Privacy Policy

This Privacy Policy is issued by Tutelage Education Services Private Limited ("Company", "We", "Us", "Our"), operating the SelfEnabler platform at selfenabler.com. The terms "You", "Your", "User" refer to any person accessing or using the platform.

This Privacy Policy is published in compliance with the Digital Personal Data Protection (DPDP) Act, 2023, the DPDP Rules, 2025, and the Information Technology Act, 2000, as amended. It constitutes a legally binding electronic record and does not require physical or digital signature.

SelfEnabler is an AI-powered self-learning and assessment platform designed primarily for students in Classes 6 to 12. The majority of our users are children below the age of 18 years. We recognise the heightened responsibility this places on us and have designed our data practices accordingly.

By using the platform, or by a parent or lawful guardian providing consent on behalf of a child, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the platform.

"Child" means any individual who has not completed 18 years of age, as defined under Section 2(f) of the DPDP Act, 2023.

"Data Principal" means the individual to whom the personal data relates. Where the Data Principal is a child, the parent or lawful guardian acts on their behalf.

"Data Fiduciary" means the entity that determines the purpose and means of processing personal data. Tutelage Education Services Private Limited is the Data Fiduciary for data processed through SelfEnabler.

"Consent" means free, specific, informed, unconditional, and unambiguous indication of the Data Principal's wishes, given through a clear affirmative action.

Since the majority of SelfEnabler users are students below 18 years of age, the following enhanced protections apply to all data processed through the platform:

(a) Verifiable Parental Consent: We obtain verifiable consent from a parent or lawful guardian before processing any child's personal data. This consent is obtained during the registration process through mobile OTP verification linked to the parent's registered mobile number, establishing a clear linkage between the consenting adult and the child. Parents may withdraw consent at any time by contacting our Data Protection Officer.

(b) No Tracking or Profiling for Commercial Purposes: SelfEnabler does not engage in behavioural monitoring, tracking, or targeted advertising directed at children, as prohibited under Section 9(3) of the DPDP Act, 2023. We do not share children's data with advertisers or commercial third parties.

(c) No Behavioural Advertising: The platform does not serve targeted advertisements to any user, including children. There are no third-party ad networks, tracking pixels, or commercial data brokers integrated into the platform.

(d) Educational Analytics Only: Any learning analytics performed (such as Bloom's Taxonomy-based cognitive profiling, topic-wise performance tracking, and speed vs accuracy analysis) are strictly for educational purposes — to help students understand their learning gaps and help parents monitor academic progress. These analytics are never used for commercial profiling or shared with third parties.

(e) Data Minimisation: We collect only the minimum personal data necessary for the educational services we provide. We do not collect biometric data, health information, or psychometric profiles. Optional fields are clearly marked and disabled by default.

We collect the following categories of personal data, only as necessary for providing educational services:

Student Registration Data: First name, middle name (optional), last name, email address, mobile number, board, class, and password. This data is collected at the time of registration with verifiable parental consent.

Academic Data: Assessment responses, test scores, Bloom's Taxonomy cognitive profiles, topic-wise performance data, attempt history, and AI Guru learning session data. This data is generated through the student's use of the platform and is used exclusively for educational purposes.

Parent Data: Parent's name, email, and mobile number — collected for the purposes of providing verifiable parental consent, sending academic progress reports, and enabling the parent dashboard.

Technical Data: IP address, device type, browser information, and session data — collected automatically for platform security, fraud prevention, and service delivery. This data is not used for commercial profiling.

Contact Enquiry Data: Name, email, phone, and message content submitted through the contact form — used exclusively for responding to enquiries and is not used for marketing without separate consent.

We process personal data only for the following specified, lawful purposes:

(a) To create and manage student accounts and authenticate users.

(b) To deliver curriculum-aligned assessments and generate Bloom's Taxonomy-based learning reports.

(c) To enable AI Guru guided learning sessions, including multilingual concept teaching.

(d) To provide parents with academic progress visibility through the parent dashboard.

(e) To communicate important account and service updates (not marketing) to registered users.

(f) To ensure platform security, prevent fraud, and detect unauthorised access.

(g) To respond to contact enquiries and demo requests.

