Welcome to sonch.in – Smarter assessment - Stronger Outcome

About Us

Born from a passion to democratize quality education, Sonch began as a simple idea in 2022: to make exam preparation accessible, affordable, and remarkably effective for every Indian student.

Get the App

Prepare smarter with Sonch’s AI-powered learning app. Download now on Android.

Download Sonch Android App from Google Play

Contact Info

  • B-611 Ratan Galaxy
    Sector 12, Vrindavan Yojna
    Lucknow, UP, India 226029
  • (+91) 9838-786-101
  • contact@sonch.in
  • Monday-Friday, 9AM-6PM IST

Privacy Policy

dot
ball

Privacy Policy

Digital Personal Data Protection Act (DPDP), 2023 Compliant

DPDP Act 2023 Compliant | Effective: April 24, 2026

Digital Personal Data Protection Act, 2023 Compliance

This Privacy Policy is drafted in compliance with the DPDP Act, 2023. We process personal data only for lawful purposes with your explicit consent.

AI & Machine Learning Disclosure

Important: Sonch uses Artificial Intelligence (AI) and Machine Learning (ML) to:

  • Generate educational content, questions, and explanations
  • Personalize learning paths and recommendations
  • Analyze learning patterns and predict performance
  • Improve content quality through continuous learning

Data Usage for AI Training: Anonymized and aggregated learning data may be used to train our AI models. Personal identifiers are removed before such processing. You may opt-out of data usage for AI training through your account settings.

Quick Navigation

1 Introduction & Scope
2 Key Definitions
3 DPDP Principles
4 Consent Framework
5 Data Categories
6 AI Data Processing
7 Children's Data
8 Your DPDP Rights
9 Security & Breach
10 Grievance Redressal

1. Introduction & Scope

This Privacy Policy ("Policy") governs the processing of digital personal data by Sonch.in, operated by VKITES ("Data Fiduciary," "we," "us," or "our"), in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act").

This Policy applies to all natural persons ("Data Principals") including students, parents/guardians, teachers, and other users who interact with our AI-powered educational platform.

Legal Basis for Processing

We process personal data only where a lawful basis exists under Section 4 of the DPDP Act, including: (a) consent for specified purposes, (b) for providing educational services, (c) compliance with legal obligations, and (d) for reasonable purposes as defined in the Act. Such reasonable purposes include fraud prevention, platform security, and compliance with applicable law.

2. Key Definitions (DPDP Act, 2023)

For clarity, we adopt the definitions under the DPDP Act, 2023:

Data Fiduciary

VKITES (Sonch.in) who determines the purpose and means of processing personal data.

Data Principal

The individual to whom the personal data relates (student/parent/guardian).

Processing

Any operation performed on personal data including collection, storage, analysis, etc.

Consent Manager

A registered entity under the DPDP Act that enables Data Principals to manage their consent.

3. DPDP Act Compliance Principles

We adhere to the following principles under Section 8 of the DPDP Act, 2023:

Data Processing Principles
  • Lawful, Fair & Transparent Processing: We process data only for lawful purposes with clear notice
  • Purpose Limitation: Data collected only for specified, explicit, and legitimate purposes
  • Data Minimization: We collect only adequate, relevant and necessary data
  • Accuracy & Quality: We ensure data is accurate, complete, and kept up-to-date
  • Storage Limitation: Data retained only as long as necessary for specified purposes
  • Security Safeguards: Reasonable security measures to prevent data breaches
  • Accountability: We demonstrate compliance with DPDP Act requirements

5. Categories of Personal Data Processed

5.1 Mandatory Data for Service Delivery

  • Identification Data: Name, email, mobile number (for parents/guardians)
  • Student Academic Data: Grade/class, school name, learning progress
  • Account Data: Username, encrypted password, account preferences
  • Communication Data: Service-related emails, notifications

5.2 Learning & Performance Data

  • Assessment Data: Quiz scores, test results, time taken per question
  • Learning Analytics: Topics mastered, weak areas, progress trends
  • Interaction Data: Content accessed, features used, session duration
  • AI Training Data: Anonymized response patterns (opt-out available)

5.3 Data We DO NOT Collect

  • No Sensitive Data: We do not collect health data, biometrics, financial data, or Aadhaar numbers
  • No Behavioral Profiling: We do not track for advertising or create psychological profiles
  • No Location Tracking: We do not collect precise location data
  • No Social Media Scraping: We do not collect data from social media profiles

6. AI & Machine Learning Data Processing

AI-Powered Educational Platform

Sonch is fundamentally an AI-driven platform. Our processing includes:

6.1 AI Training Data Usage

  • Anonymization First: Personal identifiers are removed before AI training
  • Aggregated Patterns: We analyze learning patterns across user groups
  • Content Generation: AI creates personalized questions and explanations
  • Performance Prediction: AI models predict learning outcomes
  • Quality Improvement: User feedback improves AI accuracy

6.2 Your Control Over AI Data Usage

You have complete control:

  • Opt-Out Option: Disable data usage for AI training in account settings
  • Transparent Processing: We disclose when AI is involved in decision-making
  • Human Oversight: Critical decisions involve human review
  • Regular Audits: We periodically evaluate AI outputs for bias, fairness, and quality, including human review where appropriate.

