data — session-only, not stored persistently unless you opt in

8. Your Rights Under the DPDP Act, 2023

As a Data Principal, you have the following rights, exercisable by contacting us at planitt.official@gmail.com:

• Right to Access — Obtain a summary of the personal data we hold about you.
• Right to Correction — Request correction of inaccurate or incomplete data.
• Right to Erasure — Request deletion of your data, subject to legal retention obligations.
• Right to Grievance Redressal — Lodge a complaint with our Data Protection Officer (DPO) and escalate to the Data Protection Board of India.
• Right to Nominate — Nominate another individual to exercise rights on your behalf in case of death or incapacity.

We will respond to all valid requests within 30 days.

9. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies on our web application. You can manage your cookie preferences through your browser settings. Disabling cookies may affect the functionality of certain features.

• Essential Cookies — Required for login sessions and security.
• Analytics Cookies — Help us understand usage patterns (can be opted out).
• Payment Cookies — Set by Razorpay / Stripe for secure transaction processing.

10. Security

We implement industry-standard security measures including TLS 1.2+ encryption for data in transit, AES-256 encryption for data at rest, role-based access controls, regular vulnerability assessments, and security audit logging. In the event of a data breach, we will notify affected users and the relevant authority as required by the DPDP Act.

11. Children's Privacy

Our platform may be accessed by students. Where a user is below the age of 18, we require verifiable parental or guardian consent before collecting or processing their personal data, in compliance with the DPDP Act, 2023. We do not knowingly collect personal data from children under 13.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 15 days prior to the change taking effect. Continued use of the platform after such notice constitutes your acceptance of the revised policy.

13. Grievance Officer

In accordance with the IT Act, 2000 and DPDP Act, 2023, we have designated a Grievance Officer:

Name: [Grievance Officer Name]

Email: planitt.official@gmail.com

Address: S2, Renuka sai mandir,Gorewada Road 440013, India

You may submit your grievance in writing; we will acknowledge it within 48 hours and resolve it within 30 days.