MindAbs Privacy Policy
Version 1.0 • Effective date: 29 June 2026
MindAbs ("we," "us," or "our") provides a cognitive learning platform for children, used under the supervision of a parent or legal guardian. This Privacy Policy explains what personal data we collect, why we collect it, how long we keep it, and the rights a parent or guardian has over their child's data. It applies to all users of the MindAbs app and website.
This policy is written to comply with India's Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 ("DPDP"), which set out specific obligations for any service that processes a child's personal data.
1. Who we are and how to contact us
MindAbs is the data fiduciary responsible for the personal data described in this policy. If you have a question about this policy, or a request relating to your or your child's data, you can reach us at hello@mindabs.com. We aim to acknowledge every request within a few business days.
2. Who this policy covers
MindAbs is built for use by children under the supervision of a parent or legal guardian. A parent or guardian creates and manages the account on the child's behalf. Throughout this policy, "you" refers to the parent or guardian who holds the account, and "child" refers to the minor using the learning platform under that account.
3. What data we collect
We collect only what is necessary to operate the learning platform and keep a child's account safe. We collect this directly from the parent at signup, and through the child's use of the app once an account is active.
From the parent or guardian
- Name, email address, and phone number, used to create and manage the account.
- Parental consent and identity-verification details, used to confirm you are an adult parent or guardian before any data about your child is processed.
About the child, provided by the parent
- First name and date of birth or age band, used to set up an age-appropriate learning profile.
From the child's use of the app
- Lesson progress, assessment responses, and in-app activity, used to personalise learning content and power the parent's progress dashboard.
- Device and technical data (such as device type and app version), used to operate the service reliably and fix faults.
We do not collect the child's contact details, precise location, or any data not listed above.
4. Why we collect it
We use the data described above only for the following purposes:
- To create and operate the child's learning account.
- To personalise lesson content and pace to the child's progress.
- To give the parent visibility into their child's progress through the parent dashboard.
- To maintain the safety and integrity of the platform, including detecting misuse.
- To meet our legal obligations under applicable Indian law.
We do not use a child's data for any purpose beyond these, and we do not use it to build an advertising or behavioural profile of the child.
5. No targeted advertising, no behavioural tracking of children
We do not show advertising to children on MindAbs, and we do not use a child's activity on the platform to build an advertising or behavioural profile of them. We do not sell or rent a child's personal data to any third party for marketing purposes.
6. How long we keep data
We keep personal data only for as long as it is needed for the purposes described in this policy, or as required by law. Retention periods by category:
| Data category | Retention period | Trigger for deletion |
|---|---|---|
| Account & profile data | 24 months after account closure or a parental erasure request | Parent-initiated erasure, or 24 months of account inactivity |
| Learning activity & assessment data | 24 months after the child's last activity, or immediately on parental request | Withdrawal of consent, or an erasure request |
| Safety and safeguarding records | Retained under our safeguarding policy's own retention rule, independent of a parent's erasure request | Governed by our safeguarding policy |
| Security and access logs | Minimum of 1 year | Statutory minimum retention period; not deletable on request before this period ends |
7. Who we share data with
We do not sell a child's personal data. We share data only with service providers who help us operate MindAbs (such as cloud hosting and analytics providers), under contractual obligations to protect it and use it only for the purpose we specify. We may also disclose data where required by law, or to protect the safety of a child, as described in Section 9 below.
8. Parental rights – access, correction, erasure, and withdrawal of consent
As the parent or guardian who consented on your child's behalf, you may at any time:
- Request a copy of the personal data we hold about your child.
- Ask us to correct inaccurate data.
- Withdraw your consent for us to process your child's data.
- Request that we erase your child's personal data.
To exercise any of these rights, contact us at hello@mindabs.com. We will respond within 90 days, and in most cases sooner. If you withdraw consent or request erasure, we will stop processing your child's data and delete it, except where we are required to retain certain records by law (see Section 6, Retention). Withdrawing consent does not affect the lawfulness of anything we did with the data before you withdrew it.
9. How we handle safety concerns
If something a child says or does on MindAbs raises a safeguarding concern, our safety team reviews it before deciding what happens next. In most cases this means a trained team member (a "Lead") assesses the situation first. We do not automatically notify a parent every time a concern is flagged – our team decides, case by case, whether and how to involve a parent, guardian, or external authority, based on what is in the best interest of the child's safety. This approach exists so that safety decisions are made by trained people rather than by an automatic rule, in situations where an automatic parent notification could itself create risk for the child.
10. Security
We use technical and organisational measures, including encryption in transit and access controls, to protect personal data from unauthorised access, loss, or misuse. No method of storage or transmission is completely secure, but we work to keep these protections current.
11. Verifiable parental consent
Before we process any personal data belonging to a child under 18, we require verifiable consent from a parent or legal guardian. We verify that the consenting adult is genuinely an adult parent or guardian using identity details voluntarily provided by the parent, cross-checked against reliable information we already hold, or a government-issued digital token such as DigiLocker. We keep a record of this consent, including which version of this Privacy Policy the parent agreed to and when.
12. Changes to this policy
If we make a material change to this policy, we will require parents to re-consent before their child can continue using the service. The version number and effective date at the top of this page always reflect the current version.
13. Grievance redressal and contact
If you have a complaint about how we have handled your or your child's personal data, contact us at hello@mindabs.com and we will work to resolve it. You also have the right to file a complaint with the Data Protection Board of India if you believe we have not addressed your concern adequately.