Privacy Policy

1. Introduction & Scope

Orbit AI LMS ("Orbit", "we", "us", or "our") operates an AI-powered learning management system designed for JEE and NEET exam preparation. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at getorbit.in.

This policy applies to all users of our service, including students, parents, and instructors. By using Orbit, you consent to all data practices described in this policy.

2. Information We Collect

2.1 Account Information (Google OAuth)

When you sign in with Google, we collect:

• Email address
• Full name
• Profile picture
• Google account identifier

2.2 Profile Information

Information you provide during onboarding:

• Target exam (JEE/NEET)
• Class/Grade level
• Target year
• Daily study commitment preferences

2.3 Learning Activity Data

To personalize your learning experience, we collect:

• Topics and chapters you access
• Time spent on each topic
• Practice question attempts and responses
• Quiz and exam scores
• Video watch progress
• Learning path progression

2.4 AI-Generated Data

Our AI system generates and stores:

• Concept mastery scores and predictions
• Knowledge gap analysis
• Personalized study plan recommendations
• Spaced repetition scheduling data (FSRS algorithm state)
• Adaptive learning parameters

2.5 Technical Data

• IP address and approximate location
• Browser type and version
• Device information
• Session timestamps and duration
• Error logs for troubleshooting

3. How We Use Your Information

We use the collected information for the following purposes, and any other purpose we deem necessary for our legitimate business interests:

• Providing educational services: Delivering personalized learning content, tracking your progress, and generating study recommendations
• AI personalization: Using Google Gemini AI to analyze your learning patterns and provide customized explanations, practice questions, and study plans
• Account management: Creating and maintaining your account, authenticating your identity
• Communication: Sending important account notifications, study reminders, and progress updates
• Service improvement: Analyzing usage patterns to improve our platform and AI systems
• AI training: Using anonymized or aggregated data to train and improve our AI models
• Research and analytics: Conducting internal research on learning patterns and platform usage
• Business operations: Supporting our business operations, including product development and strategic planning
• Legal compliance: Meeting our obligations under applicable law
• Any other lawful purpose: As permitted by applicable law and consistent with our Terms of Service

4. AI and Automated Decision-Making

4.1 How AI Processes Your Data

Orbit uses Google Gemini AI to enhance your learning experience. When you interact with our platform:

• Your questions and learning context are sent to Google Gemini API to generate personalized explanations
• Your performance data is analyzed to identify knowledge gaps and strengths
• AI determines optimal review schedules based on the FSRS spaced repetition algorithm
• Study plans are dynamically adjusted based on your progress

4.2 What AI Infers About You

Our AI system infers:

• Your mastery level for each concept
• Predicted knowledge retention curves
• Optimal difficulty levels for practice questions
• Topics requiring additional review

4.3 AI Decision Limitations

You acknowledge that:

• AI decisions are automated and may contain errors
• We are NOT obligated to explain AI decision-making processes
• Grievance review is discretionary and non-binding
• You assume all risks associated with AI-generated recommendations
• AI outputs do not constitute professional educational advice

5. Information Sharing

We share your information with the following third parties for the stated purposes:

We do NOT:

• Sell your personal data to third parties
• Share your data with advertisers
• Use your data for targeted advertising
• Share individual learning data without your consent (except as required by law)

6. Children's Privacy

6.1 Parental Consent Requirement

If you are under 18 years of age:

• You must have your parent or legal guardian provide consent before creating an account
• We verify parental consent through email confirmation and parent/guardian phone number verification
• Additional verification methods may be required at our discretion
• Parents/guardians may access their child's account data upon request
• Parents/guardians may request deletion of their child's data at any time
• Parents/guardians may revoke consent, which will result in account deactivation

6.2 Additional Protections for Minors

For users under 18, we:

• Do NOT engage in behavioral profiling for advertising purposes
• Do NOT share data with third-party advertisers
• Do NOT track activity beyond what is necessary for educational services
• Limit data collection to what is strictly necessary for learning
• Provide enhanced data protection measures

6.3 School/Institution Access

If access is provided through a school or coaching institution, the institution is responsible for obtaining necessary parental consents. Schools may act as agents for parental consent for educational purposes only.

