Explore our Programs!
Privacy Policy
1. INTRODUCTION AND COMMITMENT TO PRIVACY
Straightegy ("Company," "we," "us," or "our") is committed to protecting the privacy and personal data of all users of our digital educational platform at https://www.straightegy.com ("Platform") and our "Ready for the Real World" educational programs ("Services").
This Privacy Policy explains how we collect, use, process, store, and protect your personal information in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), Consumer Protection Act, 2019, Information Technology Act, 2000, and other applicable Indian laws.
By accessing or using our Platform and Services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with our privacy practices, please do not use our Platform or Services.
2. DEFINITIONS
For the purposes of this Privacy Policy:
"Personal Data" means any data about an individual who is directly or indirectly identifiable by or in relation to such data
"Sensitive Personal Data" includes passwords, financial information, health data, biometric information, and other data specified under applicable laws
"Child" or "Minor" means any individual under the age of 18 years
"Data Principal" means the individual to whom personal data relates
"Data Fiduciary" means any person (including Straightegy) who determines the purpose and means of processing personal data
"Processing" includes collection, recording, organization, structuring, storage, use, disclosure, and erasure of personal data
"Verifiable Parental Consent" means consent obtained from a parent or legal guardian through reliable verification methods
3. DATA CONTROLLER INFORMATION
Data Fiduciary Details:
Company Name: Straightegy
Registered Address: Faridabad, Haryana, India
Email: contact@straightegy.com
Grievance Officer: Available at grievance@straightegy.com
Data Protection Officer: Contact details provided upon appointment as required under DPDP Act
4. INFORMATION WE COLLECT
4.1 Personal Information Collected from Adults (18+ years)
For users 18 years and older, we collect:
Account Information: Full name, email address, phone number, date of birth
Educational Profile: Course preferences, learning objectives, educational background
Payment Information: Billing address, payment method details (processed securely through Razorpay)
Communication Data: Messages sent through our platform, customer service interactions
Technical Information: IP address, device information, browser type, operating system
4.2 Personal Information Collected from/About Children (Under 18)
For users under 18, we collect minimal necessary information only after obtaining verifiable parental consent:
Basic Profile: First name, age/grade level, general location (city/state)
Educational Progress: Course completion status, quiz scores, learning progress
Parent/Guardian Information: Name, email, phone number, relationship to child
Technical Data: Limited device information necessary for service provision
4.3 Parental/Guardian Information
For children's accounts, we collect from parents/guardians:
Identity Verification: Government-issued ID verification (Aadhaar OTP or equivalent)
Contact Information: Email, phone number, mailing address
Consent Records: Documentation of consent provided and any changes/withdrawals
Relationship Verification: Documentation establishing parental/guardian relationship
4.4 Information We Do NOT Collect from Children
In compliance with DPDP Act requirements, we do NOT collect from children:
Biometric Information: Fingerprints, voice recordings, facial recognition data
Location Tracking: Precise location data or GPS coordinates
Behavioral Tracking: Cross-site tracking, advertising profiles, or behavioral analytics
Social Media Integration: Data from social media platforms or third-party accounts
Financial Information: Direct payment information from children
5. HOW WE COLLECT INFORMATION
5.1 Direct Collection
Registration Forms: Information provided when creating accounts
Payment Processing: Information provided during course purchases
Customer Support: Information provided in support requests or communications
Surveys and Feedback: Voluntary responses to educational surveys
5.2 Automatic Collection (Limited and Transparent)
Platform Analytics: Course completion rates, time spent on lessons (aggregate only)
Technical Logs: Error logs, performance data for platform improvement
Security Monitoring: Access logs for account security purposes
5.3 Third-Party Sources (Limited and Disclosed)
Payment Processors: Transaction data from Razorpay for payment processing
Identity Verification: Aadhaar verification for parental consent compliance
5.4 Special Protections for Children's Data
For children's data collection, we implement:
No Tracking: Zero behavioral tracking or cross-platform data sharing
No Profiling: No creation of behavioral profiles or personality assessments
No Advertising: No collection of data for advertising or marketing purposes
