How we protect student data.
Children's data deserves the highest standard of care. Abhigyaan is built around that principle, governed by India's Digital Personal Data Protection (DPDP) Act 2023 and aligned with the strictest school-data norms.
Encryption
All data encrypted in transit (TLS 1.2+) and at rest (AES-256). Key rotation and customer-managed keys available for enterprise tiers.
Indian data residency
Hosted in Indian data centres by default. Region-specific deployment available for international schools.
Parental consent
Explicit parental consent collected for under-18 learners during onboarding. Easy revocation; per-feature consent supported.
What we collect
Only what's needed to teach and operate the school: attendance, academic performance, AI tutor interactions (summarised), VR lab telemetry, communication preferences.
What we don't do
We don't sell student or parent data. We don't use student inputs to train external AI models. We don't enable third-party advertising.
Retention
Student records retained for the duration of enrolment plus 90 days. Audit and HPC records retained per school policy (typically 7 years).
Rights of parents and students
View what's stored, request correction, request export, request deletion (subject to legal obligations) — all via the parent app or by writing to data-protection@qodequay.com.
Incident response
Documented breach notification process. Parents and schools notified within 72 hours of confirmed material incidents, per DPDP Act expectations.
For data protection enquiries:
Last reviewed: 2026-05-30. We review this page at least annually and on every material change.