Jeenius AI Privacy Policy Applies to the Jeenius mobile app, web app & APIs
Overview

Introduction & Scope

Last updated: 1 July 2026

This Privacy Policy explains how Stash AI (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use Jeenius — an AI-powered platform for JEE (Joint Entrance Examination) preparation. It applies to the Jeenius mobile apps (Android and iOS), the web app at ai.jeenius.tech, and our backend APIs and services, including AI doubt-solving, practice and mock tests, real-time duels, study plans, and analytics.

We process personal data in accordance with India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and the Information Technology Act, 2000 and rules made under it. By creating an account or using Jeenius, you agree to the practices described here. This policy should be read together with our Terms of Service and Refund & Cancellation Policy.

Who We Are

  • Stash AI — an independent venture based in Kolkata, West Bengal, India, that builds and operates the Jeenius AI learning platform.
  • Product — the Jeenius mobile and web apps and the backend services that power them (Django/DRF APIs, PostgreSQL with pgvector, Redis, hosted on AWS in the Mumbai (ap-south-1) region).
  • Data Fiduciary — for the purposes of the DPDP Act, Stash AI is the Data Fiduciary that determines the purpose and means of processing your personal data.

If you have any questions about this policy or how we handle your data, contact us at support@jeenius.tech.

Data We Collect

We collect only the data we need to operate Jeenius and provide the features you use.

Account & Identity

Name, email address, password (stored only as a salted hash), phone number, date of birth, profile picture, and username. If you sign in with Google, we receive your basic Google profile (name, email, profile photo). A Supabase user ID is created to manage your authentication.

Education Profile

Details you provide such as current class, target exam year, attempt number, board, and school, plus optional information like city, state, country, address, and social-media handles you choose to add to your profile.

Learning & Activity Data

Question attempts and scores, practice/DPP and mock-test history, PYQ searches, flashcards, bookmarks and favourites, generated study plans, performance analysis, and gamification data (XP, level, streaks, trophies).

AI Interactions & Uploads

Your chat history with the AI doubt-solver, PYQ assistant, and book chat, along with images or documents you upload to get doubts solved or to use the Jeenius Studio (Forge) feature.

Duels & Social

Duel matches, scores, rankings, answer logs, and your social connections (friends and friend requests) where you use those features.

Payment Data

For paid plans we store Razorpay order, payment, and invoice references, the amount and status, and limited payment-method details returned by Razorpay (such as the last 4 digits of a card, card network, UPI ID, or wallet/bank name). We never receive or store your full card number, CVV, or UPI PIN — those are handled directly by Razorpay.

Device & Technical Data

A push-notification device token (for Firebase Cloud Messaging), your sign-in provider, and server-side technical logs such as IP address, request metadata, and error/crash information used to keep the service running and secure.

Note: we do not collect precise GPS location, and we do not collect biometric data.

How We Use Your Data

Provide & Personalise the Service

Authenticate you, save your progress, deliver practice questions and mock tests, run duels, generate study plans and performance analytics, and tailor content to your class and target year.

AI Features

Process the text and images you submit to generate doubt solutions, questions, explanations, study plans, and diagrams. See the AI Processing section below for the providers involved.

Payments

Process plan purchases and add-ons through Razorpay, issue invoices, and manage your plan entitlements.

Communications

Send transactional emails (verification, password reset, receipts) and push notifications (reminders, streaks, updates). You can control push notifications from your device settings.

Safety, Security & Legal

Detect and prevent abuse and fraud, enforce our Terms, keep the service secure and reliable, and comply with applicable law.

No ads · No data sale We do not sell your personal data, and we do not use it to serve third-party advertising.

AI Processing

Jeenius uses third-party AI services to power features like doubt-solving, question generation, study plans, image/diagram generation, and document OCR. To do this, we send the minimum content needed to generate a response — for example, your question text or an uploaded image — to our AI provider, OpenAI. Depending on configuration, we may also use Microsoft Azure OpenAI, Google Gemini, or Mistral (for document OCR) for specific features.

Search and similarity features are powered by text embeddings; some embeddings are generated on our own servers using an open-source model and are not shared with third parties.

AI output can be inaccurate or incomplete and should be independently verified. Please see the AI disclaimer in our Terms of Service.

Sharing & Sub-processors

We do not sell your data. We share it only with service providers (“sub-processors”) that help us operate Jeenius, and only to the extent needed for them to perform their service.