We do not process personal data for any purpose beyond what is stated above. Any new purpose will require fresh consent from the Data Principal or their guardian.

SelfEnabler uses only essential cookies necessary for platform functionality, including session management, authentication tokens, and security. We do not use third-party analytics cookies, advertising cookies, or cross-site tracking technologies.

No cookie-based profiling or behavioural tracking is performed on any user, including children.

We do not sell, rent, or trade personal data of any user, including children, to any third party.

We may share personal data only in the following limited circumstances:

(a) With AI service providers (such as Google Gemini, OpenAI, Groq) strictly for processing AI Guru learning sessions. These providers process data as Data Processors under contractual obligations that prohibit them from retaining, using, or sharing the data for any other purpose. No student personally identifiable information is sent to AI providers — only anonymised academic context.

(b) With payment processors (such as Razorpay) strictly for processing package purchases, in compliance with PCI-DSS standards.

(c) When required by law, by any court order, or by a governmental authority for verification, investigation, or prosecution of offences.

(d) With our hosting and infrastructure providers who process data under strict data processing agreements aligned with the DPDP Act.

We retain personal data only for as long as necessary for the purposes for which it was collected:

Active student records: Retained during the period of active use plus 1 year after the last login, after which the account is automatically deactivated and data is scheduled for deletion.

Assessment and academic data: Retained for 3 years from the date of creation for academic continuity and improvement tracking.

Contact enquiry data: Retained for 6 months after the enquiry is resolved.

Technical logs: Retained for 90 days for security purposes, then automatically deleted.

Upon request from a parent or guardian, or upon withdrawal of consent, we will delete the child's personal data within 30 days, except where retention is required by law.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction:

(a) All data in transit is encrypted using TLS 1.2 or higher.

(b) Passwords are stored using industry-standard one-way hashing (bcrypt).

(c) Database access is restricted to authorised personnel with role-based access controls.

(d) The platform is hosted on secured infrastructure with firewall protection and regular security audits.

(e) We conduct periodic vulnerability assessments and maintain an incident response plan specifically designed for data involving children.

Under the DPDP Act, 2023, Data Principals (or parents/guardians acting on behalf of children) have the following rights:

Right to Access: You have the right to obtain a summary of the personal data being processed and the processing activities undertaken.

Right to Correction and Erasure: You have the right to request correction of inaccurate or incomplete data, and erasure of data that is no longer necessary for the stated purpose.

Right to Withdraw Consent: You may withdraw consent at any time. Upon withdrawal, we will cease processing and delete the relevant data within 30 days, except where retention is required by law.

Right to Grievance Redressal: You have the right to submit complaints regarding data processing to our Data Protection Officer, and if unresolved, to the Data Protection Board of India.

Right to Nominate: You have the right to nominate another individual to exercise your rights in case of death or incapacity.

To exercise any of these rights, please contact our Data Protection Officer at the address provided below.

In the event of a personal data breach, we will:

(a) Notify the Data Protection Board of India promptly upon discovery of the breach.

(b) Notify affected Data Principals (parents/guardians of affected children) promptly, with details of the nature of the breach, the data involved, and the remedial measures taken.

(c) Given that our users are predominantly children, we apply a heightened standard of urgency and care in breach response, recognising the enhanced vulnerability of minors.

Our platform may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage parents to review the privacy policies of any external site their child may visit.

We may update this Privacy Policy from time to time to reflect changes in law, our practices, or the features of the platform. Any material changes will be communicated to registered users via email or in-platform notification. Continued use of the platform after such notification constitutes acceptance of the updated policy.

This Privacy Policy was last updated on 2 April 2026.

In accordance with the DPDP Act, 2023, the following person has been designated as the Data Protection Officer and Grievance Officer:

Ms. Sheena Marwaha Data Protection Officer Tutelage Education Services Private Limited Ground Floor, C Block, HAFED Complex, Netaji Subhash Place, Wazir Pur, Delhi 110035, India Email: dpo@selfenabler.com Phone: +91 8882622000

You may also submit complaints to the Data Protection Board of India as constituted under the DPDP Act, 2023.

This Privacy Policy shall be governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and any rules made thereunder. Any disputes shall be subject to the exclusive jurisdiction of the courts in Delhi, India.