Parental Control: Full parental access to all data collected about their child
6. LEGAL BASIS FOR PROCESSING
6.1 For Adult Users (18+ years)
We process personal data based on:
Consent: Explicit consent for marketing communications and non-essential processing
Contract Performance: Providing purchased educational services
Legitimate Interests: Platform improvement, fraud prevention, customer support
Legal Obligations: Compliance with Indian data protection and tax laws
6.2 For Children's Data (Under 18)
We process children's data only based on:
Verifiable Parental Consent: Primary legal basis for all processing
Educational Purpose: Direct provision of purchased educational services
Safety and Security: Protection of children from online harm
Legal Compliance: Meeting obligations under DPDP Act and consumer protection laws
6.3 Parental Consent Verification Process
To obtain verifiable parental consent, we:
Identity Verification: Verify parent/guardian identity through Aadhaar OTP
Relationship Confirmation: Confirm parental relationship through documentation
Informed Consent: Provide clear, simple explanation of data processing
Active Consent: Require positive action (not pre-checked boxes)
Consent Recording: Maintain records of consent with timestamps and verification details
Easy Withdrawal: Provide simple mechanisms for withdrawing consent
7. HOW WE USE INFORMATION
7.1 Primary Educational Purposes
Service Delivery: Providing access to purchased courses and educational materials
Progress Tracking: Monitoring learning progress for educational effectiveness
Parent Communication: Sending progress reports and educational insights to parents
Customer Support: Responding to questions and resolving technical issues
Skill Assessment: Providing situational judgment tests and learning evaluations
7.2 Platform Improvement (Aggregate Data Only)
Course Development: Improving educational content based on completion rates
Platform Enhancement: Technical improvements based on usage patterns
Quality Assurance: Ensuring courses meet educational effectiveness goals
Safety Improvements: Enhancing platform security and child safety measures
7.3 Legal and Security Purposes
Compliance: Meeting obligations under Indian data protection laws
Fraud Prevention: Detecting and preventing fraudulent account activity
Safety Protection: Protecting users from harmful content or activities
Record Keeping: Maintaining records required by law
7.4 Marketing and Communications (Adults Only)
For adult users who provide consent:
Educational Updates: Information about new courses and educational resources
Platform Improvements: Updates about new features and enhancements
Industry Insights: Sharing relevant digital safety news and insights
Referral Programs: Information about referral bonuses and family discounts
Important: We do NOT use children's data for any marketing, advertising, or commercial purposes beyond direct educational service provision.
8. INFORMATION SHARING AND DISCLOSURE
8.1 No Sale of Personal Data
We do not sell, rent, or trade any personal information to third parties. This commitment is absolute for all users, especially children.
8.2 Limited Sharing with Service Providers
We may share information with trusted service providers who assist us in operating our Platform:
Payment Processing:
Partner: Razorpay (PCI-DSS compliant)
Data Shared: Payment information, billing address
Purpose: Processing course payments
Protections: Secure encryption, limited access, contractual data protection obligations
Technical Infrastructure:
Partner: Wix (Platform hosting)
Data Shared: Account information necessary for platform functionality
Purpose: Website and learning management system operation
Protections: Data processing agreements, security certifications
Analytics (Aggregate Only):
Partner: Google Analytics (GA4)
Data Shared: Aggregate usage patterns, no individual identification
Purpose: Platform improvement and performance monitoring
Protections: IP anonymization, no personal profiling, aggregate reporting only
8.3 Legal Disclosure Requirements
We may disclose personal information when required by law:
Legal Proceedings: Court orders, subpoenas, or legal process
Regulatory Compliance: Requirements from Data Protection Board of India
Child Safety: Reporting suspected child abuse to appropriate authorities
National Security: Lawful requests from government agencies
8.4 Special Protections for Children's Data
Children's data is subject to enhanced protection:
No Third-Party Sharing: Zero sharing with advertisers, marketers, or data brokers
Educational Partners Only: Sharing limited to direct educational service provision
Parental Notification: Parents notified of any required legal disclosures
Minimal Disclosure: Only the minimum necessary information disclosed
9. DATA SECURITY AND PROTECTION
9.1 Technical Safeguards
We implement industry-standard security measures:
