This Privacy Policy (“Policy”) describes how STEMVentor Educonsulting (“Company,” “we,” “us,” or “our”) collects, uses, stores, protects, and handles personal data in relation to all products, services, and digital content (“Products”) offered through this website at https://www.stemventor.com and the digital learning platform at https://lms.stemventor.com.

This Policy applies to all users of our Products, including students, parents, guardians, and educators. By accessing or using our Products, you agree to the terms of this Policy. If you do not agree, please discontinue use immediately.

This Policy is issued in compliance with the Information Technology Act, 2000; the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and the Digital Personal Data Protection Act, 2023 (DPDPA 2023) of India.

1. Key Definitions

Personal Data means any data about an individual who is identifiable by or in relation to such data.

Data Principal means the individual to whom the Personal Data relates. Where the Data Principal is a minor, this includes their parent or lawful guardian.

Data Fiduciary means the Company, which alone or in conjunction with others determines the purpose and means of processing Personal Data.

Processing means any automated or manual operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.

Minor means any individual below the age of 18 years, as defined under Indian law.

Child means any individual below the age of 13 years.

Consent means a free, informed, specific, clear, and unambiguous affirmative act by a Data Principal indicating agreement to the processing of their Personal Data.

2. Age Requirements and Parental Consent

2.1 Minimum Age

Our Products are intended for users who are 13 years of age or older. We do not knowingly permit anyone below the age of 13 to register for or use our Products. If we become aware that a child below the age of 13 has provided us with Personal Data without verifiable parental consent, we will take immediate steps to delete such data from our systems.

2.2 Users Between 13 and 17 Years (Minors)

In accordance with the DPDPA 2023, where a user is a minor (aged 13 to 17 years), the following apply:

• Registration and use of our Products by a minor requires verifiable parental or guardian consent before any Personal Data is collected or processed.
• The parent or guardian must provide consent through the verification mechanism presented at the time of registration. This may include a consent form, a guardian’s email confirmation, or such other method as required by applicable law.
• By completing the registration process on behalf of a minor, the parent or guardian represents that they have the authority to provide such consent and agree to this Policy on the minor’s behalf.
• We will not process a minor’s Personal Data beyond what is necessary to provide the educational services requested, and will not use such data for any marketing, profiling, or promotional purpose.

If a parent or guardian believes their child has registered without their consent, they should contact us immediately at support@stemventor.com.

3. Personal Data We Collect

3.1 Registration and Account Data

When you register on our platform or purchase a product or service, we collect:

• Full name
• Email address
• Mobile or phone number
• Date of birth or age (to verify eligibility and apply appropriate protections for minors)
• Gender (optional)
• Name of educational institution or organisation (optional)
• Postal address (street, city, state, PIN code, and country)

3.2 Payment and Billing Data

When you purchase a product or subscribe to our services, we collect your billing name and billing address. We do not collect, store, or process any bank account numbers, credit or debit card numbers, UPI credentials, or any other financial credentials. All payment transactions are processed directly by our third-party payment gateway partner, which is independently compliant with applicable financial data security standards (such as PCI-DSS). You should never share your financial credentials with us or with anyone claiming to represent us.

3.3 Usage and Technical Data

When you use our Products, we automatically collect certain technical and usage data, including:

• IP address and approximate geographic location derived from it
• Browser type and version
• Device type, operating system, and unique device identifiers
• Pages and content accessed, time and date of access, and duration of sessions
• Referring website or source through which you accessed our Products

3.4 Content and Communications Data

We collect content you voluntarily submit, such as:

• Comments, questions, or responses posted on our platform or website
• Communications you send to us by email, phone, or chat

3.5 Google Authentication Data

If you choose to log in using your Google account (via Google OAuth), we receive only your name and email address — the information you authorise at the time of login. We do not receive your Google password or any other credentials. We do not offer or accept login through any other third-party authentication provider, including Facebook, Twitter/X, Apple, or any other social media platform.

4. How We Collect Your Data

We collect Personal Data through the following means:

• Directly from you, when you register an account, make a purchase, contact us, or submit content on our platform.
• Automatically, through cookies, web beacons, and analytics tools when you interact with our website or platform.
• From Google, if you choose to log in using Google OAuth, as described in Section 3.5 above. We receive only your name and email address.

We use Google Analytics to collect anonymised, aggregated usage data about how our website and platform are used. No personally identifiable information is shared with Google Analytics.

