Introduction & Scope
This Privacy Policy explains how Stash AI collects, uses, stores, and safeguards personal data inside the Jeenius AI-powered JEE preparation ecosystem. It covers all mobile, web, and API touch-points, including analytics, real-time duels, AI chat, and backend services. The document aligns with India's Digital Personal Data Protection Act 2023 (DPDP Act) and global best-practice frameworks such as GDPR Article 6.
Who We Are
- Stash AI Pvt. Ltd. – an AI organisation with a vision to use AI to make everything better
- Product – Jeenius mobile/web app, REST/gRPC APIs, and backend services (Django 5.2, pgvector, Redis, AWS ECS)
- Data Fiduciary / Controller – Stash AI determines the purpose & means of processing personal data under DPDP §2(5)
Purpose of the Policy
Transparency
Show users exactly what data is collected, why, and for how long.
User Rights
Explain access, correction, deletion & consent-withdrawal mechanisms mandated by DPDP §7 and GDPR Art. 12-23.
Compliance
Document Stash AI’s lawful bases for processing (consent, contract, legal duty, legitimate interest) per GDPR Art. 6 & DPDP “legitimate use” clauses.
Trust & Security
Outline technical and organisational measures (JWT, TLS, encryption-at-rest, role-based access) to protect data against unauthorised access.
Any subsequent sections detail the specific data flows, retention schedule, third-party sharing, cross-border transfers, and breach-notification procedures.
Data Lifecycle
Stash AI processes learner and parent data inside JEEnius only to operate the platform and comply with education-privacy laws. All processing follows a strict collect-only-what-we-need principle and aligns with GDPR / FERPA guidance. The sections below detail each phase of the information lifecycle, current safeguards, and known gaps.
Data We Collect
Account & Identity
Name, email, phone, profile photo, authentication tokens (Google OAuth, phone OTP).
Educational Content
Question attempts, scores, mock-test telemetry, AI chat transcripts.
Device & Usage
IP address, browser/OS details, app-instance ID, Firebase installation ID, crash logs.
Payment (premium plans)
Last 4 digits of card, billing address, Stripe customer ID; no full card numbers stored.
Parent Reports
Weekly PDF progress snapshots emailed to guardians.
Optional Media
Images/documents uploaded to the Forge RAG feature; auto-deleted after processing unless saved to notes.
Gap: location data is intentionally not collected; future peer-duel geofencing features will require a new DPIA.
How We Use Data
Core Functionality
Authenticate users, sync progress, personalise study paths, deliver adaptive questions.
Analytics & Forecasting
Aggregate accuracy/speed metrics to power percentile projection engine; all analytics run on pseudonymised IDs.
AI Services
Feed de-identified question text into OpenAI for doubt-solving; transcripts retained ≤30 days in “temporary chat” mode.
Payments & Fraud Prevention
Send billing data to Stripe for PCI-compliant processing and chargeback monitoring.
No Ads / No Sale No personal data is used for advertising or sold to third parties, consistent with the Student Privacy Pledge.
Data Retention & Deletion
- Active accounts – live data kept for service life.
- Inactive accounts – flagged after 12 months of no login; auto-deleted after 24 months to avoid CNIL-type violations.
- AI chat logs – “standard” chats kept 30 days, “temporary” chats auto-purged within 24 h.
- Payments – Stripe retains billing records 11 years to meet financial-audit law; JEEnius keeps only anonymised invoice IDs.
- Back-ups – encrypted AWS snapshots aged-off at 90 days; cryptographic erase on overwrite.
- Right to Erasure – requests honoured within 30 days; hard-delete from primaries and back-ups per ISO 27001 8.10 controls.
- Analytics Aggregates – converted to fully anonymised statistics before user-level purge, allowing long-term trend analysis without personal identifiers.
Limitation: historical percentile models may lose accuracy after mass deletions; mitigation via synthetic, non-personal training data is under review.
User Rights & Controls
Jeenius—developed by Stash AI—is engineered to give learners full command over their personal data. The platform aligns with leading regulations (GDPR, COPPA, India DPDP) and implements granular, in-app tooling so users can view, fix, move or erase data with minimal friction. Below are the concrete rights, workflows, and age-specific safeguards in place.
Access, Correction & Portability
- Self-serve Data Portal – Users tap Profile → Privacy → Download/Correct Data to export a machine-readable JSON/CSV bundle within 24 h, and request edits to name, email, phone or exam preferences; changes propagate across web, iOS, Android in <15 min.
Verification & Timing
- Identity confirmed via the primary login factor (email OTP / Google OAuth).
- Jeenius responds to access or rectification requests in ≤30 days (GDPR max) or ≤45 days (India DPDP).
Portability Formats
- Questions attempted →
attempts.csv - AI chat threads →
chat.json - Analytics summaries →
insights.parquet - All files packaged in an encrypted ZIP with AES-256 key delivered over TLS.
Limitation: Offline-only study sessions older than 90 days are not synced and therefore excluded from exports; users are prompted to sync before deletion.
