AIQuity Life — Privacy Policy

Effective Date: 26 May 2026
Entity: KalpaNest Technologies Private Limited
Registered Office: WeWork Prestige Cube, Laskar Hosur Road, Adugodi, Koramangala, Bengaluru, Karnataka 560030, India
Data Protection Officer: dpo@aiquitylife.com
Contact: reach@aiquitylife.com

1. Scope and Application

This Privacy Policy applies to all personal data collected through the AIQuity Life platform (web application, mobile clients, APIs), including data from registered users, anonymous visitors, and users of our free tier.

We process data in accordance with:

The Digital Personal Data Protection Act 2023 (India)
The Information Technology Act 2000 and its Rules
The General Data Protection Regulation (EU) 2016/679 where applicable to users in the EEA/UK
Applicable consumer protection and data localisation laws

2. Data We Collect

2.1 Data You Provide Directly

| Category | Examples | Purpose | |----------|----------|---------| | Identity Data | Full name, email, profile photo, date of birth | Account creation, age verification | | Authentication Data | Password hash, OAuth tokens, 2FA seed | Account security | | Payment Data | Billing address, payment method tokens (no full card numbers stored) | Subscription processing | | Profile Data | Learning goals, interests, educational background, preferred language | Personalisation | | Communication Data | Support tickets, feedback, emails to us | Customer support, product improvement |

2.2 Data Generated Through Your Use

| Category | Examples | Purpose | |----------|----------|---------| | Learning Activity Data | Courses started/completed, playground interactions (drag/drop events, configuration choices, time per step), exercise attempts and answers, micro-loop progression, mastery scores | Adaptive difficulty, progress tracking, curriculum improvement | | AI Interaction Data | Queries to Juggernaut, AI responses, feedback ratings (thumbs up/down), conversation context | Providing AI guidance, improving response quality | | Assessment Data | Quiz results, practice scores, spaced-repetition intervals, error patterns | Personalised review scheduling, weakness detection | | Creator Data | Apps/agents/workflows you build using Chakra tools, configurations, outputs | Providing creator features, usage analytics | | Device & Technical Data | IP address, browser type/version, OS, screen resolution, device identifiers, timezone | Security, bug detection, responsive design | | Usage Analytics | Pages visited, feature usage frequency, session duration, navigation paths, click/scroll heatmaps (anonymised) | Product improvement, UX research |

2.3 Data from Third Parties

| Source | Data | Purpose | |--------|------|---------| | OAuth providers (Google, GitHub) | Name, email, avatar | Simplified sign-up | | Payment processors (Razorpay/Stripe) | Transaction status, payment confirmation | Subscription management | | Error tracking (Sentry) | Crash reports with device context | Bug fixes |

2.4 Sensitive Data We Do NOT Collect

We do not collect: government ID numbers, biometric data, health records, caste/religion/political affiliation, sexual orientation, precise geolocation, or financial account credentials.

3. How We Use Your Data

3.1 Core Service Delivery (Legal basis: Contract)

Creating and maintaining your account
Delivering adaptive learning experiences calibrated to your skill level
Running the Juggernaut AI companion with your conversation context
Processing payments and managing subscriptions
Saving and syncing your learning progress across devices
Generating your progress analytics dashboards

3.2 Personalisation (Legal basis: Legitimate interest / Consent)

Recommending courses and topics based on your learning history
Adjusting exercise difficulty using your performance patterns
Scheduling spaced-repetition reviews at optimal intervals
Tailoring Juggernaut's explanation depth to your demonstrated understanding

3.3 Platform Improvement (Legal basis: Legitimate interest)

Analysing aggregated, anonymised learning patterns to improve curriculum design
Identifying which exercises are too easy/hard based on cohort performance
A/B testing new features and UI improvements
Monitoring system performance and uptime

3.4 AI Model Improvement (Legal basis: Consent — opt-out available)

Using anonymised interaction patterns to fine-tune Juggernaut's explanations
Improving the adaptive difficulty algorithm based on cohort data
No individual user is identifiable in training data
You can opt out at Settings → Privacy → AI Training Contributions without losing service access

3.5 Safety and Security (Legal basis: Legitimate interest / Legal obligation)

Detecting fraud, abuse, and Terms of Service violations
Preventing automated scraping and content theft
Responding to legal requests from courts or regulators
Enforcing account security (suspicious login detection, rate limiting)

