Privacy Policy

1. Who We Are

Deets Technologies Private Limited is the Data Fiduciary for personal data collected through the Deets platform at deets.in and associated mobile applications.

Data Protection Officer: privacy@deets.in

2. What Data We Collect and Why

We collect the following categories of personal data. We collect only what is necessary for the stated purposes.

• Account Data: name, email address, phone number, profile photo — for account creation, authentication, and user support.
• Authentication Data: when you sign in using Sign in with Google or Sign in with Apple, we receive limited identity information (such as your name and email, or an Apple private-relay email) from the provider; when you sign in by phone, we process your phone number and a one-time password (OTP) sent by SMS — for secure login.
• Profile and Exam Data: your target examination, study preferences, and use case (for example, individual study vs. mentoring) — for tailoring the experience to your preparation.
• Date of Birth and Age (NEET Services): for NEET-UG features we collect your date of birth to determine whether you are a minor (under 18) and to apply the appropriate protections and consent requirements.
• Parent/Guardian Data (NEET minors): where a user is a minor, the name, relationship, and contact details of the parent or guardian who provides consent — for verifying consent and contacting the guardian.
• Wellbeing Data (NEET, opt-in): if you choose to enable wellbeing check-ins, self-reported mood and fatigue indicators and any note you add — processed only with your opt-in to help you reflect on your preparation. We do not use this data for advertising.
• Learning Activity Data: questions answered, topics studied, subjects explored, time spent on study sessions, PYQ attempts, mock-test attempts and results, answer generation history, search queries, bookmarks, saved answers, study plans, spaced-revision state, and Knowledge Vault contents — for personalising your learning experience, improving AI recommendations, and generating study analytics.
• Credit and Subscription Data: credit balance, credit usage history, subscription plan details, subscription start/end dates, plan upgrade/downgrade history — for managing your account, billing, and providing credit-gated features.
• Payment Data: transaction identifiers, payment status, payment method type (e.g., card network, UPI, net banking, wallet), and billing contact — processed by Razorpay (for website purchases) or by the Apple App Store / Google Play (for in-app purchases); Deets does not store card numbers, CVV, or net banking credentials.
• Uploaded Documents: PDFs and images uploaded for OCR processing — temporarily processed and deleted within 30 days unless stored in your Question Bank.
• User-Generated Content: User Notes, bookmarks, Knowledge Vault entries, error/answer-feedback reports, and personal study materials you create on the Platform.
• Device and Technical Data: device type, operating system, browser type, IP address, approximate location, session identifiers, app version, and (if you grant permission) a push-notification token — for platform security, fraud prevention, delivering notifications, and improving performance.
• Language Preferences: preferred language (Hindi/English) — for delivering content in your preferred language.
• Referral Data: referral codes used, referral actions completed — for administering the referral programme.
• Communications and Preferences: emails, support queries, feedback submitted to Deets, and your marketing opt-in choice.

3. How Your Data is Used in AI Features

Deets uses AI to power its core features. This section specifically explains how your data is processed in connection with AI features.

QUERY PROCESSING: When you use Deets AI to generate answers, summaries, or study materials, your query text (including any questions you type or PYQ questions you select), together with limited context such as your selected exam/subject and recent conversation turns, is transmitted to our AI model provider, Anthropic PBC (the provider of the Claude models), to generate a response. Anthropic processes this data on infrastructure located in the United States. Anthropic processes the data to provide the response under contractual data-protection terms and does not use Deets API data to train its models.

PERSONALISATION: Your learning history, question history, topic coverage, and performance analytics are used to personalise AI recommendations, study packages, and topic prioritisation.

AI MODEL TRAINING: Deets may use anonymised, aggregated learning interaction data to improve the Platform's AI models and recommendation systems. Individual user data will NOT be used to train AI models without your explicit opt-in consent.

DEETS PULSE PROCESSING: Your reading and interaction data on Deets Pulse (topics viewed, articles saved, exam relevance ratings given) is used to personalise your current affairs feed.

You can request that your data be excluded from AI personalisation by contacting privacy@deets.in. Note that this may reduce the quality of personalised recommendations.

4. How We Share Data

We do not sell personal data. We share data only in the following circumstances.

• AI Model Provider — Anthropic PBC (United States): your query text and limited context are shared to generate AI responses, under contractual data-protection terms; Anthropic does not use Deets API data to train its models.
• Cloud Infrastructure — Google LLC / Firebase & Google Cloud Platform (United States / multi-region): authentication, database (Firestore), file storage, push notifications (Firebase Cloud Messaging), product analytics, and abuse protection (App Check / reCAPTCHA).
• Payment Processing — Razorpay Payments Private Limited (India): processing of website payments, subscriptions, and refunds. In-app purchases are processed by Apple (App Store) or Google (Google Play).
• SMS / OTP — MSG91 (India): delivery of one-time passwords by SMS for phone login (used when SMS-based login is enabled).
• Email — Resend (transactional email): delivery of account, billing, and (if you opt in) product emails (used when email delivery is enabled).
• Error Monitoring — Sentry (United States): diagnostic error and performance data to detect and fix faults; configured not to send personal data by default.
• Web Search — Tavily (United States): when an AI answer requires current information, a search query derived from your request may be sent to retrieve relevant public sources.
• Content Delivery & Security — Cloudflare: serving the website and protecting it against abuse.
• Analytics: anonymised, aggregated analytics may be used to improve Platform performance. We do not sell personal data.
• Legal Obligations: where required by law, court order, or a competent regulatory authority.
• Business Transfers: in connection with a merger, acquisition, or sale of assets, where the acquiring entity agrees to terms no less protective than this Policy.
• With Your Consent: in any other circumstance where you have explicitly consented.