Consent & Opt-Out Mechanisms
Analytics & Cookies
First launch shows a dual-button banner (Accept all / Reject all) plus a “Manage settings” link for granular toggles (Essential, Analytics, Marketing). Selecting Reject all sets posthog.opt_out_capturing() and disable_persistence:true—no identifiers stored locally.
In-session Toggle
Users can flip Settings → Privacy → Analytics anytime; change is instant and logged to an immutable consent ledger.
Marketing Communications
Email / push preferences available under Settings → Notifications with independent toggles; default is opt-out.
Data Deletion (“Right to be Forgotten”)
One-tap delete triggers a 7-day reversible soft-delete; hard purge completes after 30 days with cryptographic erasure from backups.
| Consent Surface | Default State | User Control Path | Regulatory Basis |
|---|---|---|---|
| Analytics cookies | Off for EEA until opt-in | Banner → Manage | GDPR Art. 6(1)(a) |
| Session recording | Off globally until opt-in | Settings → Privacy | PostHog API |
| Marketing emails | Off | Settings → Notifications | CCPA §1798.120 |
Children & Minors
Age Gating
During sign-up Jeenius requires date-of-birth; if <13 US or <18 India, the flow diverts to Parental Consent Gateway powered by PRIVO-verified methods (credit-card $0.01 check or government-ID scan).
Regulatory Matrix
- USA (COPPA) – <13, Verifiable Parental Consent (VPC); no targeted ads, no persistent IDs.
- India (DPDP draft) – <18, Verifiable Parental Consent; no profiling, data deletion after 3 yrs inactivity.
- EU (GDPR) – ≤16 (member-state choice); parental consent for processing; enhanced transparency, portability.
Default Protections for Minor Accounts
- Profiles set to private, leaderboards hidden, and chat rooms limited to vetted IIT mentors.
- AI chat filters block sharing of personal identifiers and flag suspicious content for human review within 30 min.
- Daily screen-time cap of 120 min with parent override options.
Gap: India’s DPDP rules are still draft; implementation details (e.g., state-backed digital ID hooks) will be updated once finalized.
Stash AI continuously audits these controls, publishes quarterly transparency metrics, and invites independent penetration tests to validate compliance.
Security, International Transfers & Policy Governance
Jeenius applies a “security-by-design” approach: all traffic is encrypted, all data is stored on hardened cloud infrastructure, and all processors are contract-bound to GDPR-grade safeguards. International transfers are restricted to clearly defined regions and protected by Standard Contractual Clauses (SCCs). Users are informed of any material policy change, and Stash AI provides a single point of contact for privacy questions.
Data Security
- Encryption in transit – TLS 1.3 / QUIC secured channels for API, WebSocket duels and AI streaming (93 % of Cloudflare connections industry-wide).
- Encryption at rest – AES-256 on all AWS EBS / RDS volumes, Redis snapshots and S3 object storage.
- Key management – AWS KMS customer-managed keys (CMKs) with automatic rotation every 365 days; future roadmap includes post-quantum hybrid (Kyber + X25519) once generally available.
- Role-Based Access Control (RBAC) – least-privilege IAM roles for micro-services and staff, audited quarterly.
- Vulnerability management – Nessus scans weekly; critical CVEs patched within 72 h (best-practice threshold).
- Incident response – NIST SP 800-61 r3 Detect-Respond-Recover lifecycle with a 24 h initial notification SLA.
| Layer | Control | Standard / Reference |
|---|---|---|
| Network | Cloudflare WAF, DDoS Shield | PCI DSS v4 |
| Application | OWASP Top-10 secure coding reviews 2× year | OWASP |
| Data | AES-256-XTS full-disk, pgcrypto column-level | FIPS 140-3 |
Gap: No biometric data is collected; therefore, no dedicated control set for special category data is applicable.
International Data Transfers
- Default storage region: ap-south-1 (Mumbai) AWS; replicas in eu-central-1 (Frankfurt) for disaster recovery.
- Transfer mechanism: 2021 EU SCCs Module 2 (Controller → Processor) + UK IDTA; Transfer Impact Assessments reviewed annually.
- India DPDPA 2023: Data may leave India only to jurisdictions not on the Government “negative list”; Jeenius limits outbound flows to EU and US.
- Onward sub-processing: Full list (AWS, Cloudflare, Stripe, etc.) published and updated ≥30 days before onboarding a new provider.
Cross-Region Replication Snapshot
| Purpose | Primary (Mumbai) | Backup (Frankfurt) | Protection |
|---|---|---|---|
| Postgres | RDS multi-AZ | Cross-Region snapshot every 6 h | AES-256 + KMS |
| S3 Media | S3 Standard | S3 CRR RTC < 15 min p99 | SSE-S3, versioning |
Policy Updates & Contact
- Material changes trigger: new data category, new sub-processor, or change in legal basis.
- Notice mechanism: In-app modal banner 14 days before effective date; Email to registered address 7 days before change.
- Versioning: Privacy Policy review ≥1× year (CCPA §1798.130).
Contact: Email: stash.ai.tech@gmail.com