Privacy Policy
Last updated: 23 January 2026
1. Overview
Teaching Machines (“we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, how we use it, why we collect it, how we protect it, how long we keep it, and your rights as a user.
This Privacy Policy applies to all users of the Teaching Machines platform and related services (the “Service”). We process personal data in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and other applicable laws.
We act as a Data Fiduciary under the DPDP Act. Our processing is primarily based on your consent, which you provide during account registration.
2. Personal Data We Collect
We collect only the personal data necessary to provide, secure, and improve the Service, following data minimization principles.
| Category | Data Collected | Mandatory / Optional |
|---|---|---|
| Contact Information | Email address | Mandatory |
| Profile Information | First name, last name | Optional (but collected if provided during signup or profile update) |
| Account & Security Data | Encrypted password, authentication tokens | Mandatory |
| Technical & Log Data | IP address, device/browser info, access logs (anonymized where possible) | Automatically collected |
| User-Generated Content | Educational content you create/upload on the platform | As provided by you |
3. Purposes & Lawful Basis for Processing
We process your personal data only for specified, explicit purposes with your consent (primary basis under DPDP Act). Consent is obtained via a clear affirmative action (checkbox/agreement) during signup, with the policy version and timestamp logged.
| Data | Purpose(s) of Processing | Lawful Basis |
|---|---|---|
| Email address | Account creation/login, OTP verification, notifications, password reset, service/security communications | Consent |
| First & Last Name | Profile display, personalization, identification in admin/support contexts | Consent |
| Password & Tokens | Secure authentication and session management | Consent |
| Technical & Log Data | Security monitoring, fraud prevention, debugging, performance improvement | Consent |
| User-Generated Content | Providing core educational features of the Service | Consent |
You can withdraw consent at any time (affecting future processing), but this may impact your ability to use certain features. Withdrawal does not affect prior lawful processing.
4. How Consent is Obtained
Consent is collected via a mandatory checkbox during signup: “I agree to the collection and use of my personal data as described in the Privacy Policy and Terms of Service.” A link to this policy is provided. We record the consent timestamp, IP, and policy version.
Consent is free, specific, informed, unconditional, and unambiguous. It is not bundled with unrelated processing.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data (email, name, etc.) | While your account is active |
| Data after account deletion | Up to 12 months (for legal, tax, security, or audit purposes), then deleted/anonymized |
| Logs & technical data | Up to 30 days, then anonymized or deleted |
6. Data Storage, Sharing & International Transfers
Primary data is stored in secure servers in Frankfurt, Germany (EU). We use HTTPS (encryption in transit) and encryption at rest where applicable.
We share limited data with trusted vendors only as needed:
- Cloud providers (e.g., DigitalOcean, Azure)
- Payment processors (e.g., Stripe, if payments are enabled)
- AI & monitoring services (e.g., OpenAI/ChatGPT, Grafana)
These providers are bound by contracts (including Data Processing Agreements) requiring confidentiality and security. Some vendors are outside EU (e.g., US-based), and we ensure safeguards such as Standard Contractual Clauses or equivalent measures.
7. Your Rights under DPDP Act
You have the following rights (exercisable via account settings where possible or by contacting us):
- Access: View your personal data
- Correction/Rectification: Update inaccurate data (e.g., name/email via settings)
- Erasure: Delete your data/account (self-service deletion available; some limited retention may apply)
- Data Portability: Export your data (JSON/CSV via “Export My Data” in settings)
- Withdraw Consent: Stop future processing (may limit Service access)
- Grievance Redressal: Raise concerns with us first
We respond to verified requests promptly.
8. Security Measures
We implement reasonable security safeguards including:
- Encryption in transit (HTTPS) and at rest (where feasible)
- Secure password hashing
- Access controls and monitoring
- Rate limiting and suspicious activity alerts
9. Data Breach Notification
In case of a personal data breach, we will investigate, mitigate, and notify affected users and authorities as required by law.
10. Changes to This Policy
We may update this policy. Material changes will be notified via the Service or email. Continued use constitutes acceptance.
11. Contact & Grievance Officer
For questions, rights requests, or grievances:
Email: privacy@teachingmachines.ai
Grievance Officer: [Name/Designation – to be designated] – Contact via the above email.
If unsatisfied, you may approach the Data Protection Board of India.