Privacy Policy

21K School Education Private Limited (formerly known as Mindreflex Technologies Private Limited) (together with its subsidiaries and affiliates, hereinafter referred to as "21K School," "we," "us," or "our") is committed to safeguarding the privacy and personal data of our learners, parents, guardians, and authorized staff ("you," "your," or "users"). We believe that protecting personal data is fundamental to building trust, ensuring safety, and providing high-quality services through our digital platforms.

Accordingly, this Privacy Policy ("Policy") sets out how we collect, use, store, share, and secure your personal information in accordance with applicable laws. We process your personal data in accordance with the laws applicable in your respective countries, including the [Indian] Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 and the rules and regulations thereunder.

This Policy will establish transparent, lawful, and fair handling of all personal data processed by 21K School. It will outline the rights of learners, parents, and guardians with respect to their data and determine our responsibility in maintaining standards of data protection and governance.

The purpose of this Policy is to establish how the personal data collected by 21K School through its Parent Hub and related connected systems ("21K Services") is stored, processed, used or transferred. This Policy applies to all personal data collected and processed by 21K School through its digital platforms, including the Parent Hub and affiliated mobile/web applications or online tools used for academic or administrative purposes. It covers all categories of users — learners, parents/guardians, authorized staff — and applies globally, irrespective of the user's location.

Please read this Privacy Policy, along with our Terms of Use, before using any of our Services. By availing the 21K Services, you imply your agreement with the terms of this Policy. If you do not agree to the terms, some of our services may be restricted or unavailable to you.

We collect only the data necessary to deliver and manage our educational services efficiently. Some of such data collected is provided by you directly through/during registration or enrolment process, or by authorised service providers. We also receive data from affiliated educational partners or systems integrated with our ERP, while some of it is automatically recorded when you access or interact with 21K Services, or respond to our offers or advertisements. For learners under 18, we collect personal data only with verified parental/guardian consent. Children are provided age-appropriate access controls within the ERP and Parent Hub. We do not knowingly collect data from minors without supervision.

The information we collect is categorized into "Personal Information", "Sensitive Personal Information", and other information, (together referred to as "Data") as described below:

• Information related to Learners: We collect the data relating to the Learner such as your name, date of birth, gender, enrolment number, academic performance, attendance logs, recordings of LMS participation, in order to process enrolment and keep record of our learners;
• Information related to Parent/Guardian: We collect data related to Parent/Guardian of a learner, such as your name, contact details such as email, phone number, and address, occupation, and relationship to the learner;
• Identification Records: We collect certain Government-issued ID, passport, or birth certificate;
• Communication & Ticketing records: We have limited access to your in-app Messages, chat logs, support tickets, queries, or feedback submitted through the Parent Hub;
• System and Technical Data: Device identifiers, login timestamps, and IP addresses;

• Medical history & Information: Special need/ disability information of learners, if specific learning accommodations are required;
• Financial Information: Limited payment information, when direct bank transfer is made for fee processing; Payment information for secure fee processing through PCI-DSS compliant gateways;
• Encrypted login credentials for account access.

• Cookies and other Technologies: Our platforms use cookies and similar tracking technologies to maintain user sessions and remember preferences, monitor site performance and troubleshoot errors, analyse anonymised usage patterns for continuous improvement.

All data collected by 21K School is stored, processed, and transferred using Amazon Web Services (AWS) servers and databases located in India. For international users, your data may be stored on secure servers located outside India, and such data is transferred to India through secure and encrypted format and is processed here in accordance with this policy, Indian data protection laws, and the laws of host country by extra-territorial application. To ensure an equivalent level of data protection, we implement the following safeguards:

• Contractual Safeguards: Cross-border data transfers are governed by written agreements incorporating lawful transfer mechanisms recognised under applicable law.
• Technical Safeguards: All data in transit and at rest is encrypted using industry-standard protocols (TLS 1.3 and AES-256).
• Organisational Safeguards: Access to personal data is restricted to authorised personnel subject to confidentiality obligations and periodic security training.
• Due Diligence: We perform regular assessments of our international data processors and hosting providers to ensure compliance with equivalent data protection standards.

By using our Services, you acknowledge that your data may be transferred, processed, and stored outside your country of residence under these safeguards and protections.

21K School is vigilant about data protection and abides by certain industry level practices and principles such as fairness, transparency, purpose limitation, data minimisation, storage limitation, integrity, confidentiality, and accountability.

We use your Data to:

• Manage admissions, enrolment, attendance, and student records: We use the data to maintain and manage the admission and enrolment process, create and maintain your account, verify user information, access and process your consent to efficiently operate 21K Services.
• Enable communication among parents, learners, and facilitators: We use our Data to communicate with you regarding our offers, advertisements, target our services based on your needs and user history, and to receive feedback on our services.
• Process payments and issue receipts: Certain information you provide is used to process fee payments, issue receipts, manage logistics.
• Ensure child safety and comply with regulatory requirements: All Data relating to users under 18 is done in accordance with the data protection laws. We use minor's information only to the extent necessary to manage their profile, account, academic performance, and provide customised learning experience.
• Improve the ERP, Parent Hub, and LMS through performance analytics: Certain information such as user access, traffic on our platforms, feedback or suggestions are used by us to improve and elevate our services and platforms.
• Advertisements: We may share news, academic updates, or event highlights with parents/ guardians/ targeted audiences and other members of the public as may be necessary to advertise our services. We occasionally share student photographs in newsletters, social media, or marketing materials to celebrate achievements. Parents/ guardians are informed in advance and may opt out at any time by emailing [email protected]. No photo will be published without appropriate context and supervision. We do not sell or rent your data to advertisers.

