Last updated June 2026

Privacy Policy

This Privacy Policy explains how Demo (“we”, “our”, or “us”) collects, uses, and protects personal information when you use our website and services. By registering or using any part of our platform, you agree to the practices described here.

1. Information We Collect

1.1 Information you provide directly

  • Account details — name, email address, password (stored as a secure hash), and role (student or teacher).
  • Profile information — phone number, address, date of birth, gender, education history, experience, and a profile photograph (optional).
  • Enrollment and payment details — course selections, payment amounts, coupon codes, and Razorpay transaction references.
  • Contact and inquiry messages — content submitted via contact forms, payment confirmation forms, and studio inquiry forms.

1.2 Information collected automatically

  • Session data — an encrypted session cookie is set when you sign in; it contains only your user ID and role.
  • Usage logs — server-side logs may record API request timestamps, IP addresses, and error details for operational purposes.
  • We do not use third-party analytics trackers or advertising cookies.

1.3 Payment information

All payments are processed by Razorpay. We do not store your card details, UPI IDs, or bank credentials. We only retain the Razorpay order ID, payment ID, method, and amount for invoice and record-keeping purposes.

2. How We Use Your Information

  • To create and manage your account.
  • To send you a verification email when you register.
  • To send enrollment confirmation, class reminders, and session start notifications by email.
  • To generate invoices and payment receipts.
  • To manage class attendance records.
  • To enable teachers and administrators to see student enrolment and attendance within the platform.
  • To respond to your contact and inquiry submissions.
  • To improve platform reliability by analysing error logs.

3. How We Share Your Information

We do not sell or rent your personal data to any third party. We share limited data only as follows:

  • Razorpay — your name and email are shared to create a Razorpay payment order. Razorpay's privacy policy governs their use of this data.
  • Google — if your class uses Google Meet links, the session link is provisioned via the Google Calendar API using the institute admin's connected Google account. No student personal data is sent to Google for this purpose.
  • Email delivery — we use your own SMTP server (configured per-institute) to send transactional email. No email marketing platform receives your data.
  • Administrators and teachers — institute admins can view your profile, enrollment, and attendance. Teachers can view the attendance roster for their assigned class.

4. Data Retention

  • Your account and associated records are retained for as long as your account is active.
  • You may request account deletion from Dashboard → Profile → Delete Account. This permanently removes your profile, enrollments, orders, and payments.
  • If your account is linked to active enrollments, you may be asked to contact an administrator for assisted deletion.
  • Email verification tokens expire after 24 hours. Password reset tokens expire after 1 hour.

5. Data Security

  • Passwords are hashed using bcrypt before storage. We never store plain-text passwords.
  • Integration credentials (Razorpay secret, SMTP password) are encrypted at rest using AES-256 before storing in the database.
  • Session cookies are HTTP-only and secure in production.
  • All data is stored in a MongoDB database accessible only to authorised application servers.

6. Your Rights

You have the right to:

  • Access — view your profile and all data associated with your account from your dashboard.
  • Correction — update your name, contact details, and profile information at any time.
  • Deletion — delete your account from your dashboard profile page.
  • Portability — contact us to request a copy of your personal data.
  • Opt-out of email — contact us to stop receiving non-essential emails. Transactional emails (verification, enrollment confirmation) cannot be opted out of as they are required for the service.

7. Cookies

We use a single session cookie (kyk_session) that is strictly necessary for authentication. It is HTTP-only, does not track browsing behaviour, and expires when you sign out or after a set period of inactivity. No third-party cookies are set.

8. Children's Privacy

Our platform is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Continued use of the platform after changes constitutes acceptance.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us via the contact page.

Terms of Service →Contact Us →