Privacy Policy

Last updated: 23 January 2026

1. Overview

Teaching Machines (“we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, how we use it, why we collect it, how we protect it, how long we keep it, and your rights as a user.

This Privacy Policy applies to all users of the Teaching Machines platform and related services (the “Service”). We process personal data in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and other applicable laws.

We act as a Data Fiduciary under the DPDP Act. Our processing is primarily based on your consent, which you provide during account registration.

2. Personal Data We Collect

We collect only the personal data necessary to provide, secure, and improve the Service, following data minimization principles.

CategoryData CollectedMandatory / Optional
Contact InformationEmail addressMandatory
Profile InformationFirst name, last nameOptional (but collected if provided during signup or profile update)
Account & Security DataEncrypted password, authentication tokensMandatory
Technical & Log DataIP address, device/browser info, access logs (anonymized where possible)Automatically collected
User-Generated ContentEducational content you create/upload on the platformAs provided by you

3. Purposes & Lawful Basis for Processing

We process your personal data only for specified, explicit purposes with your consent (primary basis under DPDP Act). Consent is obtained via a clear affirmative action (checkbox/agreement) during signup, with the policy version and timestamp logged.

DataPurpose(s) of ProcessingLawful Basis
Email addressAccount creation/login, OTP verification, notifications, password reset, service/security communicationsConsent
First & Last NameProfile display, personalization, identification in admin/support contextsConsent
Password & TokensSecure authentication and session managementConsent
Technical & Log DataSecurity monitoring, fraud prevention, debugging, performance improvementConsent
User-Generated ContentProviding core educational features of the ServiceConsent

You can withdraw consent at any time (affecting future processing), but this may impact your ability to use certain features. Withdrawal does not affect prior lawful processing.

4. How Consent is Obtained

Consent is collected via a mandatory checkbox during signup: “I agree to the collection and use of my personal data as described in the Privacy Policy and Terms of Service.” A link to this policy is provided. We record the consent timestamp, IP, and policy version.

Consent is free, specific, informed, unconditional, and unambiguous. It is not bundled with unrelated processing.

5. Data Retention

Data TypeRetention Period
Active account data (email, name, etc.)While your account is active
Data after account deletionUp to 12 months (for legal, tax, security, or audit purposes), then deleted/anonymized
Logs & technical dataUp to 30 days, then anonymized or deleted

6. Data Storage, Sharing & International Transfers

Primary data is stored in secure servers in Frankfurt, Germany (EU). We use HTTPS (encryption in transit) and encryption at rest where applicable.

We share limited data with trusted vendors only as needed:

  • Cloud providers (e.g., DigitalOcean, Azure)
  • Payment processors (e.g., Stripe, if payments are enabled)
  • AI & monitoring services (e.g., OpenAI/ChatGPT, Grafana)

These providers are bound by contracts (including Data Processing Agreements) requiring confidentiality and security. Some vendors are outside EU (e.g., US-based), and we ensure safeguards such as Standard Contractual Clauses or equivalent measures.

7. Your Rights under DPDP Act

You have the following rights (exercisable via account settings where possible or by contacting us):

  • Access: View your personal data
  • Correction/Rectification: Update inaccurate data (e.g., name/email via settings)
  • Erasure: Delete your data/account (self-service deletion available; some limited retention may apply)
  • Data Portability: Export your data (JSON/CSV via “Export My Data” in settings)
  • Withdraw Consent: Stop future processing (may limit Service access)
  • Grievance Redressal: Raise concerns with us first

We respond to verified requests promptly.

8. Security Measures

We implement reasonable security safeguards including:

  • Encryption in transit (HTTPS) and at rest (where feasible)
  • Secure password hashing
  • Access controls and monitoring
  • Rate limiting and suspicious activity alerts

9. Data Breach Notification

In case of a personal data breach, we will investigate, mitigate, and notify affected users and authorities as required by law.

10. Changes to This Policy

We may update this policy. Material changes will be notified via the Service or email. Continued use constitutes acceptance.

11. Contact & Grievance Officer

For questions, rights requests, or grievances:

Email: privacy@teachingmachines.ai

Grievance Officer: [Name/Designation – to be designated] – Contact via the above email.

If unsatisfied, you may approach the Data Protection Board of India.