Entity: Eduloom Technologies OPC Pvt Ltd
Address: Mysore, Karnataka, India
Product: Chatmadi (chatmadi.com)
Effective Date: 1 January 2025
Contact: hello@chatmadi.com
This Privacy Policy governs the collection, processing, storage, disclosure, and protection of personal data by Eduloom Technologies OPC Pvt Ltd in connection with the Chatmadi platform. Prepared in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
"Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDPA. This includes names, contact information, identification numbers, location data, online identifiers, and any data specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
"Data Principal" means the individual to whom the Personal Data relates. Where such individual is a minor, the Data Principal includes the parent or lawful guardian.
"Data Fiduciary" means any person who determines the purpose and means of processing Personal Data. Schools using Chatmadi are Data Fiduciaries with respect to their students, parents, and staff data.
"Data Processor" means any person who processes Personal Data on behalf of a Data Fiduciary. The Company acts as Data Processor when processing data uploaded by schools.
"Processing" means any wholly or partly automated operation performed on digital personal data, including collection, recording, storage, retrieval, use, disclosure, erasure or destruction.
This Policy applies to all Personal Data processed in connection with the Chatmadi platform, including data from: (a) individuals who create accounts; (b) schools that upload student, parent, and staff data; (c) parents whose contact details and WhatsApp communications are processed; (d) students whose records are maintained; and (e) visitors to chatmadi.com.
This Policy does not apply to third-party websites or services linked from the platform.
Full name, email address, hashed password, role designation, date of account creation, and IP address at registration.
School name, board affiliation, city and state, geographic coordinates if provided, academic year, and optionally a school logo.
Full name, date of birth, class assignment, gender, enrollment status, academic year, and attendance percentage. Uploaded by school administrators.
Full name, mobile phone number (for WhatsApp matching), email address, and relationship to student.
Exported conversation files in .txt format containing private communications between parents and teachers. May include references to student health, family circumstances, and financial situations. Schools are responsible for ensuring appropriate authority to upload such communications.
Examination results, subject scores, grade classifications, homework records, and academic performance data.
Fee structures, payment records, outstanding balances, payment confirmation data. The Company does not process credit card or bank account details. Billing handled by Razorpay.
IP address, browser type, operating system, device type, pages accessed, feature usage patterns, error logs, and session identifiers.
Processing of account and service data is necessary to perform our contract with you.
Where we send marketing communications or use non-essential cookies, we rely on express consent. You may withdraw consent at any time.
Technical and usage data is processed for security, fraud prevention, and service improvement.
We may process data where required by law, court order, or regulatory authority direction.
For student, parent, and staff data, the Company acts as Data Processor. Schools are responsible for establishing their own lawful basis.
Chatmadi uses Claude Sonnet by Anthropic PBC. Conversation text is transmitted to Anthropic's API for processing, subject to Anthropic's privacy policy.
The AI extracts structured information from unstructured text across twenty-three defined analysis modes. It does not make autonomous decisions producing legal or significant effects without human review.
Every AI output is presented as a "detection" requiring human confirmation or dismissal. No AI output is committed to permanent records without review. This human-in-the-loop architecture is a fundamental design requirement.
The Company does not use your data to train, fine-tune, or improve AI models, whether operated by us or by Anthropic.
The system processes English, Hindi, and regional Indian languages including code-switched text. No additional personal data is collected as a result.
We process Personal Data for: (a) service provision including AI analysis, dashboards, and all product features; (b) child safety and welfare monitoring; (c) billing and subscription management via Razorpay; (d) security and fraud prevention; (e) aggregate product improvement using anonymised data only; (f) customer support; and (g) legal compliance.
Data stored on Supabase (PostgreSQL on AWS) in the Asia Pacific region.
AES-256 encryption at rest. TLS 1.3 in transit. Unencrypted HTTP rejected and redirected.
Row-level security in PostgreSQL. Each school's data logically isolated. No cross-school data access possible.
Restricted on need-to-know basis. All internal access logged and auditable.
Data retained while account is active plus twelve months after termination. Deleted data removed within thirty days of request. Billing records retained seven years per tax requirements.
(a) Anthropic PBC: AI processing. (b) Supabase Inc.: database infrastructure. (c) Vercel Inc.: hosting. (d) Razorpay Software Pvt Ltd: payment processing. All subject to data processing agreements.
Where required by valid court order, regulatory authority direction, or applicable law.
In event of merger or acquisition, data may transfer with reasonable advance notice to users.
The Company does not sell, rent, or transfer Personal Data to third parties for commercial purposes.
Data may be transferred outside India for AI processing via Anthropic's API, subject to appropriate contractual safeguards.
Obtain confirmation of processing and summary of Personal Data held.
Request correction of inaccurate data, completion of incomplete data, and erasure of data no longer necessary.
Grievances addressed at hello@chatmadi.com. Acknowledged within 48 hours, resolved within 30 days.
Nominate an individual to exercise rights in event of death or incapacity, per DPDPA.
Export all data via CSV from the Export Data page at any time without charge.
Withdraw consent at any time without affecting prior lawful processing.
Escalate unresolved matters to the Data Protection Board of India.
Chatmadi processes data about minors on behalf of schools (Data Fiduciaries) who bear responsibility for obtaining parental consent. The Company does not collect data directly from children. Heightened care is applied to all student data, which is not used beyond providing the contracted service.
The Company maintains a security incident response plan. In event of a breach likely to affect individuals, we will notify the Data Protection Board and affected schools within prescribed timeframes. Report suspected incidents to hello@chatmadi.com with subject "Security Incident Report".
We may amend this Policy at any time. Material changes notified by email at least fourteen days before taking effect. Non-material changes may apply immediately. Continued use constitutes acceptance.
Grievance Officer
Eduloom Technologies OPC Pvt Ltd
Mysore, Karnataka, India
Email: hello@chatmadi.com
Subject: Privacy Policy Enquiry or Data Rights Request
Acknowledgement within 48 hours. Substantive response within 30 days.