Student Data Rights

This is not a wall of legal jargon designed to confuse you. This document explains, in plain language, what data we collect, why we collect it, and what rights you have. Pinaka is compliant with India's Digital Personal Data Protection Act (DPDP) 2023.

Your Rights as a Student

Right to Access

You can request a copy of all data we have about you. We will provide it within 30 days.

Right to Deletion

You can request complete deletion of your account and all associated data at any time.

Right to Portability

You can export your test history and analytics in a machine-readable format (JSON/CSV).

What We Collect

Account Information

• Email address (for login and communication)
• Phone number (optional, for OTP verification)
• Date of birth (to determine if parental consent is required)
• Parent/guardian contact (for minors under 18, used only for consent verification)

Test Performance Data

• Answers submitted during tests
• Time spent on each question
• Scores and percentiles
• Weakness patterns and topic-level analytics

Technical Data

• Device type and browser (for compatibility)
• IP address (for security and fraud prevention)
• Session logs (for debugging issues)

Location Data (Proctoring)

During proctored exams, we collect approximate location data derived from your IP address. This is used for:

• Exam integrity: Detecting unusual patterns that may indicate malpractice
• Analytics: Providing administrators with aggregated, anonymized geographic distribution of test-takers

Note: We do not collect precise GPS coordinates. Location is estimated at the city/region level only.

What We Do NOT Collect

Precise GPS location. We only use IP-based approximate location for proctoring purposes.
Financial data. Payments are processed by third-party providers (Razorpay). We never see your card details.
Biometric data. No face scans, fingerprints, or camera access.

How We Use Your Data

• To provide the service: Running tests, calculating scores, generating analytics.
• To improve our platform: Aggregated, anonymized data helps us build better questions.
• To communicate with you: Test reminders, feature updates, support responses.
• To ensure exam integrity: Detecting and preventing cheating through behavioral and location analysis.
• To comply with law: Legal requirements under DPDP Act and other regulations.

Who Sees Your Data

The Short Answer

Only you. Your parents do not have access to your scores. Ever.

Pinaka team: Only authorized employees with a legitimate need (support, debugging).
Exam administrators: See only aggregated, anonymized analytics (e.g., geographic distribution of test-takers).
Cloud providers: AWS hosts our infrastructure. Data is encrypted at rest and in transit.
Law enforcement: Only if required by valid legal order. We will notify you unless prohibited.

Data Retention

• Active accounts: Data is retained as long as your account is active.
• Deleted accounts: All personal data is permanently deleted within 30 days of account deletion.
• Analytics data: Aggregated, anonymized data may be retained indefinitely for research.
• Location data: Retained only for the duration of the exam session plus 90 days for audit purposes.

Security Measures

• All data is encrypted using AES-256 at rest
• All connections use TLS 1.3 encryption
• Regular security audits and penetration testing
• Access logs monitored for suspicious activity
• Secure password hashing with industry-standard algorithms

Grievance Officer

As required by DPDP Act 2023, we have appointed a Grievance Officer to address your data protection concerns:

Name: Data Protection Officer

Email: privacy@mypinaka.com

Response time: Within 48 hours

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email at least 7 days before they take effect. The "Last updated" date at the top will always reflect the current version.

Your Rights as a Student

Right to Access

You can request a copy of all data we have about you. We will provide it within 30 days.

Right to Deletion

You can request complete deletion of your account and all associated data at any time.

Right to Portability

You can export your test history and analytics in a machine-readable format (JSON/CSV).

What We Collect

Account Information

• Email address (for login and communication)
• Phone number (optional, for OTP verification)
• Date of birth (to determine if parental consent is required)
• Parent/guardian contact (for minors under 18, used only for consent verification)

Test Performance Data

• Answers submitted during tests
• Time spent on each question
• Scores and percentiles
• Weakness patterns and topic-level analytics

Technical Data

• Device type and browser (for compatibility)
• IP address (for security and fraud prevention)
• Session logs (for debugging issues)

Location Data (Proctoring)

During proctored exams, we collect approximate location data derived from your IP address. This is used for:

• Exam integrity: Detecting unusual patterns that may indicate malpractice
• Analytics: Providing administrators with aggregated, anonymized geographic distribution of test-takers

Note: We do not collect precise GPS coordinates. Location is estimated at the city/region level only.

How We Use Your Data

• To provide the service: Running tests, calculating scores, generating analytics.

• To improve our platform: Aggregated, anonymized data helps us build better questions.

• To communicate with you: Test reminders, feature updates, support responses.

• To ensure exam integrity: Detecting and preventing cheating through behavioral and location analysis.

• To comply with law: Legal requirements under DPDP Act and other regulations.

Who Sees Your Data

The Short Answer

Only you. Your parents do not have access to your scores. Ever.

Pinaka team: Only authorized employees with a legitimate need (support, debugging).

Exam administrators: See only aggregated, anonymized analytics (e.g., geographic distribution of test-takers).

Cloud providers: AWS hosts our infrastructure. Data is encrypted at rest and in transit.

Law enforcement: Only if required by valid legal order. We will notify you unless prohibited.

Data Retention

• Active accounts: Data is retained as long as your account is active.

• Deleted accounts: All personal data is permanently deleted within 30 days of account deletion.

• Analytics data: Aggregated, anonymized data may be retained indefinitely for research.

• Location data: Retained only for the duration of the exam session plus 90 days for audit purposes.

Zero-Snitch Architecture

Your Rights as a Student

Right to Access

Right to Deletion

Right to Portability

What We Collect

Account Information

Test Performance Data

Technical Data

Location Data (Proctoring)

What We Do NOT Collect

How We Use Your Data

Who Sees Your Data

Data Retention

Security Measures

Grievance Officer

Changes to This Policy

Student Data Rights

Zero-Snitch Architecture

Your Rights as a Student

Right to Access

Right to Deletion

Right to Portability

What We Collect

Account Information

Test Performance Data

Technical Data

Location Data (Proctoring)

What We Do NOT Collect

How We Use Your Data

Who Sees Your Data

Data Retention

Security Measures

Grievance Officer

Changes to This Policy