← Pariksha 360
Privacy Policy
Effective date: 25 April 2026 · Last updated: 26 April 2026
Pariksha 360 is operated by Pariksha 360 ("we", "us"). This policy explains what personal data we collect when you use our Android app or website, how we use it, who we share it with, and the rights you have under India's Digital Personal Data Protection Act, 2023.
1. Who we are and how to contact us
For any privacy-related question, request, or grievance:
- Email: [email protected]
- Grievance officer: contact the same email with subject "Grievance"; we respond within 30 days as required under the DPDP Act.
2. What data we collect
2.1 Information you give us
- Name and email — required at signup. Used to identify your account, address you in the app, and send password resets and important account notifications.
- Phone number — optional. Used for OTP verification and parent/guardian notifications when you configure them.
- Demographics (gender, city, state, exam category) — optional, set in your profile. Used for cohort-level analytics and to suggest relevant exam categories. Never sold or shared with advertisers.
- Document scans — only if you use the in-app document scanner. The scanned file is stored against your account on our servers for OCR/categorization.
- Google account information — only if you choose Sign in with Google. We receive your name, email address, profile picture URL, and Google account identifier (the OAuth
sub) from Google. We use these solely to create/identify your Pariksha 360 account and to populate your profile. We do not request any other Google scopes for sign-in. See §13 for our Limited Use disclosure.
- Google Calendar data — only if you opt in to Calendar Sync. With your explicit consent we request the
https://www.googleapis.com/auth/calendar scope and create a dedicated calendar named "Pariksha 360 Study Plan" in your Google account. We write study-plan events to that calendar; we do not read events from your other calendars. You can disconnect at any time from app Settings → Calendar Sync, which revokes our token and stops further writes. See §13.
2.2 Information we collect automatically
- Device identifier. We generate a stable device identifier (using Android's installation ID + hardware fingerprint) and use it to enforce per-account device limits (max 5 devices per user) and to detect account abuse / multi-trial fraud. This identifier is reset when you uninstall and reinstall the app.
- IP address at signup and email verification — recorded for security audit purposes.
- App activity — which questions you answer, what you read, screen views, time spent on study sessions. Used to recommend the right next topic, track progress, and compute mastery via the Bayesian Knowledge Tracing model.
- Crash and diagnostic data — stack traces, device model, OS version. Sent to Firebase Crashlytics and Sentry. Includes your account ID so we can correlate a crash to your account if you report a problem.
- Push notification token — issued by Firebase Cloud Messaging when you allow notifications. Used solely to deliver study reminders and exam-related pushes.
2.3 Information we do not collect
- Precise or approximate location.
- Camera or microphone access by our app (the document scanner runs in a separate Google Play Services process that returns only the scan result).
- Contacts, calendar, SMS, or call logs.
- Advertising ID — explicitly suppressed in our app build.
- Web browsing history.
3. How we use your data
- Provide the service — render content, save your progress, sync across your devices.
- Personalise learning — recommend topics, surface weak areas, schedule revisions.
- Account security — enforce device limits, detect abuse, send alerts about new sign-ins.
- Communicate with you — password resets, exam updates, study reminders (you can disable any notification category in app Settings).
- Diagnose problems — investigate crashes and performance issues.
4. Who we share data with
| Recipient | What we share | Purpose |
|---|
| Google Sign-In | Name, email, profile picture URL, Google account ID — only if you choose Sign in with Google | Create or identify your Pariksha 360 account; populate your profile |
| Google Calendar | Calendar events only if you explicitly opt in to Calendar Sync | Write study-plan events to your authorised calendar |
| Firebase / Google | Crash reports (Crashlytics), analytics events (Analytics), push tokens (FCM) | Crash diagnostics, usage analytics, push delivery |
| Sentry | Crash reports + breadcrumbs | Crash diagnostics |
Google Fonts CDN (fonts.gstatic.com) | Anonymous HTTPS request for font files | Render text in the app's typeface; cached after first load |
We do not sell your data to third parties. We do not share your personal data with advertisers.
5. Where data is stored and how we protect it
- All API traffic is encrypted in transit (HTTPS/TLS) via our Caddy edge.
- The backend database lives on a private server in India.
- Your local device data (downloaded content, BKT cache) is stored in an encrypted SQLite database (SQLCipher) on your phone, with the encryption key in Android Keystore.
- Authentication tokens are stored using
flutter_secure_storage (Android Keystore).
- Optional App Lock uses your device biometric or PIN.
- We disable Android Auto Backup so your account data is not copied to your Google Drive — your authoritative copy lives on our servers.
6. How long we keep your data
- Active account: until you ask us to delete it.
- After you request deletion: your account is marked for permanent removal in 30 days. During this window you can sign back in to restore. After 30 days a daily job permanently strips your name, email, phone, devices, BKT mastery, notes, bookmarks, and other personal information. Your answer history and study telemetry are anonymised (linked to no identity) so we keep aggregate question-quality statistics without retaining anything that identifies you.
- Logs and backups: rolled and purged on a 30-day cycle.
7. Your rights under the DPDP Act, 2023
You have the right to:
- Access the personal data we hold about you — email [email protected].
- Correct inaccurate data — most fields can be edited in app Settings → Edit Profile.
- Erase your account — in-app at Settings → Delete Account, or via our web form.
- Withdraw consent for any optional data processing (notifications, analytics, calendar sync) — toggle in app Settings.
- Lodge a grievance — email us with subject "Grievance"; we respond within 30 days as required.
8. Children
Our service is intended for users 13 years of age and older. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, contact us and we will delete the account.
9. Push notifications
You can disable push notifications at any time from your device Settings or in app Settings → Notifications. Disabling them does not affect any other functionality.
10. Third-party SDKs in summary
| SDK | What it processes |
|---|
| Google OAuth 2.0 (Sign in with Google) | Name, email, profile picture URL, Google account sub — only when you choose Sign in with Google. See §13. |
| Google Calendar API | Only used if you opt in; writes events to a dedicated "Pariksha 360 Study Plan" calendar in your Google account. See §13. |
| Firebase Analytics | Screen views, custom events, app-open events. Linked to your account ID. |
| Firebase Crashlytics | Crash stack traces and device model. Linked to your account ID. |
| Sentry | Crash stacks and breadcrumbs. Linked to your account ID. |
| Firebase Cloud Messaging | Push notification token. Linked to your account. |
| Google Fonts CDN | Anonymous font file fetch. Not linked to you. |
11. Changes to this policy
We will post any updates to this page and adjust the "Last updated" date. Material changes (new categories of data we collect, new third-party processors) will be notified in app on next launch.
12. Contact
Questions, requests, or grievances: [email protected].
13. Google API Services — Limited Use disclosure
Pariksha 360's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google user data only to provide and improve user-facing features that are prominent in the Pariksha 360 app — namely Sign in with Google (account identification) and the optional Google Calendar Sync (writing study-plan events to a calendar you authorise).
- We do not transfer Google user data to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
- We do not use Google user data for serving advertisements, including retargeting, personalised advertising, or interest-based advertising.
- We do not allow humans to read your Google user data unless we have your explicit consent for specific data, it is necessary for security purposes (e.g., investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations in line with applicable privacy obligations.
You may revoke our access to your Google account data at any time at myaccount.google.com/permissions, or in app Settings → Calendar Sync (for Calendar) and Settings → Delete Account (for Google Sign-In linkage).
14. Terms of Service
Your use of the Service is also governed by our Terms of Service.