Privacy Policy

EKSAQ India Private Limited (CIN: U85302TS2024PTC181617), operating under the brand “EKSAQ”, is the creator, owner, and publisher of the FLN (the “App”). The App is an educational technology platform designed to enhance learning and development through digital means.

This Privacy Policy (“Policy”) applies to:

• All users of the FLN app, including students, parents, guardians, and educators
• Visitors to our website at eksaq.in
• Any person who contacts us or provides personal information in any form

This Policy is incorporated into and forms part of the Terms of Use of the App and must be read in conjunction with those Terms.

This Privacy Policy governs the collection, processing, storage, and sharing of personal data by EKSAQ India Private Limited (“EKSAQ,” “we,” “us,” or “the Company”) through EKSAQ’s mobile application FLN and related digital platforms. By using the App, you consent to the practices described herein. Please read this document carefully before using our Services.

We collect the following categories of personal data in the course of providing our Services. All data is transmitted using encrypted connections. We do not collect data in ways not described in this Policy.

3.1 Personal Information

Core identity and contact details collected during account registration: name, email address, username and password, phone number, and mailing address. Gender and profile photograph may also be collected to personalise your experience.

3.2 Media and Files

Where users choose to upload content as part of their educational activities, we may collect photos, videos, audio recordings, and other documents. All such media uploads are entirely voluntary and user-initiated.

3.3 App Activity Data

Data about how you interact with the App, including in-app search history and content you engage with. User-generated content such as notes, responses, or submissions may also be collected.

3.4 Health and Fitness Information

Where relevant to particular educational programmes, we may collect health or fitness-related information that you voluntarily provide. This is optional and used only in direct support of the specific programme.

3.5 Device and Technical Identifiers

Device identifiers and similar technical information to identify the device on which you are using the App, necessary for platform security, account management, and fraud prevention.

3.6 Automatically Collected Data

When you access the App, our servers automatically record: IP address, browser type, device configuration, date and time of requests, pages viewed, session duration, cookie identifiers, and internet connection information.

3.7 Data We Do NOT Collect

We process your personal data only when we have a valid legal basis to do so.

5.1 Consent

Where you have given clear, informed, and voluntary consent to process your data for a specific purpose — for example, receiving marketing communications or processing sensitive personal data you have chosen to provide. You may withdraw consent at any time.

5.2 Performance of Contract

Processing required to deliver the Services you have requested, such as creating and maintaining your account and providing access to course content.

5.3 Legal Obligation

Where we are required by applicable Indian law or regulation to collect, retain, or disclose certain personal data, including obligations under tax law, anti-fraud regulations, the IT Act, and the DPDPA.

5.4 Legitimate Interests

Where processing is necessary for our legitimate business interests — improving and securing the App, preventing misuse, and conducting internal analytics — provided those interests are not overridden by your fundamental rights and freedoms.

5.5 Protection of Vital Interests

In rare circumstances, where processing is necessary to protect the vital interests of you or another person, for instance in an emergency involving health or safety.

7.1 Service Providers and Processors

Trusted third-party service providers who process data on our behalf under strict data processing agreements — such as cloud hosting providers and payment gateway operators. All processors are contractually required to process data only as instructed by us.

7.2 Group Companies and Affiliates

We may share data within the EKSAQ group of companies for the purposes of providing and improving our Services.

7.3 Legal Requirements

We may disclose personal data to government authorities, regulators, courts, or law enforcement agencies where required by law, court order, or regulatory authority. Only the minimum information required to comply will be disclosed.

7.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the acquiring entity, subject to equivalent privacy protections. You will be notified as required by law.

7.5 Fraud Prevention and Credit Risk

We may exchange information with third parties for fraud protection and credit risk reduction purposes, where permitted by law.

7.6 Third-Party Links

The App may contain links to third-party websites and services. EKSAQ is not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies.

We implement comprehensive technical, administrative, and physical security measures to protect your personal data.

9.1 Technical Safeguards

• Standard SSL/TLS encryption for all data transmitted between your device and our servers
• Passwords stored using bcrypt hashing (one-way encryption) — plaintext passwords are never stored
• Firewalls and intrusion detection systems to protect our network infrastructure
• Encrypted data storage on secure servers located in Hyderabad, India
• Regular security audits and vulnerability assessments
• Access controls and role-based permissions limiting staff access to personal data

9.2 Administrative Safeguards

• Staff training on data handling, privacy obligations, and security procedures
• Data processing agreements with all third-party processors
• Internal data governance policies and procedures
• Regular review of security practices and incident response plans

9.3 Physical Safeguards

• Physical access controls to our data centres and office premises
• Secure disposal of physical records containing personal data

EKSAQ is an educational platform that may be used by children. We take the privacy and safety of minors extremely seriously. Our practices comply with the POCSO Act 2012, IT Rules 2023, DPDPA, and the Google Play Families Policy.

11.1 Age Restrictions and Parental Consent

• We do not knowingly collect personal information from children under the age of 13 without verifiable parental or guardian consent.
• For children aged 13 to 17, parental or guardian consent is required prior to account registration.
• Consent may be verified through credit card verification, a signed consent form by email, or a direct call with our customer service team.

11.2 What We Collect from Children

Information collected from children includes: name, age, educational progress data, and content submitted in the course of using the App. This is used solely to provide and improve the educational experience and to provide progress feedback to parents or guardians.

11.3 Parental Rights and Controls

• Parents and guardians have full access to their child’s account settings and can review, manage, and delete their child’s personal data at any time.
• Parents can monitor their child’s educational progress, screen time, and interactions within the App.
• Tools are provided to set usage limits and receive regular activity reports.
• Parents may withdraw consent at any time by contacting our Grievance Officer.

11.4 Safeguards for Children’s Data

• Children’s personal data is never shared with third parties for marketing or advertising purposes.
• Data shared with service providers is subject to strict data protection obligations.
• We employ robust encryption, secure servers, and regular security audits to protect children’s data.
• Staff members who handle children’s data receive specialist training in child data protection compliance.

In the event of a personal data breach, we will:

• Initiate an internal investigation immediately upon becoming aware of the breach.
• Report to the relevant supervisory authority within 72 hours where the breach is likely to result in risk to individuals’ rights and freedoms.
• Notify affected individuals directly if the breach is likely to result in high risk to their rights and freedoms.
• Issue a public notice without undue delay where the severity warrants it.
• Maintain a record of all data breaches, including facts, effects, and remedial action taken.

If you become aware of a potential security issue, please report it immediately to support@eksaq.in.

We review and update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The date of the most recent revision is indicated at the top of this document.

• Registered users will be notified of material changes by email or in-app notification prior to changes taking effect.
• Visitors and non-registered users are advised to review this Policy regularly. Continued use of the App following notification constitutes acceptance of the revised Policy.
• Where changes affect children’s data, parents and guardians will be specifically notified and re-consent will be obtained where required.

In accordance with the IT Act and SPDI Rules, EKSAQ has appointed a Grievance Officer to address queries, concerns, and complaints relating to this Privacy Policy. The Grievance Officer will address your grievance within 30 days of receipt.