5. Data Retention

We retain data only as long as necessary for the purpose it was collected or as required by applicable law.

• Active account data: retained while your account is active.
• Learning activity data (questions, history, analytics): retained for the duration of your account + 2 years.
• User Notes and Knowledge Vault: retained while your account is active; deleted within 30 days of account closure.
• Parental/guardian consent records (NEET minors): retained while the minor's account is active; deleted within 30 days of account closure.
• Wellbeing data (NEET, opt-in): retained while your account is active; deleted within 30 days of account closure; deleted sooner if you disable the feature.
• Push-notification token: retained until you disable notifications or close your account.
• Uploaded documents (OCR processing): deleted within 30 days of upload unless saved to your Question Bank.
• Payment records: 8 years (GST/income tax compliance).
• Subscription records: duration of subscription + 3 years.
• Server logs: 90 days.
• Account data after closure: deleted within 30 days of account closure, subject to legal retention obligations.
• Referral records: 3 years after the referral transaction.

6. Security

Deets implements the following technical and organisational security measures.

• All data in transit is encrypted using TLS 1.2 or higher.
• All data at rest on Google Cloud / Firebase is encrypted at the storage layer using AES-256.
• Firebase Authentication is used for all user logins; passwords are never stored in plaintext.
• Role-based access control (RBAC) is enforced at every Firestore read and write via Security Rules.
• User data is partitioned at the Firestore path level — data of one user is not accessible to other users.
• Payment data is handled entirely by Razorpay and is never stored on Deets' infrastructure.
• Access to production systems is restricted to authorised Deets personnel on a need-to-know basis.
• In the event of a personal data breach, Deets will notify affected users and the Data Protection Board of India within the timeframes required by the DPDP Act.
• No security system is impenetrable. You are responsible for keeping your account credentials secure.

7. Your Rights

Under the DPDP Act 2023, you have the following rights in respect of your personal data. To exercise any right, contact privacy@deets.in. We will respond within 30 days.

• Right to Access: request a summary of the personal data we hold about you. You can request a copy/export of your data by emailing privacy@deets.in.
• Right to Correction: request correction of inaccurate or incomplete personal data; much of your profile data can also be edited directly in the app.
• Right to Erasure: request deletion of personal data that is no longer necessary for the purpose it was collected, subject to legal retention requirements.
• Right to Withdraw Consent: withdraw consent for AI personalisation or marketing communications at any time.
• Right to Grievance Redressal: raise a grievance with our Data Protection Officer at privacy@deets.in.
• Right to Nominate: nominate another individual to exercise your rights in the event of your death or incapacity.
• Account Deletion: you can delete your account and associated data yourself from Account Settings (in-app, by confirming the deletion), or by emailing support@deets.in. Account deletion is irreversible. Subscription access ends immediately upon deletion. Certain records (such as payment/transaction records) are retained where required by law — see Data Retention above.

8. Children's and Minors' Data

GENERAL PLATFORM (UPSC / competitive): The general Platform is intended for users who are at least 13 years of age. Deets does not knowingly collect personal data from children under 13. Users between 13 and 18 must have the consent of a parent or guardian to use the Platform. If you believe a child under 13 has created an account, please contact privacy@deets.in and we will delete the account promptly.

NEET SERVICES (may involve minors): Our NEET-UG features are used by school students, many of whom are under 18. For these features we collect a date of birth to determine whether a user is a minor. Where a user is a minor, we require the consent of a parent or lawful guardian — including the guardian's name, relationship, and contact details — before we process the minor's personal data, and the guardian must agree to the Terms on the minor's behalf. We are progressively implementing verifiable parental-consent mechanisms in line with Section 9 of the DPDP Act 2023 and applicable rules; until such verification is in place for a given feature, that feature is not made available to minors.

PROTECTIONS FOR MINORS: We do not undertake tracking, behavioural monitoring, or targeted advertising directed at minors, and we do not process a minor's personal data in a way that is likely to cause a detrimental effect on their wellbeing. Wellbeing/mood features for NEET students are strictly opt-in. A parent or guardian may, at any time, contact privacy@deets.in to access, correct, or delete their child's data, or to withdraw consent.

Any crisis-support or wellbeing information shown to students is provided for general informational and supportive purposes only and is not medical, psychological, or clinical advice.

9. Cookies and Tracking

We use cookies and similar technologies to operate the Platform, maintain session state, remember preferences, and analyse usage patterns.

Essential cookies necessary for the Platform to function are placed without consent. Analytics cookies are placed only with your consent, which you can withdraw at any time through your browser or app settings.

We do not use cookies to display third-party advertising.

10. Cross-Border Data Transfers

The Platform operates on Google Cloud Platform / Firebase infrastructure, which may involve processing personal data outside India (including in the United States and/or Singapore in addition to India). When AI generation features are used, your query and related context are processed by Anthropic PBC in the United States. Certain other service providers (such as Sentry and Tavily) also process limited data in the United States, as described in Section 4.

Deets ensures that any transfer of personal data outside India complies with the requirements of the DPDP Act and applicable rules, including any cross-border transfer restrictions once notified under the DPDP Act.

11. Contact and Complaints

For privacy queries or to exercise your rights, contact our Data Protection Officer at privacy@deets.in. We will respond within 30 days.

If you are not satisfied with our response to a privacy complaint, you have the right to lodge a complaint with the Data Protection Board of India (once established) or such other authority as notified under the DPDP Act.

• Data Protection Officer: privacy@deets.in
• General support: support@deets.in
• Legal matters: legal@deets.in
• Grievance Officer: grievance@deets.in