Privacy Policy

NeoShiksha is a tutor-matching platform operated by NEOSHIKSHA, a sole proprietorship registered in India under Udyam registration UDYAM-DL-02-0113438. The platform connects parents in Delhi NCR and the Chandigarh Capital Region with verified home tutors. We are the data fiduciary for the personal information described in this policy under the Digital Personal Data Protection Act, 2023 (DPDP Act).

For the purpose of this policy, "we", "us", and "NeoShiksha" mean NEOSHIKSHA; "you" means any parent, teacher, or visitor whose data we process.

From parents

• Your name, WhatsApp number, and optional email
• Your city, zone, full address, and PIN code (so a tutor can reach you)
• Your child's date of birth, class, board, and subjects needed
• Your teaching preferences (mode, gender preference, schedule, expected fees)
• Payment details processed by Razorpay (we never store card numbers)

From teachers

• Name, phone number, email, gender, date of birth
• City, zone, locality, PIN code
• Qualifications, teaching experience, classes, boards, subjects
• Fees, available time slots, teaching mode
• Resume (mandatory at registration)
• Profile photo (encouraged after registration)
• Government ID — Aadhaar or Voter ID or Driving Licence — uploaded before the first demo
• Payment details processed by Razorpay

Collected automatically

• IP address and approximate location (city/state) for fraud prevention
• Device fingerprint (via FingerprintJS) to detect duplicate accounts
• Browser, operating system, and referring URL
• Pages visited and actions taken on the platform (event analytics)
• Crash and error reports (via Sentry) to keep the platform stable

We collect personal data for these specific purposes, and no others:

• Matching parents with the most suitable tutors in their zone
• Communicating with you about demo bookings, payments, and platform updates
• Processing payments for demo fees and teacher subscriptions
• Verifying teacher identity before they meet a parent
• Detecting and preventing fraudulent accounts and abuse
• Improving the platform based on how it is actually used
• Complying with our legal and tax obligations under Indian law

Personal data is stored on Supabase infrastructure in the Mumbai region (ap-south-1), with encryption at rest and in transit. Database access is restricted to authenticated server-side code and a small number of authorized administrators.

Sensitive documents (resumes, photos, government IDs) are stored in private object storage buckets that require a signed, time-limited URL to access. They are never linked publicly and never exposed in search engines.

Aadhaar, Voter ID, or Driving Licence images are collected from teachers only — and only before the first demo. We treat these with extra care:

• Only the document image is stored. We do not store the raw Aadhaar number, name, or other text fields extracted from it.
• Documents are visible only to authorized NeoShiksha administrators. They are never shared with parents, other teachers, or any third party.
• We use the document for one-time identity verification. We do not run UIDAI e-KYC API calls in our current version.
• Document images are auto-deleted 12 months after an account is deleted, in line with DPDP Act retention rules.
• Teachers may request deletion of their ID image at any time, except where retention is required by law (e.g., for an active fraud investigation).

We use a small set of vetted service providers to operate the platform. Each one receives only the data they need for their specific function:

• Supabase — primary database and file storage (Mumbai region)
• Razorpay — payment processing for demo fees and subscriptions
• Resend — transactional emails (booking confirmations, refunds, account updates)
• MSG91 or Twilio — SMS for one-time passwords and demo reminders
• FingerprintJS — anonymous device fingerprinting for fraud detection
• ip-api.com — approximate IP-based location for fraud detection
• Sentry — anonymized error reports and crash diagnostics
• Vercel — hosting and basic page-load analytics
• Google Sign-In — only if you choose to log in with a Google account

We do not sell personal data, share it for advertising, or pass it to marketing networks. We only disclose data to the third parties above as required to deliver the service, or to law enforcement when legally compelled.

We use a small number of first-party cookies and similar storage:

• Authentication cookies that keep you logged in
• An anonymous device fingerprint used only for fraud detection

We do not run third-party advertising cookies, retargeting pixels, or cross-site behavioural trackers. Vercel Analytics counts page views without using cookies or identifying individuals.

To protect honest parents and teachers from fake accounts and abuse, we silently log a small set of behavioural signals — IP address, device fingerprint, approximate geolocation, and event patterns — against each account. These signals are visible only to administrators and are used strictly to spot suspicious patterns. They are never sold, shared with advertisers, or used to profile you for any other purpose.

Behavioural records are retained for 12 months and then automatically purged.

• Active account data — kept for as long as your account is active
• Transactional records (payments, refunds, invoices) — kept for 8 years to comply with Indian tax and audit requirements
• Behavioural and fraud-detection signals — automatically deleted after 12 months
• Government ID images — deleted 12 months after account closure
• Marketing and support correspondence — deleted 24 months after the last interaction

When you ask us to delete your account, we erase or anonymize personal data within 30 days, except where law requires us to keep it for longer (e.g., financial records).

You have the following rights over the personal data we hold about you:

• Right to access — request a copy of the personal data we hold about you
• Right to correction — ask us to correct anything that is inaccurate or out of date
• Right to erasure — ask us to delete your data, subject to lawful retention obligations
• Right to withdraw consent — withdraw consent for any processing that depends on consent
• Right to grievance redressal — escalate any concern to our Grievance Officer
• Right to nominate — appoint another person to exercise your rights on your behalf in the event of incapacity

To exercise any of these rights, email privacy@neoshiksha.in from the email or phone number on your account. We respond within 30 days, as required by the DPDP Act 2023.

NeoShiksha does not create accounts for children. When a parent submits a requirement, we collect only the child's date of birth, class, board, and subjects — the minimum needed to match an age-appropriate tutor. The parent remains the data principal for the child's information, and is responsible for the accuracy of what they submit.

We do not show, share, or process the child's name, photo, school name, or any other identifying detail. We do not market to children.

• Encryption in transit (TLS 1.2 or higher) on every page
• Encryption at rest for all database tables and storage buckets
• Row-level security policies on the database so accounts cannot see each other's data
• Two-factor authentication on every administrator account
• Audit logs for every administrative action, with a mandatory reason field
• Limited access — only administrators who need data for a specific task can see it

No system is perfectly secure. If we ever experience a personal data breach, we will notify the Data Protection Board and affected users within the timelines set by the DPDP Act.

We may update this policy as the platform evolves or as the law changes. When we make a material change, we will update the "Last updated" date above and notify active users by email or in-app banner at least 14 days before the change takes effect.

Previous versions of this policy are available on request.

If you have any question about this policy or about how we handle your data, contact us at:

• Email — privacy@neoshiksha.in (privacy queries)
• Email — hello@neoshiksha.in (general queries)
• WhatsApp — +91 95555 77881

Grievance Officer: Deepak Kakkar, Founder, NEOSHIKSHA, Udyam UDYAM-DL-02-0113438. If you are not satisfied with our response, you may escalate to the Data Protection Board of India under the DPDP Act 2023.