Access Controls: Multi-factor authentication and role-based access
Network Security: Firewalls, intrusion detection systems, and security monitoring
Regular Updates: Timely security patches and system updates
Vulnerability Testing: Regular security audits and penetration testing
9.2 Organizational Safeguards
Staff Training: Regular privacy and security training for all employees
Access Limitation: Access to personal data limited to authorized personnel only
Confidentiality Agreements: All staff bound by strict confidentiality obligations
Incident Response: Established procedures for handling security breaches
Regular Audits: Periodic reviews of security practices and procedures
9.3 Enhanced Security for Children's Data
Children's data receives additional protection:
Segregated Storage: Children's data stored in separate, more secure systems
Limited Access: Stricter access controls for children's information
Parental Monitoring: Parents can monitor all access to their child's data
Automatic Deletion: Systematic deletion of unnecessary children's data
Breach Notification: Immediate notification to parents of any security incidents
9.4 Data Breach Response
In the event of a data breach:
Immediate Assessment: Rapid evaluation of breach scope and impact
Authority Notification: Report to Data Protection Board within 72 hours
User Notification: Notify affected users without unreasonable delay
Parental Priority: Immediate notification to parents if children's data affected
Remedial Action: Implement measures to prevent future breaches
Support Services: Provide support and guidance to affected users
10. DATA RETENTION AND DELETION
10.1 General Retention Policy
We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy:
Active Accounts: Data retained while account remains active and for educational purposes
Inactive Accounts: Data deleted after 2 years of inactivity (subject to legal requirements)
Payment Records: Financial records retained for 7 years as required by Indian tax law
Support Records: Customer service interactions retained for 3 years
10.2 Children's Data Retention
Children's data is subject to stricter retention limits:
Active Use Period: Data retained only while child uses courses
Post-Completion: Educational progress data deleted 6 months after course completion
Consent Withdrawal: All children's data deleted within 30 days of consent withdrawal
Age Transition: Review and potential deletion when child reaches 18 years
Regular Review: Quarterly review of necessity for retaining children's data
10.3 Data Deletion Process
When data is deleted:
Secure Deletion: Data permanently deleted using secure deletion methods
Backup Removal: Data removed from all backups and archive systems
Third-Party Notification: Service providers notified to delete shared data
Confirmation: Deletion confirmation provided to users upon request
Log Maintenance: Deletion activities logged for audit purposes
11. YOUR RIGHTS UNDER DPDP ACT 2023
11.1 Rights for All Users
Under the DPDP Act, you have the following rights:
Right to Information: Know what personal data we collect, why we collect it, and how we use it
Right of Access: Obtain a copy of your personal data we hold
Right to Correction: Correct inaccurate or incomplete personal data
Right to Erasure: Request deletion of your personal data
Right to Nominate: Nominate another person to exercise rights on your behalf
11.2 Enhanced Rights for Children's Data
Parents/guardians have additional rights regarding their children's data:
Right to Monitor: Access all information about their child's data processing
Right to Control: Make decisions about their child's data processing
Right to Consent Withdrawal: Withdraw consent at any time with immediate effect
Right to Education: Receive clear explanations about data processing in simple language
Right to Complaint: File complaints with Data Protection Board about children's data handling
11.3 How to Exercise Your Rights
To exercise your rights:
Contact Us: Email our Grievance Officer at grievance@straightegy.com
Identity Verification: Verify your identity for security purposes
Specify Request: Clearly state which right you want to exercise
Response Timeline: We will respond within 30 days (faster for urgent requests)
No Charges: Most requests are processed free of charge
Appeal Process: You can appeal our decisions or complaint to regulatory authorities
12. PARENTAL CONTROLS AND CHILDREN'S PRIVACY
12.1 Parental Rights and Responsibilities
Parents and legal guardians have comprehensive control over their children's data:
Consent Management: Full control over giving, modifying, or withdrawing consent
Data Access: Access to all information collected about their child
Profile Management: Ability to update or correct their child's information
Communication Control: Choose how and when we communicate about their child's progress