5. How We Use Your Personal Data

We process your Personal Data only for the following specific, lawful purposes:

5.1 To Provide and Manage Our Services

• To create and manage your account
• To deliver the educational products and services you have purchased or enrolled in
• To process transactions and send you purchase confirmations and receipts
• To verify age and, where applicable, obtain and record parental consent

5.2 To Communicate With You

• To respond to your queries, requests, and support issues
• To send you essential service communications, including security alerts, policy updates, and technical notices
• To send you information about events, contests, or activities you have registered for

5.3 To Personalise and Improve Our Services

• To customise your learning experience based on your usage and preferences
• To analyse usage trends and improve our platform, content, and services
• To conduct internal research, testing, and quality assurance

5.4 For Safety and Security

• To detect, prevent, and address fraud, abuse, or unauthorised access
• To protect the safety of users, particularly minors, on our platform
• To enforce our Terms of Service and other applicable policies

5.5 For Legal Compliance

• To comply with applicable laws, regulations, and legal obligations
• To respond to lawful requests from regulatory or law enforcement authorities

5.6 Marketing Communications (Adult Users Only)

For users who are 18 years or older, we may send promotional emails or notifications about new products, features, or offers from us. You may opt out of marketing communications at any time by clicking the unsubscribe link in any such communication or by contacting us as described in Section 9.

We do not send marketing or promotional communications to users identified as minors (under 18 years of age), and we do not enrol minors in any newsletter or promotional mailing list.

6. Sharing of Your Personal Data

We do not sell, rent, trade, or share your Personal Data with any third parties for their own marketing or commercial purposes.

Your Personal Data may be disclosed only in the following strictly limited circumstances:

6.1 Service Providers Acting on Our Behalf

We engage carefully selected service providers (data processors) who process Personal Data solely on our instructions, for the purpose of operating and improving our Products. These include:

• Our payment gateway partner, for processing financial transactions only
• Cloud infrastructure and hosting providers, for storing and running our platform
• Email service providers, for sending transactional and service communications

All such service providers are bound by contractual obligations to process your data only as instructed by us, maintain appropriate security standards, and comply with applicable data protection laws.

6.2 Legal Obligations

We may disclose your Personal Data to government authorities, courts, or law enforcement agencies where required by applicable Indian law, or where disclosure is necessary to:

• Comply with a legal obligation or court order
• Protect the rights, property, or safety of our users, the Company, or the public
• Prevent or investigate illegal activity or misuse of our Products

6.3 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or a part of our business, your Personal Data may be transferred to the acquiring entity, subject to the acquiring entity’s agreement to uphold the commitments in this Policy. We will notify you in advance of any such transfer through a notice on our website.

No data will be shared for any other purpose without your explicit prior consent.

7. Our Use of Google Services

7.1 Google OAuth (Login)

To use some features the platform requires you to login using your Google account via Google’s OAuth service. If you choose to login:

• We receive only your name and email address from Google — the information you have authorised to be shared
• We do not receive your Google account password, payment details, contacts, or any other data from your Google account
• We store your name and email solely to create and manage your platform account

If you prefer not to login, you can still use the platform without the features that need a login.

7.2 Google Analytics

We use Google Analytics to understand how users interact with our website and platform. All data sent to Google Analytics is anonymised before transmission — no personally identifiable information (such as your name or email) is shared with Google through this service. For information on how Google processes data sent by this website, please refer to the Google Privacy Policy at https://policies.google.com/privacy.

8. Retention of Your Personal Data

We retain your Personal Data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by law. Our general retention periods are as follows:

• Account and registration data: Retained for the duration of your active account, and for 3 years after account closure.
• Purchase and billing records: Retained for 7 years from the date of transaction, as required under Indian financial and tax regulations.
• Usage and technical data (logs): Retained for a maximum of 12 months from the date of collection.
• Communications and support records: Retained for 2 years from the date of the interaction.

When your Personal Data is no longer required, we will securely delete or anonymise it. Where a user is a minor and their account is closed before they turn 18, their data will be deleted within 30 days of account closure unless we are legally required to retain it.