Recipient Purpose Data Involved
Supabase Database, authentication (email/Google/phone OTP), and file storage Account, profile, learning and uploaded data; auth identifiers
Google / Firebase Push notifications (FCM) and Google Sign-In Device push token; Google profile (name, email) on sign-in
Razorpay Payment processing for paid plans Name, email, phone, amount, tokenised payment-method reference
OpenAI (and, where configured, Azure OpenAI / Google / Mistral) AI doubt-solving, question generation, study plans, image generation, OCR Question text and images/documents you submit
Amazon Web Services (AWS) Application hosting and server logs (Mumbai, ap-south-1) Encrypted application data and technical logs
Google (Gmail SMTP) Sending transactional email Email address and message content (e.g., verification links, receipts)

Legal disclosure: we may disclose data if required by law or a valid legal request, or to protect the rights, safety, and security of our users, the public, or Stash AI.

If your account is involved in a duel or other social feature, limited information such as your display name and scores may be visible to the other participant.

Data Retention & Deletion

  • Active accounts — we retain your data for as long as your account is active and you use the service.
  • Account deletion — you can request deletion from within the app or at ai.jeenius.tech/delete-account. When you do, your personal information (such as email, name, phone, profile picture, and social links) is anonymised, and your learning, duel, chat, and social data is deleted.
  • 30-day recovery window — after a deletion request, your account is retained for 30 days in case you change your mind. After 30 days, the data is permanently deleted/anonymised and cannot be recovered.
  • Legal retention — certain records, such as payment and transaction records, may be retained for longer where required for tax, accounting, or anti-fraud purposes.
  • Backups — residual copies in encrypted backups are removed in the normal backup-rotation cycle.

Your Rights & Choices

Under the DPDP Act and applicable law, you have the following rights in respect of your personal data:

  • Access — request a summary of the personal data we process about you.
  • Correction — update or correct your information. You can edit most profile details directly in the app under your profile.
  • Erasure — request deletion of your account and personal data (see Data Retention & Deletion).
  • Withdraw consent — withdraw consent you previously gave, where processing is based on consent. This will not affect processing already carried out.
  • Grievance redressal — raise a concern about how we handle your data and have it addressed.
  • Nominate — nominate another individual to exercise your rights in the event of death or incapacity, as provided under the DPDP Act.

To exercise any of these rights, email support@jeenius.tech from your registered email address (so we can verify your identity). We aim to respond within 30 days.

Grievance Officer

For privacy-related complaints or to exercise your rights under the DPDP Act, you can reach our Grievance Officer at support@jeenius.tech.

Children & Minors

Jeenius is built for students preparing for the JEE, many of whom are under 18. Under the DPDP Act, processing the personal data of a child (a person under 18 in India) requires verifiable consent from a parent or lawful guardian.

  • If you are under 18, you must use Jeenius with the involvement and consent of a parent or guardian, who accepts these terms on your behalf.
  • We do not knowingly use a child’s personal data for tracking, behavioural monitoring, or targeted advertising, and we do not undertake processing likely to cause harm to a child.
  • A parent or guardian can contact us at support@jeenius.tech to access, correct, or delete a minor’s data.

If we learn that we have collected a child’s data without the required consent, we will take steps to delete it.

Security & International Transfers

How We Protect Your Data

  • Encryption in transit — all traffic between your device and our servers is encrypted using HTTPS/TLS.
  • Authentication — access is protected by token-based authentication (JWT); passwords are stored only as salted hashes, never in plain text.
  • Managed infrastructure — data is stored on reputable managed cloud platforms (Supabase and AWS) with access controls that limit who can reach it.
  • Payments — card and UPI details are handled by Razorpay, a PCI-DSS-compliant payment provider; we do not store full payment credentials.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a personal-data breach affecting you, we will notify you and the relevant authority as required by law.

Where Your Data Is Processed

Our application servers and primary database are hosted in India (AWS Mumbai, ap-south-1). Some of our sub-processors — for example OpenAI and Google/Firebase — may process limited data on servers outside India to provide their services. Where data is transferred internationally, we share only what is necessary and rely on our providers’ contractual and security safeguards.

Updates & Contact

  • Changes: we may update this policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the app or by email.
  • Continued use: using Jeenius after an update means you accept the revised policy.

Contact: Stash AI, Kolkata, West Bengal, India — support@jeenius.tech