We may also conduct anonymised and aggregated analytics to understand platform usage, improve learning outcomes, and enhance system performance. No individual-level profiling is performed without your explicit consent. We may compile anonymised data for internal research or statistical reporting. Such data cannot identify any individual and falls outside the definition of personal data.

We take utmost care regarding the disclosure of your Personal data to third party. We only disclose it only to:

• Our authorised school staff/facilitators/administrators: We share your data with our authorised staff/ facilitators/ administrators to improve our content, teaching methods and to provide direct learner support.
• Our fellow learners: Your profile, with limited personal data, is viewable by fellow learners.
• Service providers and agents under contract: We share your Data to third-party service providers, contractors and agents providing services such as cloud hosting, IT services, Logistics, etc. on our behalf, on a limited and need-to know basis. All such third-party processors operate under written agreements ensuring confidentiality, encryption, and non-disclosure obligations. We ensure that all such third parties operate with a similar or a greater level of data protection standards compared to 21K School.
• Our Affiliates/Partners/Group Companies: We may share your Data with our affiliates, partners or group companies, who operate under same ownership/ business entity, in order to access support in provision of our services.
• Government or regulatory authorities when legally required: We may disclose your Data to a Government or regulatory authority, if we in good faith have reason to believe that, such Data is requested by a government or regulatory authority as part of a judicial process, legal inquiry, proceeding, or order.
• Law Enforcement Authorities: For prevention or detection of fraud, we may share your data with law enforcement authorities, if we have a reason to believe that, our platform, or services have been subject to fraud, misuse, illegal activities, data and security breach, etc.
• We may share your Data to such other persons as maybe required to protect the rights, property, services, goodwill, and reputation of 21K School, and to protect against harm our staff, employees, learners, and facilitators.

21K School relies on consent to collect and process your Data. We process your information only after securing your informed consent during the data collection process. However, at any point, as the Data Principal, you have certain rights pertaining to your information. You have the right to know what personal information we hold on you. You may access, review, and correct your personal information, withdraw consent or object to processing your information, and request deletion of your information from our records. You can also manage or disable certain cookies through browser settings to limit the information automatically collected by us; however, some features may become unavailable if cookies are disabled.

To exercise these rights, you may contact us at privacy@21kschool.com. Your requests will be verified and processed in accordance with our policies and applicable laws.

21K School takes strong steps to protect Data through a combination of administrative, technical, and physical measures. We use AES-256 encryption to secure data at rest and TLS 1.3 encryption for data in transit. Our systems are protected by firewalls, intrusion detection tools, and role-based access controls. We also carry out regular vulnerability assessments, penetration tests, and periodic third-party security audits, and maintains secure backup and disaster recovery plans to ensure data integrity and continuity. Only our authorized staff have access to personal data, and they receive regular training on data protection and cybersecurity. Data is retained or deleted as required by law and school policy.

While we take every precaution to keep information safe, no system is completely secure. Users are encouraged to use strong passwords, protect their login details, and immediately report any suspicious activity to the School's Data Protection Officer or IT Security Team.

21K School ensures adherence to standards and guidelines prescribed by relevant authorities for data protection, storage and management. Rest assured that we manage your data in compliance with contemporary processes and industry standards. We undertake to abide by the following:

Audit Records: We maintain accurate and auditable records of data processing activities, user consents, and security logs. Archival is performed through encrypted storage with limited administrative access. The Data Protection Officer (DPO) is responsible for ensuring compliance, training employees, and responding to data requests or incidents.

Procedures on data processing: Internal Standard Operating Procedures (SOPs) govern how data is collected, processed, audited, and deleted. We regularly review and update these processes to align with legal requirements and technology changes.

Data Retention: We retain your Personal Information only for the period necessary to fulfil its purpose or as mandated by law. As directed by the Cert-In guidelines, after termination of your relation with us, by way of account deletion or withdrawal of your enrolment with us, we do not retain any personal information for more than five years. Upon deletion of account or withdrawal, your data will be archived or anonymised within defined retention windows. However, if during the data retention window, you seek to erase your personal information from our database, you may raise a request to [email protected] and we will comply with your request.

Data Breach: In the event of a personal data breach likely to impact your individual rights, we will notify affected users and relevant authorities without undue delay, and take necessary steps to reduce impact and mitigate risks.

User responsibility: Our website and Parent Hub may contain links to third-party platforms (such as video-conferencing or payment providers). We are not responsible for the privacy practices of these sites. Users are encouraged to review their respective policies before engagement.

We will address all queries or grievances regarding the protection and processing of your personal information through our designated Data Protection Officer (DPO)/ Grievance Redressal Officer (GRO). All your grievances will be addressed within 24 hours and resolved within 30 days from the date of receipt. In case of any such queries or grievances, please contact:

We may update this Policy periodically to reflect legal or operational changes. The "Effective Date" at the top will indicate the latest revision and the revised Policy shall be effective from the date it is posted. Material changes will be communicated via email or in-app notification.