6.3 AI-Generated Content Notice

Important Disclosure: A significant portion of our educational content is AI-generated. While we implement quality controls:

  • We do not guarantee 100% accuracy of AI-generated content
  • Users should verify critical information with authoritative sources
  • We provide mechanisms to report inaccuracies for correction
  • AI content is continuously improved based on expert review

7. Children's Data Protection (Section 9, DPDP Act)

Enhanced Protections for Minors

As an education platform serving K-12 students, we implement enhanced safeguards:

7.1 Parental Consent Framework

  • Verifiable Consent: We require and verify parental consent before processing any child's data
  • Separate Consent Forms: Child-specific consent separate from general terms
  • Consent Records: Maintained for audit as per DPDP Act requirements
  • Withdrawal Mechanism: Parents can withdraw consent anytime

7.2 Restrictions on Children's Data Processing

Strict Prohibitions: We DO NOT except where required by law or essential for service delivery:

  • Process children's data for tracking, profiling, or behavioral monitoring
  • Use children's data for targeted advertising or marketing
  • Sell, trade, or monetize children's personal data
  • Share children's data with third parties except for essential educational services
  • Use AI systems that make automated decisions affecting children without human oversight

8. Your Rights Under DPDP Act, 2023

Right to Access (Section 11)

Request confirmation and summary of your personal data being processed.

Response Time: within a reasonable period, not exceeding timelines prescribed under applicable law,

Right to Correction (Section 12)

Request correction of inaccurate or incomplete personal data.

Response Time: within a reasonable period, not exceeding timelines prescribed under applicable law.

Right to Erasure (Section 12)

Request deletion when data is no longer necessary for specified purposes.

Response Time: 7 working days

Certain data may be retained where required for legal compliance, dispute resolution, fraud prevention, or enforcement of our Terms & Conditions.

Right to Grievance Redressal (Section 13)

File complaints regarding data processing practices.

Response Time: 30 calendar days

How to Exercise Your Rights

To exercise any DPDP right, please:

  1. Submit a written request to contact@sonch.in
  2. Include your registered email and verification details
  3. Specify the right you wish to exercise
  4. Provide necessary supporting documents
  5. We will respond within timelines specified in the DPDP Act

9. Security Measures & Breach Notification

9.1 Technical & Organizational Measures

  • Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Access Controls: Role-based access, multi-factor authentication for administrators
  • Regular Audits: Security assessments and vulnerability scanning
  • Data Minimization: Collect only essential data, pseudonymization where possible
  • Incident Response: Documented procedures for security incidents
  • Employee Training: Regular privacy and security training for staff

9.2 Data Breach Notification (Section 8(6), DPDP Act)

Breach Notification Protocol

In case of a personal data breach that is likely to result in harm to Data Principals:

  • We will notify the Data Protection Board of India within the timelines prescribed under applicable law.
  • We will notify affected Data Principals without undue delay
  • Notifications will include nature of breach, categories of data, and mitigation measures
  • We maintain incident response plans as per DPDP Act requirements

10. Grievance Redressal & Contact

Data Protection Officer (DPO)

Where applicable under the Digital Personal Data Protection Act, 2023

Email: contact@sonch.in

Phone: +91-9838-786-101

Response Time: We acknowledge grievances within 24 hours and resolve within 30 days as per DPDP Act requirements.

Grievance Redressal Process

If you have concerns about our data processing:

  1. Contact our DPO at contact@sonch.in
  2. We will acknowledge within 24 hours
  3. Our DPO will investigate and respond within 30 days
  4. If unsatisfied, you may approach the Data Protection Board of India

We maintain records of all grievances and resolutions as required by the DPDP Act.

DPDP Act Compliance Summary

  • ✓ Lawful Processing with Consent
  • ✓ Purpose Limitation Observed
  • ✓ Data Minimization Implemented
  • ✓ Storage Limitation Followed
  • ✓ Accuracy Maintained
  • ✓ Account termination does not automatically result in deletion of data where retention is required under law, contractual obligations, or legitimate interests.
  • ✓ Reasonable Security Safeguards
  • ✓ Accountability Demonstrated
  • ✓ Children's Data Protected
  • ✓ Rights Framework Established
  • ✓ Breach Notification Ready

This Privacy Policy is reviewed annually and updated as needed to comply with evolving data protection laws in India.

Important Notice

By using Sonch.in, you acknowledge that:

  • You have read and understood this DPDP-compliant Privacy Policy
  • You consent to our data processing practices as described
  • For minors, parental consent is obtained and recorded
  • You may withdraw consent through account settings
  • Continued use constitutes acceptance of any policy updates
View Terms & Conditions Back to Home

Last updated: April 24, 2026 | DPDP Act 2023 Version 1.0

Get in Touch

Sonch is an AI-powered diagnostic platform specializing in learning gap analysis for K-12 students and competitive exam aspirants. We provide actionable insights and personalized assessments to improve learning outcomes.

call(+91) 9838-786-101

info@sonch.in

Online Platform

© 2025 Sonch. All Right Reserved.