7. Data Retention

We retain your data for the following periods:

Upon account deletion request, we will remove your data within 30 days, except where retention is required for legal compliance, dispute resolution, or enforcement of our Terms of Service.

8. Data Security

We implement industry-standard security measures:

• Encryption: AES-256 encryption at rest, TLS 1.3 for data in transit
• Access controls: Role-based access limiting data access to authorized personnel
• Authentication: Secure OAuth 2.0 authentication via Google
• Infrastructure: Hosted on Supabase (AWS infrastructure) with enterprise security
• Monitoring: Continuous security monitoring and incident response procedures

9. Your Rights

9.1 Under India's DPDP Act 2023

• Right to Access: Request all personal data we hold about you
• Right to Correction: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Grievance Redressal: File complaints about data handling
• Right to Nominate: Nominate someone to exercise rights in case of death or incapacity

9.2 How to Exercise Your Rights

To exercise any of these rights:

• Email us at legal@getorbit.in
• Use the account settings to delete your account
• We will respond within 30 days
• We may verify your identity before processing requests

9.3 Data Portability

You can export your learning data in JSON format through your account settings or by requesting an export via email.

10. International Data Transfers

Your data may be transferred to and processed in countries outside India, specifically:

• United States: Supabase infrastructure (AWS), Google Cloud services

We ensure appropriate safeguards are in place for international transfers, including contractual protections with our service providers. Supabase maintains SOC 2 Type II compliance and provides Data Processing Agreements.

11. Changes to This Policy

Orbit reserves the right to modify this Privacy Policy at any time, for any reason.

• Material changes: 7 days advance notice via email to your registered address
• Non-material changes: Take effect immediately upon posting
• The "Last Updated" date indicates when the policy was last modified
• Orbit determines in its sole discretion what constitutes a "material" change
• It is YOUR responsibility to maintain a valid email address
• Continued use = acceptance of the modified policy

If you do not agree to any modification, your sole remedy is to immediately stop using Orbit and delete your account. You have no right to claim damages for any policy modification.

12. Limitation of Liability

12.1 Absolute Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY LAW, ORBIT'S TOTAL AGGREGATE LIABILITY FOR ANY AND ALL CLAIMS ARISING FROM OR RELATED TO DATA PROCESSING, PRIVACY BREACHES, DATA LOSS, OR ANY OTHER MATTER COVERED BY THIS PRIVACY POLICY SHALL NOT EXCEED THE GREATER OF: (A) FEES PAID BY YOU IN THE PRECEDING 12 MONTHS, OR (B) ₹100.

12.2 Excluded Damages

IN NO EVENT SHALL ORBIT BE LIABLE FOR:

• Data breaches at Orbit or any third-party provider (Google, Supabase, AWS)
• Data loss, corruption, or unauthorized access
• Identity theft or fraud resulting from data exposure
• Emotional distress from privacy violations
• Reputational harm from data exposure
• Indirect, incidental, special, consequential, or punitive damages
• Any other damages arising from our data practices

12.3 Assumption of Risk

By using Orbit, you expressly assume ALL risks related to your data, including:

• Risk of data breaches or unauthorized access
• Risk of data being transferred to or stored in foreign countries
• Risk of third-party service failures (Google, Supabase)
• Risk of data loss during service interruptions
• Risk of AI systems processing your data in unexpected ways
• Risk of changes to data practices without notice
• Any and all other risks related to your data

12.4 User Acknowledgment

You expressly acknowledge that you have been fully informed of the risks of sharing data with Orbit, you voluntarily assume ALL such risks, and you waive any right to claim damages from Orbit for data-related issues. This limitation is a fundamental element of the agreement between you and Orbit.

13. Contact Information