Privacy Policy

Last Updated: April 29, 2026

1. Who we are

Padhai Se Aage ("PSA", "we", "our", "us") operates the website padhaiseaage.com and the Padhai Se Aage Android application. We are based in India and may be contacted at support@padhaiseaage.com.

2. Audience

PSA is intended for users aged 13 and above. Accounts for users under 13 should be created and supervised by a parent or guardian. Sensitive in-app actions such as account deletion are gated by a parental challenge.

3. Information we collect

Account & profile: name, email, password hash, optional avatar, school name, city, state, role (student/teacher/admin).

App activity: courses enrolled, lesson progress, quiz results, XP/coins/streak, projects authored, items wish-listed, cart contents, orders placed.

Push tokens: Firebase Cloud Messaging device tokens so we can send you reminders and order updates.

Diagnostics: Firebase Analytics screen-view events and crash reports (no personally identifying content).

Photos & media: only if you tap an upload control (e.g. publishing a project thumbnail). We never read your gallery in the background.

Payment metadata: order ID, amount, payment status, shipping address. We do not store card numbers, UPI PINs, or CVVs; those are handled by Razorpay.

4. How we use your information

Operate your account and personalise lessons/projects.

Process orders and deliver kits.

Send push reminders, achievement nudges, and order updates.

Improve product quality (aggregated analytics, crash fixes).

Comply with Indian tax and consumer-protection law.

5. Sharing

We do not sell your personal data and we do not share it for advertising. We share the minimum required with the following processors:

Google Firebase (Auth, Firestore, Storage, Messaging, Analytics, Crashlytics) — hosting and infrastructure.

Razorpay — payment processing for kit purchases.

Shipping partners (e.g. Delhivery, India Post) — only the address fields needed to deliver your order.

Government / law-enforcement — only when compelled by valid legal process.

6. Data security

All traffic between the app and our servers uses TLS 1.2+. Auth tokens are stored in the OS keychain on Android. Firestore access is gated by per-document security rules that check the signed-in user's UID and role. Payment data never touches our servers in raw form.

7. Retention

Profile and progress: kept while your account is active.

Order and tax records: 7 years (Indian GST law), with the user reference anonymised after account deletion.

Server access logs: 90 days, then purged.

Push tokens: removed at sign-out.

8. Your rights

You can at any time:

Access & correct your profile from the Me tab (mobile) or Profile page (web).

Delete your account and personal data — see our Account & Data Deletion page for the in-app, web, and email-fallback options.

Opt out of push notifications from your device settings.

Export your data — email support@padhaiseaage.com.

9. Changes to this policy

We will revise the "Last Updated" date above and notify you in-app at next launch when material changes are made.

10. Contact

Privacy questions, deletion requests, or law-enforcement inquiries: support@padhaiseaage.com.