1. Introduction

This Privacy Policy explains how Sonch.in (the "Platform"), operated by VKITES ("we", "us", or "our"), collects, uses, stores, discloses, and protects personal data in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act").

This Policy applies to all users of the Platform including students, parents/guardians, teachers, school administrators, and other individuals who interact with Sonch.in.

2. Categories of Personal Data We Collect

We collect only the personal data necessary to deliver educational services and to meet legal or contractual obligations.

2.1 Student (Children) Data

• Full name, date of birth / age, class/grade and school details
• Parent / guardian name, email address and mobile number
• Learning data: assessments, quiz results, progress reports, attendance
• Files/documents uploaded by students or parents (e.g., assignments)

2.2 Parent / Guardian Data

• Name, email address, mobile number and contact preferences
• Account credentials and communication history
• Consent records and proof of guardianship where required

3. Purpose of Processing Personal Data

We process personal data strictly for the following purposes:

• To create and manage user accounts and profiles
• To deliver educational content, assessments, and learning experiences
• To track learning progress and generate reports for students, parents and schools
• To communicate operational messages, schedules, class updates and safety notices
• To operate, maintain and secure the Platform
• To meet legal, regulatory or contractual obligations

4. Processing Children's Data (K-12 Specific)

Because Sonch.in serves minors, we follow enhanced protections required by the DPDP Act:

• Verifiable Parental Consent: We obtain verifiable consent from a parent or lawful guardian before collecting or processing any child's personal data.
• No Targeted Advertising: We do not permit targeted advertising to children.
• No Behavioural Profiling: We do not profile children for marketing purposes.
• No Sale of Children's Data: We never sell children's personal data to third parties.
• Parental Oversight: Parents may review, correct, or request deletion of their child's personal data.

5. Data Security Measures

We implement robust technical and organizational measures to protect personal data:

• Encryption of data at rest (AES-256 where applicable)
• SSL/TLS for all data in transit
• Role-based access control and least-privilege access
• Multi-factor authentication for admin accounts
• Regular vulnerability assessments and patch management
• Access logging and audit trails for administrative actions

6. Rights of Data Principals

Under the DPDP Act, Data Principals — and for minors, the parent or lawful guardian — have the following rights:

7. Grievance Redressal & Contact Information

If you have questions, concerns, or wish to exercise your rights under the DPDP Act, please contact our designated officer:

We will acknowledge and address grievances in accordance with the DPDP Act. Our goal is to resolve grievances within 7 days of receipt.