Account Supervision: Supervise their child's use of our educational services
12.2 Age Verification and Parental Consent Process
Our robust process for handling children's accounts:
Step 1 - Age Detection: During registration, we ask for age/date of birth
Step 2 - Parental Account: If under 18, we redirect to parent/guardian registration
Step 3 - Identity Verification: Parent verifies identity through Aadhaar OTP
Step 4 - Relationship Confirmation: Establish parental/guardian relationship
Step 5 - Informed Consent: Provide clear information about data processing
Step 6 - Active Consent: Parent actively consents to specific data processing
Step 7 - Consent Recording: Record consent with full audit trail
Step 8 - Ongoing Monitoring: Regular consent review and renewal opportunities
12.3 Child-Friendly Privacy Measures
We design our services with children's privacy in mind:
Simple Language: All privacy information explained in age-appropriate language
Visual Indicators: Clear icons and symbols showing privacy settings
Default Protection: Strongest privacy settings enabled by default
No Tracking: Zero behavioral tracking or cross-platform data sharing
Educational Focus: All data processing limited to educational purposes
Safe Environment: Content and interactions designed for child safety
12.4 What We Don't Do with Children's Data
We make absolute commitments regarding children's data:
No Advertising: Zero advertising targeting based on children's data
No Profiling: No creation of behavioral or personality profiles
No Selling: Never sell or monetize children's personal information
No Social Sharing: No integration with social media platforms
No Location Tracking: No collection of precise location information
No Biometrics: No collection of biometric data of any kind
13. COOKIES AND TRACKING TECHNOLOGIES
13.1 Types of Cookies We Use
We use limited cookies for essential platform functionality:
Essential Cookies (Cannot be disabled):
Session management for logged-in users
Security tokens for fraud prevention
Load balancing for platform performance
Language preferences and accessibility settings
Analytics Cookies (Can be disabled):
Google Analytics for aggregate platform usage
Performance monitoring for technical improvements
Error logging for platform stability
13.2 Children's Cookie Policy
For users under 18:
No Tracking Cookies: Zero behavioral tracking cookies
No Advertising Cookies: No advertising or marketing cookies
Essential Only: Only cookies necessary for educational service delivery
Parental Control: Parents can control cookie preferences for their child
13.3 Cookie Management
You can control cookies through:
Browser Settings: Configure cookie preferences in your web browser
Platform Settings: Manage non-essential cookies through your account settings
Opt-Out Links: Use provided opt-out mechanisms for analytics services
Parental Controls: Parents can manage cookie settings for their children's accounts
14. INTERNATIONAL DATA TRANSFERS
14.1 Data Localization Commitment
We prioritize keeping Indian users' data within India:
Primary Storage: All personal data stored on servers located in India
Educational Content: Course materials hosted on Indian infrastructure
Payment Processing: Payment data processed through Indian payment systems
Customer Support: Support data handled within Indian customer service centers
14.2 Limited International Transfers
In rare cases, data may be transferred internationally for:
Technical Support: Emergency technical assistance from global service providers
Security Services: Cybersecurity monitoring and threat detection services
Legal Compliance: Compliance with international legal requirements
14.3 Transfer Safeguards
When international transfers are necessary:
Adequacy Assessment: Transfers only to countries with adequate data protection
Contractual Protections: Standard contractual clauses for data protection
User Notification: Advance notice to users about international transfers
Parental Approval: Additional parental consent for children's data transfers
14.4 Data Sovereignty
We respect Indian data sovereignty principles:
Government Access: Indian authorities have appropriate access to Indian users' data
Legal Jurisdiction: All data processing subject to Indian law
Regulatory Cooperation: Full cooperation with Indian data protection authorities
National Security: Compliance with Indian national security requirements
15. MARKETING AND COMMUNICATIONS
15.1 Marketing to Adults
For users 18 and older who provide consent:
Educational Updates: Information about new courses and learning resources
Platform News: Updates about new features and improvements
Industry Insights: Digital safety trends and educational insights
Special Offers: Course discounts and family bundle offers
Referral Programs: Information about earning referral bonuses
15.2 Parental Communications
For parents of child users:
Progress Reports: Weekly updates about their child's learning progress