3.6 Communication (Legal basis: Contract / Consent)

Transactional emails (password reset, payment confirmation, subscription alerts)
Learning milestone notifications (course completion, streak achievements)
Product updates and feature announcements (opt-out available)
Marketing communications (consent-based only, opt-out at any time)

4. Data Sharing

4.1 We Share Data With:

| Recipient | What | Why | Safeguards | |-----------|------|-----|------------| | Payment processors (Razorpay, Stripe) | Payment tokens, billing address | Process transactions | PCI-DSS Level 1 certified | | Cloud infrastructure (AWS/GCP) | All platform data | Hosting and computation | Data processing agreements, encryption at rest | | Email service (Resend/Postmark) | Email address, name | Transactional & marketing emails | Data processing agreement | | Error tracking (Sentry) | Technical crash context | Bug identification | No PII in crash reports | | Analytics (PostHog, self-hosted) | Anonymised usage events | Product improvement | Self-hosted instance, no third-party access |

4.2 We Do NOT:

Sell your personal data to anyone, ever.
Share your learning progress, scores, or performance with schools, employers, or educational institutions — unless YOU explicitly request it (e.g., share a completion certificate).
Provide data to advertising networks. We do not run ads.
Share identifiable data with AI model training by third parties.

4.3 Legal Disclosure

We may disclose data when required by:

Valid court orders or legal process under Indian law
Mandatory reporting obligations
Protection of our legal rights or safety of users
Law enforcement requests (we will notify you unless legally prohibited)

4.4 Business Transfer

In the event of a merger, acquisition, or asset sale, your data may transfer to the successor entity. We will notify you at least 30 days in advance and give you the option to delete your account before transfer.

5. Data Retention

| Data Type | Retention Period | Rationale | |-----------|-----------------|-----------| | Account identity | Duration of account + 30 days | Service delivery | | Learning progress | Duration of account + 30 days export window after deletion | Continuity; data export right | | AI conversation history | 90 days rolling (you can delete anytime) | Context for ongoing conversations | | Payment records | 7 years after transaction | Indian tax compliance (GST Act) | | Security logs (IP, login events) | 180 days | Fraud detection, security audit | | Anonymised analytics | Indefinite | Product improvement (non-personal) | | Support tickets | 3 years after resolution | Quality assurance, legal reference | | Deleted account data | Purged within 30 days of deletion request | Right to erasure |

6. Your Rights

6.1 All Users Have the Right To:

| Right | How to Exercise | |-------|-----------------| | Access — obtain a copy of all data we hold about you | Settings → Privacy → Download My Data (automated, JSON/CSV export) | | Correction — fix inaccurate personal data | Settings → Profile (self-service) or email reach@aiquitylife.com | | Deletion — erase your personal data | Settings → Account → Delete Account (irreversible after 30-day grace period) | | Portability — receive your data in a machine-readable format | Settings → Privacy → Download My Data | | Restrict Processing — limit how we use your data | Email dpo@aiquitylife.com with specific request | | Object — object to processing based on legitimate interest | Email dpo@aiquitylife.com | | Withdraw Consent — revoke any consent-based processing | Settings → Privacy → Manage Consents (immediate effect, no penalty) | | Opt out of AI training — exclude your data from model improvement | Settings → Privacy → AI Training Contributions (toggle off) |

6.2 Response Times

Automated requests (data export, deletion): processed within 30 days.
Manual requests: acknowledged within 48 hours, resolved within 30 days.
Complex requests may take up to 60 days with advance notice.
We may verify your identity before processing any request to prevent unauthorized data access.

6.3 No Penalty for Exercising Rights

Exercising any privacy right will never result in degraded service, account penalty, or discrimination. Some features that require specific data (e.g., adaptive recommendations require learning history) will simply not function if that data is deleted.

7. Cookies and Tracking

7.1 Cookie Categories

| Category | Examples | Can You Disable? | |----------|----------|------------------| | Strictly Necessary | Session token, CSRF protection, auth state | No — required for security | | Functional | Theme preference, language, last-visited course | Yes — via cookie banner | | Analytics | PostHog session recording (self-hosted), page views | Yes — via cookie banner |

7.2 What We Don't Use

No advertising cookies or tracking pixels
No cross-site tracking
No fingerprinting
No data broker integrations

7.3 Managing Cookies

A cookie consent banner appears on first visit. You can modify preferences at any time from Settings → Privacy → Cookie Preferences, or by clearing cookies in your browser.