9. Your Rights as a Data Principal

Under the DPDPA 2023 and applicable Indian law, you (and, where applicable, your parent or guardian) have the following rights with respect to your Personal Data:

• Right to Access: Obtain confirmation and a summary of the Personal Data we hold about you.
• Right to Correction: Request correction of any inaccurate or incomplete Personal Data we hold.
• Right to Erasure: Request deletion of your Personal Data when it is no longer necessary, or when you withdraw consent, subject to any legal obligations that require us to retain certain data.
• Right to Withdraw Consent: Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
• Right to Grievance Redressal: Have any grievance regarding the processing of your Personal Data addressed by us in a timely and effective manner.
• Right to Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity.
• Right to approach the Data Protection Board of India: If you are not satisfied with our response to your grievance, you have the right to approach the Data Protection Board of India, once constituted under the DPDPA 2023, for further redressal.

To exercise any of the above rights, please contact our Grievance Officer as detailed in Section 10. We will respond to verified requests within 30 days.

10. Grievance Officer and Contact Details

In accordance with the Information Technology Act, 2000 and the DPDPA 2023, we have designated a Grievance Officer to address any concerns or complaints regarding this Policy or our data processing practices.

Name: Vikas Mujumdar
Designation: Proprietor, STEMVentor Educonsulting
Email: support@stemventor.com
Postal Address: 501, Kalpana, Talmiki Road, Santacruz (West), Mumbai 400054, India
Availability: Monday to Friday, 10:00 AM to 5:00 PM IST (excluding public holidays)

We will acknowledge receipt of your grievance within 48 hours and endeavour to resolve it within 30 days of receipt.

For parental consent matters, withdrawal of consent for a minor’s account, or to report that a child below 13 years has registered without authorisation, please write to support@stemventor.com with the subject line “Minor Account — Urgent.”

11. Security of Your Personal Data

The security of your Personal Data is important to us. We implement appropriate technical and organisational measures to protect your Personal Data against unauthorised access, loss, destruction, or misuse. These measures include:

• Encryption of data in transit using industry-standard TLS/SSL protocols
• Access controls limiting access to Personal Data to authorised personnel only
• Regular security assessments and audits of our systems and practices
• Secure storage of data on servers maintained by reputable cloud infrastructure providers

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your Personal Data using commercially reasonable means, we cannot guarantee absolute security. In the event of a data breach likely to adversely affect your rights, we will notify you and the relevant authorities as required by applicable law.

12. Transfer of Personal Data Outside India

Your Personal Data is primarily stored and processed within India. In certain limited circumstances, your data may be transferred to and processed by our service providers in countries outside India (for example, cloud hosting infrastructure). Such transfers will only be made to countries that have been notified by the Central Government of India as permitting data transfers under the DPDPA 2023, or where adequate contractual safeguards have been put in place to protect your data.

By using our Products and providing your Personal Data, you acknowledge that your data may be transferred, stored, and processed outside your state or country of residence, subject to the protections described in this Policy.

13. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience on our website and platform and to collect usage data. Types of cookies we use:

• Essential cookies: Necessary for the basic functioning of our website and platform (e.g., login sessions). These cannot be disabled.
• Analytics cookies: Used to collect anonymised data about how users interact with our Products (via Google Analytics). These help us improve our platform.
• Preference cookies: Used to remember your settings and preferences.

You may control or disable non-essential cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our Products.

14. Links to Third-Party Websites

Our Products may contain links to external websites or resources not operated by us. These links are provided for your convenience and information only. We have no control over the content, privacy policies, or practices of any third-party websites, and we are not responsible for them. We strongly encourage you to review the privacy policy of any external website you visit before providing any personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the nature of our Products. When we make material changes, we will:

• Update the “Last Updated” date at the top of this Policy
• Display a prominent notice on our website or platform informing users of the changes
• For significant changes affecting minors’ data or parental consent, notify registered parents or guardians by email

Your continued use of our Products after the effective date of any revised Policy constitutes your acceptance of the changes. If you do not agree to the updated Policy, please discontinue use and contact us to close your account.

16. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000, the DPDPA 2023, and all rules and regulations framed thereunder. Any disputes arising from or related to this Policy shall be subject to the exclusive jurisdiction of the competent courts in Mumbai, India.

17. Acknowledgment and Consent

By registering for or using our Products, you acknowledge that:

• You have read and understood this Privacy Policy in its entirety.
• You are at least 13 years of age, or, if you are a minor, that your parent or guardian has read and consented to this Policy on your behalf.
• You consent to the collection, use, storage, and processing of your Personal Data as described in this Policy.

If you are a parent or guardian registering on behalf of a minor, you additionally confirm that you have the legal authority to provide consent on the minor’s behalf, and that you accept this Policy on their behalf.

For questions about this Policy or to exercise your rights, please contact us at support@stemventor.com.