Privacy Policy

1. Definitions

In this Privacy Policy, “Company”, “we”, “us”, or “our” refers to Canvas Classes, operator of the Crucible platform at canvasclasses.in (the “Platform”). “User”, “you”, or “your” refers to any individual who accesses or uses the Platform. “Personal Data” means any information relating to an identified or identifiable individual. “Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion. “Sub-processor” means a third-party service provider engaged by the Company to Process Personal Data on the Company’s behalf in the course of operating the Platform.

2. Scope and Consent

This Privacy Policy governs the Processing of Personal Data by the Company in connection with the Platform. By creating an account or otherwise using the Platform, you signify your acceptance of this Policy and consent to the Processing of your Personal Data in accordance with its terms. If you do not agree with any part of this Policy, you must not use the Platform.

3. Information We Collect

We collect the following categories of data:

(a) Account Information. When you register, we collect your email address and, if you sign in via Google, the basic profile information Google discloses to us (name and profile picture, where provided).

(b) Practice and Progress Data. The questions you attempt, your answers, the duration of your practice sessions, and any flags or reports you submit. This data is linked to your account so the Platform can show your progress and improve its recommendations.

(c) Automatic Telemetry. Aggregated technical information such as pages visited, approximate country, device type, browser, and referring URL. Error reports generated by our monitoring tools include the page URL, browser and operating system, and the error stack trace; they do not include your name, email, or the content of any question or answer. Your IP address is processed transiently by our hosting and error-monitoring Sub-processors for security, fraud-detection, and diagnostic purposes and is not retained in any user-identifiable analytics record.

4. Purpose of Processing

We Process your Personal Data solely for the operation, maintenance, and improvement of the Platform. Specifically, we use the data to (i) authenticate you and secure your account, (ii) display your learning progress and deliver the adaptive-practice features of the Platform, (iii) diagnose and fix technical errors, and (iv) analyse aggregate, non-identifying usage patterns so we can build better features for our users. We do not use your Personal Data for any purpose that is incompatible with these stated purposes.

6. Sub-processors

We engage third-party service providers (“sub-processors”) to operate the Platform. We disclose them by category below. Each is bound by written data-protection terms, and none receives your name, email, phone number, or the content of the questions or answers you interact with on the Platform.

• Authentication and session provider — maintains your login session.
• Managed database provider — stores the question bank and your practice history.
• Hosting and edge-delivery provider — serves web pages and collects aggregate page-view analytics.
• Error-monitoring provider — captures technical error traces. Personal identifiers are suppressed.
• Product-analytics provider — records aggregated feature usage and funnel metrics. No direct identifiers are transmitted.
• Session-replay and heatmap provider — produces anonymised session heatmaps. All text is masked.
• Object-storage provider — stores static assets such as images and diagrams. Contains no user data.

The current list of named sub-processors is available on written request to the Grievance Officer at the address in Section 14.

7. Cookies and Similar Technologies

The Platform uses session cookies necessary for authentication and to remember your preferences. We do not use third-party advertising cookies and we do not build a cross-site advertising profile of you.

8. Data Retention

We retain Personal Data only for as long as is necessary for the purposes set out in Section 4 of this Policy, or as required by applicable law. The specific retention windows are as follows:

• Account information and practice history— retained for the duration of your account. On receipt of a verified deletion request, such data is erased within thirty (30) days, save for any data we are legally required to retain.
• Aggregated product analytics — retained for a rolling period of twenty-four (24) months, after which the data is either deleted or irreversibly anonymised and thereafter no longer constitutes Personal Data.
• Error-monitoring records — retained for ninety (90) days from the date of capture and thereafter deleted automatically.
• Session-replay recordings — retained for thirty (30) days from the date of capture and thereafter deleted automatically.
• Authentication logs — retained for up to twelve (12) months for security and fraud-prevention purposes.

Following expiry of the applicable retention window, Personal Data is either deleted or irreversibly anonymised in accordance with our internal data-lifecycle procedures.

9. Data Security

We employ industry-standard technical and organisational measures to protect Personal Data, including encryption in transit (HTTPS across all endpoints), access controls on administrative interfaces, least-privilege service credentials, and regular review of our authentication and session-management configuration. No system is perfectly secure, and we cannot guarantee absolute security; however, we continuously work to improve the Platform’s security posture.

In the event of a personal data breach that is likely to result in a risk to the rights or interests of affected Users, the Company shall, in accordance with Section 8(6) of the Digital Personal Data Protection Act, 2023, intimate the Data Protection Board of India and each affected User without undue delay and in the manner prescribed under applicable law. Such intimation shall, to the extent reasonably ascertainable at the time, set out the nature of the breach, the categories of Personal Data affected, the likely consequences, and the measures taken or proposed to be taken to mitigate the breach.

10. Your Rights

Subject to applicable law, you have the right to (a) access the Personal Data we hold about you, (b) request correction of inaccurate or incomplete data, (c) request deletion of your data and termination of your account, (d) withdraw, at any time, any consent previously given for the Processing of your Personal Data, and (e) nominate another individual to exercise your rights under this Policy in the event of your death or incapacity.

Withdrawal of Consent. The withdrawal of consent shall not affect the lawfulness of Processing carried out prior to such withdrawal. Where continued use of the Platform is contingent on the Processing of Personal Data in respect of which consent has been withdrawn, such withdrawal will result in termination of your account and the consequent cessation of access to the Platform.

To exercise any of the rights set out above, please write to us at support@canvasclasses.in. We will acknowledge your request within seven (7) business days and substantively respond within thirty (30) days of receipt, save where a longer period is permitted by applicable law.

11. Users Under 18

The Platform is designed for students preparing for JEE, NEET, and CBSE examinations. We recognise that a substantial portion of our user base is under the age of eighteen. By creating an account and accepting this Policy, the User and, where the User is a minor, the User’s parent or legal guardian, jointly acknowledge and consent to the Processing of the User’s Personal Data as described in this Policy. A parent or legal guardian who becomes aware that their minor child has provided Personal Data to the Platform may, at any time, request review, correction, or deletion of that data by contacting us at the email address in Section 10.

12. International Data Transfers

The Sub-processors engaged by the Company may store and Process Personal Data in jurisdictions outside India, including, without limitation, the United States, the European Union, and Singapore. We engage only Sub-processors that are subject to recognised data-protection frameworks, or that are bound by equivalent contractual safeguards, ensuring a level of protection substantially comparable to that provided under this Policy and applicable Indian law. By accepting this Policy, you consent to such transfers to the extent permitted by Section 16 of the Digital Personal Data Protection Act, 2023 and any restrictions notified thereunder.

13. Changes to This Policy

We may update this Policy from time to time. Each update is reflected in a change to the version number displayed at the top of this page. On any material change, existing users will be prompted to review and re-accept the updated Policy on their next sign-in to the Platform. Continued use of the Platform after a material change constitutes acceptance of the updated Policy.

14. Grievance Officer

In accordance with Section 10 of the Digital Personal Data Protection Act, 2023 and Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the contact details of the Grievance Officer designated by the Company for the receipt and redressal of complaints concerning the Processing of Personal Data are as follows:

Name: Paaras Thakur
Designation: Founder, Canvas Classes
Email: support@canvasclasses.in

The Grievance Officer shall acknowledge every complaint within seven (7) business days and endeavour to resolve it within the timelines prescribed under applicable law.

15. Governing Law and Jurisdiction

This Policy is governed by and construed in accordance with the laws of the Republic of India. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts in Mandi (H.P.), India.

16. Contact Information

If you have any questions about this Policy or our Processing of your Personal Data, please write to us at support@canvasclasses.in.