Educational Insights: Tips for supporting their child's digital safety learning
Platform Updates: Information about new features affecting their child's experience
Safety Alerts: Important information about digital safety for families
Course Completions: Notifications about milestones and achievements
15.3 Strict No-Marketing Policy for Children
We absolutely do not:
Send marketing communications directly to children (minors)
Use children's data for advertising targeting
Share children's information with marketing partners
Create marketing profiles based on children's behavior
Target children with promotional content of any kind
15.4 Communication Preferences
All users can control communications:
Opt-In Required: Marketing communications require explicit opt-in consent
Control: Choose specific types of communications to receive
Easy Unsubscribe: Simple one-click unsubscribe options
Parental Override: Parents can control all communications regarding their child
Preference Center: Comprehensive communication preference management
16. THIRD-PARTY LINKS AND SERVICES
16.1 Educational Resource Links
Our courses may include links to external educational resources:
Curated Content: All links reviewed for educational value and safety
No Data Sharing: We do not share personal data with linked sites
Parental Awareness: Parents notified about external resources in courses
Child Protection: Extra caution exercised for links in children's courses
16.2 Third-Party Privacy Policies
When you visit third-party sites:
Independent Policies: Third-party sites have their own privacy policies
User Responsibility: Review third-party privacy policies before sharing data
No Liability: We are not responsible for third-party privacy practices
Child Guidance: Children instructed to consult parents before using external sites
16.3 Service Provider Integration
We work with limited service providers:
Data Processing Agreements: All service providers bound by strict data protection terms
Regular Audits: Periodic reviews of service provider security and privacy practices
Minimal Data Sharing: Only essential data shared for specific services
Termination Rights: Ability to terminate relationships for privacy violations
17. BUSINESS TRANSFERS AND CHANGES
17.1 Business Ownership Changes
In the event of business merger, acquisition, or sale:
User Notification: Advance notice of any ownership changes
Privacy Continuity: Successor entity bound by this Privacy Policy
Consent Requirement: New consent required for material changes to data processing
Data Protection Standards: Maintain or improve current privacy protections
17.2 Service Changes
If we make significant changes to our Services:
Impact Assessment: Evaluate privacy impact of service changes
User Communication: Clear explanation of how changes affect privacy
Opt-Out Options: Ability to discontinue service if uncomfortable with changes
Enhanced Protection: Changes will not reduce privacy protections for children
17.3 Special Protections for Children's Data
In any business transition:
Enhanced Scrutiny: Extra evaluation of children's data handling by successor
Parental Notification: Direct notification to parents about business changes
Consent Renewal: Opportunity for parents to withdraw consent during transition
Data Deletion Option: Option to delete children's data rather than transfer
18. COMPLAINT AND GRIEVANCE PROCEDURE
18.1 Internal Complaint Process
If you have privacy concerns:
Step 1 - Direct Contact: Email our Grievance Officer at grievance@straightegy.com
Step 2 - Acknowledgment: We acknowledge complaints within 48 hours
Step 3 - Investigation: Thorough investigation of your concerns within 15 days
Step 4 - Resolution: Provide resolution or explanation within 30 days
Step 5 - Follow-up: Ensure your satisfaction with the resolution
18.2 Regulatory Complaints
You have the right to complain to regulatory authorities:
Data Protection Board of India: Primary regulatory authority for data protection complaints
Consumer Forums: Consumer Protection Act complaints for service-related issues
State Consumer Commissions: State-level consumer protection authorities
Cyber Crime Cells: For data security and cyber crime related complaints
18.3 Special Support for Children's Privacy Issues
For complaints about children's data:
Priority Handling: Children's privacy complaints receive highest priority
Parental Support: Dedicated support for parents filing complaints
Child-Friendly Explanation: Age-appropriate explanations of complaint resolution
Educational Opportunity: Use complaints to improve our children's privacy practices
19. UPDATES TO THIS PRIVACY POLICY
19.1 Policy Updates
We may update this Privacy Policy to reflect:
Changes in applicable laws and regulations
New features or services offered
Improvements to our privacy practices
Feedback from users and regulatory authorities
19.2 Notification Process
When we update this Privacy Policy:
Advance Notice: 30 days notice for material changes
Multiple Channels: Notification via email, platform notice, and website posting
Clear Explanation: Summary of key changes and their impact
Version Control: Clear versioning and effective date information
19.3 Consent for Changes
For material changes affecting data processing:
Active Consent: Require positive action to continue using services
Opt-Out Rights: Ability to discontinue service if uncomfortable with changes
Granular Consent: Option to consent to some changes but not others
Parental Re-Consent: New parental consent required for changes affecting children
19.4 Historical Versions
Archive Maintenance: Previous versions of Privacy Policy archived and available
Transparency: Clear record of how our privacy practices have evolved
User Access: Users can review previous versions upon request
20. CONTACT INFORMATION AND SUPPORT
20.1 Privacy-Related Contacts
General Privacy Questions:
Email: contact@straightegy.com
Subject Line: "Privacy Policy Question"
Typical Response Time: Within 48 hours
Grievance Officer:
Contact: Available at grievance@straightegy.com
Role: Handling complaints and privacy concerns
Languages: English and Hindi support available
Data Protection Officer (when appointed as required):
Contact: To be provided upon appointment
Role: Ensuring DPDP Act compliance
Direct Access: Available for serious privacy concerns
20.2 Children's Privacy Support
For Parents/Guardians:
Dedicated email: contact@straightegy.com (Subject: "Children's Privacy")
Phone Support: Available during business hours
Priority Response: Within 24 hours for children's privacy issues
Parental Consent Support:
Technical assistance with consent process
Clarification about data processing for children
Support for withdrawing or modifying consent
Help with accessing children's data
20.3 Emergency Contacts
For urgent privacy or security concerns:
Security Incidents: Immediate email to contact@straightegy.com
Data Breaches: 24/7 incident response team activation
Child Safety Issues: Immediate escalation to appropriate authorities
Legal Emergencies: Direct contact with our legal team
20.4 Language Support
We provide privacy support in:
English: Full support in English language
21. COMPLIANCE CERTIFICATIONS AND STANDARDS
21.1 Legal Compliance
This Privacy Policy ensures compliance with:
Digital Personal Data Protection Act, 2023: Full compliance with India's primary data protection law
Consumer Protection Act, 2019: Consumer rights and grievance procedures
Information Technology Act, 2000: Cyber security and data protection provisions
Consumer Protection (E-commerce) Rules, 2020: E-commerce platform obligations
21.2 International Standards Alignment
While primarily governed by Indian law, we align with international best practices:
GDPR Principles: European data protection principles for global users
COPPA Compliance: US Children's Online Privacy Protection Act principles
ISO 27001: International security management standards
NIST Framework: US National Institute of Standards and Technology cybersecurity framework
21.3 Regular Audits and Assessments
We conduct regular assessments to ensure compliance:
Annual Privacy Audit: Comprehensive review of privacy practices
Quarterly Children's Data Review: Special focus on children's data protection
Security Assessments: Regular penetration testing and vulnerability assessments
Legal Updates Review: Quarterly review of changing legal requirements
22. ACKNOWLEDGMENT AND CONSENT
By using our Platform and Services, you acknowledge that:
You have read and understood this Privacy Policy in its entirety
You agree to the collection, use, and processing of your personal data as described
You understand your rights under applicable Indian data protection laws
You know how to contact us with questions or concerns about your privacy
For children's accounts, parents/guardians have provided verifiable consent as required by law
For Parents/Guardians of Children:
By providing consent for your child's use of our Services, you confirm that:
You have the legal authority to make decisions about your child's personal data
You understand how we collect, use, and protect your child's information
You agree to supervise your child's use of our educational platform
You understand your ongoing rights and responsibilities regarding your child's data
Educational Disclaimer: "Educational content only. This program builds your skills in recognition, verification, decision-making, and critical thinking across digital, social, emotional, and academic contexts. Consult a trusted adult or appropriate authority for help with real-life situations."
© 2025 Straightegy. All rights reserved.
This Privacy Policy is effective as of September 16, 2025, and complies with the Digital Personal Data Protection Act, 2023, and other applicable Indian privacy and consumer protection laws.