8. Data Security

8.1 Technical Measures

Encryption in transit: TLS 1.3 for all connections
Encryption at rest: AES-256 for databases and backups
Access control: Role-based access with principle of least privilege; production data access requires MFA and audit trail
Infrastructure: Hosted on SOC 2 Type II certified cloud providers
Password storage: bcrypt with per-user salt (minimum 12 rounds)
API security: Rate limiting, input validation, OWASP Top 10 mitigations

8.2 Organisational Measures

Annual security audits and penetration testing
Employee background checks and confidentiality agreements
Security awareness training for all staff
Incident response plan with defined escalation procedures
Minimum necessary access — engineers cannot access production user data without logged justification

8.3 Breach Notification

In the event of a personal data breach:

We will notify affected users within 72 hours of confirming the breach (or as soon as reasonably practicable where law enforcement requests a delay)
We will notify the relevant Data Protection Authority as required by law
Notification will include: nature of breach, data affected, remedial actions taken, steps you should take
We maintain cyber insurance to cover breach-related costs

9. Children's Privacy

9.1 AIQuity Life is open to learners aged 13 and above. Users aged 13–17 require parental/guardian consent.

9.2 For minor accounts, we apply additional protections:

Restricted data collection (no analytics cookies, no AI training opt-in)
No public profiles or social features
Parent/guardian dashboard with full visibility into child's learning data
Parent/guardian can delete account at any time

9.3 If we learn that we have collected data from a child under 13 without proper consent, we will delete it within 48 hours of discovery.

9.4 Parents/guardians may contact dpo@aiquitylife.com for any concerns about their child's data.

10. International Transfers

10.1 Our primary infrastructure is hosted in India (Mumbai region). Some processing may occur in other regions for redundancy and performance.

10.2 For users in the EEA/UK, transfers outside the EEA rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Additional technical measures (encryption, pseudonymisation)

10.3 You may request information about the specific safeguards applied to your data by contacting dpo@aiquitylife.com.

11. Automated Decision-Making

11.1 Our Platform uses automated systems for:

Adaptive difficulty adjustment (determines which exercises you see next)
Content recommendations (suggests courses based on your history)
Spaced repetition scheduling (determines review timing)
Fraud detection (may restrict account access if suspicious activity detected)

11.2 These automated decisions are based solely on your learning interaction data. None produce legal or similarly significant effects. You can always override recommendations manually.

11.3 If automated fraud detection restricts your account, you have the right to human review by contacting reach@aiquitylife.com.

12. Changes to This Policy

12.1 We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.

12.2 Material changes (new data categories, new sharing partners, new purposes) will be communicated via email and in-app notification at least 15 days before taking effect.

12.3 Non-material changes (clarifications, formatting) take effect upon posting.

12.4 Previous versions of this policy are available upon written request to dpo@aiquitylife.com.

13. Contact and Complaints

Data Protection Officer
Email: dpo@aiquitylife.com

General Privacy Inquiries
Email: reach@aiquitylife.com

Grievance Officer (under IT Act 2000, Rule 5(9))
Email: grievance@aiquitylife.com
Response: Acknowledged within 48 hours, resolved within 15 days.

Regulatory Complaint
If you are unsatisfied with our response, you may lodge a complaint with the Data Protection Board of India (once constituted under DPDP Act 2023) or your local data protection authority.

KalpaNest Technologies Private Limited
WeWork Prestige Cube, Laskar Hosur Road, Adugodi, Koramangala
Bengaluru, Karnataka 560030, India

By using AIQuity Life, you acknowledge that you have read and understood this Privacy Policy.

AIQuity Life — Privacy Policy

1. Scope and Application

We process data in accordance with:

The Digital Personal Data Protection Act 2023 (India)
The Information Technology Act 2000 and its Rules
The General Data Protection Regulation (EU) 2016/679 where applicable to users in the EEA/UK
Applicable consumer protection and data localisation laws

2. Data We Collect

2.1 Data You Provide Directly

2.2 Data Generated Through Your Use

2.3 Data from Third Parties

2.4 Sensitive Data We Do NOT Collect

We do not collect: government ID numbers, biometric data, health records, caste/religion/political affiliation, sexual orientation, precise geolocation, or financial account credentials.

