Privacy Policy

We process your personal data for the following purposes:

• To create and manage your account
• To deliver course content and track your learning progress
• To process payments and issue receipts and GST-compliant invoices
• To send transactional communications (account confirmation, purchase receipts, course updates)
• To send promotional or educational communications - only where you have opted in
• To personalise course recommendations based on your activity
• To comply with applicable Indian laws and regulatory obligations
• To detect and prevent fraud, abuse, or unauthorised access
• To improve Platform features and user experience through analytics

Under the DPDP Act, 2023, we process your personal data on the following grounds:

• Consent - you provide explicit, informed consent at the point of registration and at relevant data collection points
• Contractual necessity - processing required to deliver the courses and services you have purchased
• Legal obligation - compliance with Indian tax laws (GST), financial regulations, and court orders
• Legitimate interests - fraud prevention, platform security, and aggregate analytics, balanced against your rights

You may withdraw consent at any time by contacting us. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal, but may impact your ability to use certain features of the Platform.

We do not sell your personal data. We may share your data in the following circumstances:

• With payment gateway providers (e.g. Razorpay, Stripe) to process transactions
• With cloud infrastructure providers (e.g. AWS, Google Cloud) for Platform hosting and storage
• With analytics providers (e.g. Google Analytics) for aggregated usage insights
• With email service providers for transactional and marketing communications
• With professional advisors (lawyers, auditors) under strict confidentiality obligations
• With government authorities or regulators where required by Indian law, court order, or legal process
• In connection with a business restructuring, merger, or acquisition, subject to the acquirer upholding this policy

All third-party data processors are bound by data processing agreements that require them to protect your data to at least the same standard as this policy.

As a platform operated by a Malaysian entity with infrastructure potentially hosted internationally (e.g. cloud servers in Singapore or the US), your data may be transferred outside India. We ensure such transfers comply with the DPDP Act’s provisions on cross-border transfers and that adequate data protection safeguards are in place with receiving parties.

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data: retained for the duration of your account plus 3 years after closure
• Payment and transaction records: retained for 8 years in compliance with Indian accounting and GST requirements
• Course activity data: retained for the lifetime of your account
• Analytics data: retained in anonymised/aggregated form indefinitely

On account deletion, we will erase or anonymise your personal data unless retention is required by law.

We implement appropriate technical and organisational measures to protect your data, including:

• SSL/TLS encryption for all data in transit
• Encrypted storage of passwords using industry-standard hashing
• Role-based access controls limiting staff access to personal data
• Regular security assessments and vulnerability testing
• Incident response procedures in case of a data breach

In the event of a personal data breach that poses a risk to your rights, we will notify the relevant Data Protection Board and, where required, affected users, in accordance with the DPDP Act.

Under the DPDP Act, 2023, you have the following rights:

• Right to Access - you may request a summary of the personal data we hold about you and how it is being processed
• Right to Correction - you may request correction of inaccurate or incomplete data
• Right to Erasure - you may request deletion of your data, subject to legal retention obligations
• Right to Grievance Redressal - you have the right to raise a complaint with us and to escalate to the Data Protection Board of India if unresolved
• Right to Nominate - you may nominate another individual to exercise your rights in the event of your death or incapacity

To exercise any of these rights, please submit a written request to privacy@devitlearn.com. We will respond within 30 days.

In accordance with the IT Act and SPDI Rules, we have designated a Grievance Officer to address data-related concerns:

We encourage you to contact us directly before escalating any concern to the Data Protection Board of India.

The Platform is open to users of all ages, including students under 18 years of age, subject to the following:

• Users under 18 must have the verifiable consent of a parent or legal guardian to register and use the Platform
• Parents or guardians registering on behalf of a minor are responsible for ensuring the accuracy of the information provided and for supervising the minor’s use of the Platform
• We do not knowingly collect personal data from children under 18 without verifiable parental or guardian consent
• We do not serve behavioural advertising to users identified as minors
• Parents or guardians may request access to, correction of, or deletion of a minor’s data by contacting us at privacy@devitlearn.com

If we become aware that we have collected personal data from a child under 18 without appropriate parental consent, we will take prompt steps to delete such data.

We use cookies and similar tracking technologies on the Platform. Please refer to our Cookie Policy for full details on the types of cookies used, their purpose, and how to manage your preferences.

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. We will notify registered users of material changes via email or a prominent notice on the Platform at least 15 days before the changes take effect. Your continued use of the Platform after that period constitutes acceptance of the updated policy.

For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact: