10minJEE is operated by EAZEALLIANCE SERVICES PRIVATE LIMITED, registered in India. GST: 09AAHCE2255K1ZF. We are the data fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act).

This policy explains what data we collect, why, how we use it, and your rights. It applies to all users of 10minjee.com.

• Account data: name, email address, hashed password. Collected at registration.
• Kid accounts: a 6-character login code and the parent account it is linked to. No email is collected from student/kid accounts.
• Learning progress: your Bloom level per sub-concept, quiz scores, and session history. Stored to personalise your study plan.
• Payment metadata: Razorpay payment ID, order ID, amount, and status. We never receive or store card numbers, CVV, or bank details — those go directly to Razorpay.
• Referral data: your referral code and who you referred (by user ID only).
• Usage data: pages visited, sessions completed, general interaction patterns. Used to improve the platform.

• To deliver personalised JEE prep sessions based on your Bloom level.
• To process payments for paid plans via Razorpay.
• To send weekly progress emails (Sunday mornings) if you registered with an email.
• To send OTP verification codes during registration.
• To track referrals and credit free months.
• To improve the platform.

We do not sell your data. We do not share your data with third parties for advertising.

• Convex (US): application database and backend.
• Resend (US): transactional email (OTPs, weekly progress reports).
• Razorpay (India): payment processing. Card data never touches our servers.
• Vercel (US): website hosting.

We do not share your data with anyone outside this list.

• Active accounts: retained while account exists, plus 18 months after last sign-in.
• Learning progress: retained for the lifetime of your account.
• Payment records: retained for 7 years under Indian tax law.
• OTP codes: deleted after use or after 10-minute expiry.
• Closed accounts: deleted within 30 days of a closure request, except payment records.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Request erasure (subject to the 7-year payment record exception).
• Withdraw consent for processing at any time.
• Raise a complaint with the Data Protection Board of India.

To exercise any right, email amit_tyagi2012@pgp.isb.edu with subject line “Data request”. We respond within 30 days.

We use a single session cookie for authentication. We do not use third-party behavioural tracking cookies, session-replay tools, or advertising pixels.

All data is encrypted in transit (HTTPS/TLS) and at rest. Passwords are hashed using bcrypt and never stored in plaintext. We will notify affected users within 72 hours of any confirmed breach.

As required by the IT (Intermediary Guidelines) Rules 2021 and DPDP Act 2023, our Grievance Officer is Amit Tyagi, reachable at amit_tyagi2012@pgp.isb.edu. We acknowledge complaints within 48 hours and resolve them within 15 days.

We may update this policy. Material changes will be emailed to your registered address at least 7 days before taking effect.