3. How We Use Your Data

3.1 Core Service Delivery (Legal basis: Contract)

Creating and maintaining your account
Delivering adaptive learning experiences calibrated to your skill level
Running the Juggernaut AI companion with your conversation context
Processing payments and managing subscriptions
Saving and syncing your learning progress across devices
Generating your progress analytics dashboards

3.2 Personalisation (Legal basis: Legitimate interest / Consent)

Recommending courses and topics based on your learning history
Adjusting exercise difficulty using your performance patterns
Scheduling spaced-repetition reviews at optimal intervals
Tailoring Juggernaut's explanation depth to your demonstrated understanding

3.3 Platform Improvement (Legal basis: Legitimate interest)

Analysing aggregated, anonymised learning patterns to improve curriculum design
Identifying which exercises are too easy/hard based on cohort performance
A/B testing new features and UI improvements
Monitoring system performance and uptime

3.4 AI Model Improvement (Legal basis: Consent — opt-out available)

Using anonymised interaction patterns to fine-tune Juggernaut's explanations
Improving the adaptive difficulty algorithm based on cohort data
No individual user is identifiable in training data
You can opt out at Settings → Privacy → AI Training Contributions without losing service access

3.5 Safety and Security (Legal basis: Legitimate interest / Legal obligation)

Detecting fraud, abuse, and Terms of Service violations
Preventing automated scraping and content theft
Responding to legal requests from courts or regulators
Enforcing account security (suspicious login detection, rate limiting)

3.6 Communication (Legal basis: Contract / Consent)

Transactional emails (password reset, payment confirmation, subscription alerts)
Learning milestone notifications (course completion, streak achievements)
Product updates and feature announcements (opt-out available)
Marketing communications (consent-based only, opt-out at any time)

4. Data Sharing

4.1 We Share Data With:

4.2 We Do NOT:

Sell your personal data to anyone, ever.
Share your learning progress, scores, or performance with schools, employers, or educational institutions — unless YOU explicitly request it (e.g., share a completion certificate).
Provide data to advertising networks. We do not run ads.
Share identifiable data with AI model training by third parties.

4.3 Legal Disclosure

We may disclose data when required by:

Valid court orders or legal process under Indian law
Mandatory reporting obligations
Protection of our legal rights or safety of users
Law enforcement requests (we will notify you unless legally prohibited)

4.4 Business Transfer

5. Data Retention

6. Your Rights

6.1 All Users Have the Right To:

6.2 Response Times

Automated requests (data export, deletion): processed within 30 days.
Manual requests: acknowledged within 48 hours, resolved within 30 days.
Complex requests may take up to 60 days with advance notice.
We may verify your identity before processing any request to prevent unauthorized data access.

6.3 No Penalty for Exercising Rights

7. Cookies and Tracking

7.1 Cookie Categories

7.2 What We Don't Use

No advertising cookies or tracking pixels
No cross-site tracking
No fingerprinting
No data broker integrations

7.3 Managing Cookies

A cookie consent banner appears on first visit. You can modify preferences at any time from Settings → Privacy → Cookie Preferences, or by clearing cookies in your browser.

8. Data Security

8.1 Technical Measures

Encryption in transit: TLS 1.3 for all connections
Encryption at rest: AES-256 for databases and backups
Access control: Role-based access with principle of least privilege; production data access requires MFA and audit trail
Infrastructure: Hosted on SOC 2 Type II certified cloud providers
Password storage: bcrypt with per-user salt (minimum 12 rounds)
API security: Rate limiting, input validation, OWASP Top 10 mitigations

8.2 Organisational Measures

Annual security audits and penetration testing
Employee background checks and confidentiality agreements
Security awareness training for all staff
Incident response plan with defined escalation procedures
Minimum necessary access — engineers cannot access production user data without logged justification

8.3 Breach Notification

In the event of a personal data breach:

We will notify affected users within 72 hours of confirming the breach (or as soon as reasonably practicable where law enforcement requests a delay)
We will notify the relevant Data Protection Authority as required by law
Notification will include: nature of breach, data affected, remedial actions taken, steps you should take
We maintain cyber insurance to cover breach-related costs

9. Children's Privacy

9.1 AIQuity Life is open to learners aged 13 and above. Users aged 13–17 require parental/guardian consent.

9.2 For minor accounts, we apply additional protections:

Restricted data collection (no analytics cookies, no AI training opt-in)
No public profiles or social features
Parent/guardian dashboard with full visibility into child's learning data
Parent/guardian can delete account at any time

9.3 If we learn that we have collected data from a child under 13 without proper consent, we will delete it within 48 hours of discovery.

9.4 Parents/guardians may contact dpo@aiquitylife.com for any concerns about their child's data.

10. International Transfers

10.1 Our primary infrastructure is hosted in India (Mumbai region). Some processing may occur in other regions for redundancy and performance.

10.2 For users in the EEA/UK, transfers outside the EEA rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Additional technical measures (encryption, pseudonymisation)

10.3 You may request information about the specific safeguards applied to your data by contacting dpo@aiquitylife.com.

11. Automated Decision-Making

11.1 Our Platform uses automated systems for:

Adaptive difficulty adjustment (determines which exercises you see next)
Content recommendations (suggests courses based on your history)
Spaced repetition scheduling (determines review timing)
Fraud detection (may restrict account access if suspicious activity detected)

11.2 These automated decisions are based solely on your learning interaction data. None produce legal or similarly significant effects. You can always override recommendations manually.

11.3 If automated fraud detection restricts your account, you have the right to human review by contacting reach@aiquitylife.com.

12. Changes to This Policy

12.1 We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.

12.2 Material changes (new data categories, new sharing partners, new purposes) will be communicated via email and in-app notification at least 15 days before taking effect.

12.3 Non-material changes (clarifications, formatting) take effect upon posting.

12.4 Previous versions of this policy are available upon written request to dpo@aiquitylife.com.

13. Contact and Complaints

Data Protection Officer
Email: dpo@aiquitylife.com

General Privacy Inquiries
Email: reach@aiquitylife.com

Grievance Officer (under IT Act 2000, Rule 5(9))
Email: grievance@aiquitylife.com
Response: Acknowledged within 48 hours, resolved within 15 days.

KalpaNest Technologies Private Limited
WeWork Prestige Cube, Laskar Hosur Road, Adugodi, Koramangala
Bengaluru, Karnataka 560030, India

By using AIQuity Life, you acknowledge that you have read and understood this Privacy Policy.

Privacy Policy

Data Protection

Information Security

Your Rights

Cookie Policy

AIQuity Life — Privacy Policy

1. Scope and Application

2. Data We Collect

2.1 Data You Provide Directly

2.2 Data Generated Through Your Use

2.3 Data from Third Parties

2.4 Sensitive Data We Do NOT Collect

3. How We Use Your Data

3.1 Core Service Delivery (Legal basis: Contract)

3.2 Personalisation (Legal basis: Legitimate interest / Consent)

3.3 Platform Improvement (Legal basis: Legitimate interest)

3.4 AI Model Improvement (Legal basis: Consent — opt-out available)

3.5 Safety and Security (Legal basis: Legitimate interest / Legal obligation)

3.6 Communication (Legal basis: Contract / Consent)

4. Data Sharing

4.1 We Share Data With:

4.2 We Do NOT:

4.3 Legal Disclosure

4.4 Business Transfer

5. Data Retention

6. Your Rights

6.1 All Users Have the Right To:

6.2 Response Times

6.3 No Penalty for Exercising Rights

7. Cookies and Tracking

7.1 Cookie Categories

7.2 What We Don't Use

7.3 Managing Cookies

8. Data Security

8.1 Technical Measures

8.2 Organisational Measures

8.3 Breach Notification

9. Children's Privacy

10. International Transfers

11. Automated Decision-Making

12. Changes to This Policy

13. Contact and Complaints

Privacy Policy

Data Protection

Information Security

Your Rights

Cookie Policy

AIQuity Life — Privacy Policy

1. Scope and Application

2. Data We Collect

2.1 Data You Provide Directly

2.2 Data Generated Through Your Use

2.3 Data from Third Parties

2.4 Sensitive Data We Do NOT Collect

3. How We Use Your Data

3.1 Core Service Delivery (Legal basis: Contract)

3.2 Personalisation (Legal basis: Legitimate interest / Consent)

3.3 Platform Improvement (Legal basis: Legitimate interest)

3.4 AI Model Improvement (Legal basis: Consent — opt-out available)

3.5 Safety and Security (Legal basis: Legitimate interest / Legal obligation)

3.6 Communication (Legal basis: Contract / Consent)

4. Data Sharing

4.1 We Share Data With:

4.2 We Do NOT:

4.3 Legal Disclosure

4.4 Business Transfer

5. Data Retention

6. Your Rights

6.1 All Users Have the Right To:

6.2 Response Times

6.3 No Penalty for Exercising Rights

7. Cookies and Tracking

7.1 Cookie Categories

7.2 What We Don't Use

7.3 Managing Cookies

8. Data Security

8.1 Technical Measures

8.2 Organisational Measures

8.3 Breach Notification

9. Children's Privacy