PRIVACY POLICY

Last Updated On: 01-01-2026

This document is an electronic record in terms of Information Technology Act, 2000 and rules thereunder as applicable. This Privacy Policy has been updated to incorporate requirements of the Digital Personal Data Protection Act, 2023 (“DPDPA”) and the Digital Personal Data Protection Rules, 2025 (“DPDP Rules”).

This document is published in accordance with Rule 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011 and Section 5 of the DPDP Act, 2023 and governs access to: (i) https://www.iguroo.com (“Website”) and (ii) “iGuroo” mobile application (“Application”) (collectively, “Platform”), owned and operated by iGuroo Digitech India Private Limited (“iGuroo” / “We” / “Us” / “Data Fiduciary”), registered at 403, Elemental #337, Sy No 337 Partly, Puppalaguda Village, Financial District, Nanakaramguda, Telangana – 500032.

Under the DPDPA, You (the person whose data is processed) are referred to as the “Data Principal”. iGuroo, which determines the purpose and means of processing, is the “Data Fiduciary”. This Policy explains your rights, our obligations, and how we handle your personal data.

BY COMPLETING REGISTRATION OR USING THE SERVICES, YOU CONFIRM THAT YOU HAVE READ, UNDERSTOOD AND AGREE TO THIS POLICY AND THE COLLECTION, PROCESSING AND USE OF YOUR PERSONAL DATA AS DESCRIBED HEREIN. If you do not agree, please do not use the Platform.

1. Definitions
  • “Personal Data” or “Personal Information” means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDPA.
  • “Sensitive Personal Data or Information (SPDI)” includes passwords, financial information, health data, biometric data, sexual orientation, and medical records.
  • “Consent” means free, specific, informed,unconditionalandunambiguousindicationof your agreement to the processing of yourpersonal data.
  • “Data Principal” means the individual to whom the personal data relates.
  • “Data Fiduciary” meansiGuroo, whichdeterminesthe purpose and means of processing personal data.
2. Consent and Withdrawal of Consent
In compliance with Section 6 of the DPDPA and Rule 3 of the DPDP Rules, iGuroo collects and processes your personal data only on the basis of free, specific, informed, and unambiguous consent, or other lawful bases specified in this Policy.
2.1. How We Obtain Consent
Before collecting your personal data, we will present you with a clear, plain-language consent notice that specifies:
  • The categories of personal data being collected;
  • The specific purposes for which it will be used;
  • Whether data will be shared with third parties and their identities;
  • Your rights as a Data Principal; and
  • How to withdraw consent.
Consent is obtained through an affirmative action (e.g., ticking a checkbox or clicking “I Agree”). Pre-ticked boxes or implied consent are not used. Consent will not be bundled as a condition of using the Platform for unrelated purposes.
2.2 How to Withdraw Consent
You may withdraw consent at any time, with ease and without detriment, through any of the following means:
  • Email: Send a written request to support@iguroo.com with the subject line “Withdraw Consent”;
  • For marketing communications: Use the “Unsubscribe” link in any email.
Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal. We will cease processing within 30 (thirty) days of receiving your request, except where processing is required by law or for legal claims. Withdrawal may limit your access to certain features of the Platform.
3. Lawful Basis for Processing Personal Data
In accordance with Section 4 of the DPDPA, iGuroo processes your personal data only where a lawful basis exists. The following table sets out the categories of personal data we collect and the corresponding lawful basis:
  • Personal & Contact Information (name, email, phone, address) : Lawful basis : Consent and performance of contract. Used to create your account, provide services, and communicate with you.
  • Educational Information (class, marks, syllabus, progress reports) : Lawfulbasis : Consent. Used to personalise learning content and match you with suitable mentors.
  • Financial Information (bank account, UPI, card details) : Lawful basis : Consent and performance of contract. Used to process payments for services. Handled by authorised payment gateway partners.
  • Device & Technical Information (IP address, browser, OS, cookies) : Lawful basis: Legitimate use (security, fraud prevention, platform improvement) and consent for non-essential cookies.
  • Location Information : Lawful basis: Consent (only where you have authorised location tracking). Used to provide location-relevant content.
  • Mentor/Teacher Professional Information (PAN, qualifications, experience) : Lawful basis: Consent and performance of contract. Used to verify credentials and display relevant profile information on the Platform.
  • Compliance & Legal Data : Lawful basis: Legal obligation. Processed tocomply withapplicable laws and regulatory mandates.
4. What information iGuroocollects
When you access or use the Platform, iGuroo may collect the following categories of information:
  • Personal Information : Name, age, mobile numberandemail address, residential address, and transaction information.
  • Educational Information : Student interests, class, marks cards, progress reports,syllabusand curriculum.
  • Device Information : Device ID, time-zone, browser type, plug-in details, pages accessed, IP address, mobile network, operating system, and unique identifiers.
  • Location Information : Geo-location/mobile device location (only if you have authorised location tracking).
  • Financial Information : Bank account, UPI, credit/debit card, or other payment instrument details.
  • Information from Other Sources : Cookies, tracking technologies, third-party tools, pixels, and automatic information from other sites.
  • For Mentors/Teachers/Counsellors : PAN card details, bank account details, proof of educational qualifications, and experience certificates.
You may choose not to provide certain information, in which case some features of the Platform may not be available to you.
5. How iGuroo uses your information
Your personal data is used only for the specific purposes for which consent has been given or as permitted under the DPDPA, including:
  • To carry out obligations arising from your requests for our Services;
  • To provide customised and curated content and Services;
  • To provide customer support;
  • To improve Platform functionality;
  • To communicate with you about changes to our Services;
  • To conduct research and analyse usage trends;
  • Tomaintainrecords andcomply withlegal obligations;
  • To process transactions; and
  • To verify identity and prevent fraud and prohibited activities.
6. Data Retention and Deletion
In accordance with Section 8(7) of the DPDPA, iGuroo retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following retention periods apply:
  • Account and Profile Data : Retainedfor the duration of your active account. Upon account deletion or request for erasure, data isdeletedwithin 30 (thirty)days,except where retention is required by law.
  • Financial Transaction Records : Retainedfor 7 (seven) years from the date of transaction tocomply withapplicable financial and tax laws, even after account deletion.
  • Educational and Progress Data : Retainedwhile your account is active and for 1 (one) year after account closure, to allow retrieval of historical records. Deleted upon expiry of that period or upon your request.
  • Device and Log Data: Retainedfor 90 (ninety) days for security and fraud prevention purposes, then automaticallydeleted.
  • Marketing and Communications Data: Retaineduntil you withdraw consent or opt out. Deleted within 14 (fourteen) days of withdrawal.
  • Mentor/Professional Credentials: Retainedfor the duration of the engagement and for 2 (two) years thereafter fordispute resolution purposes.
Upon expiry of the applicable retention period, or upon receipt of a valid erasure request, iGuroo will securely delete or anonymise personal data so it can no longer identify you.
7. Cross-Border Data Transfers
The Platform is designed for use within India. However, certain service providers and technology partners engaged by iGuroo may be located outside India, which may result in your personal data being transferred to or processed in other countries.

Currently, personal data may be transferred to the following jurisdictions in connection with specific services:
  • United States of America: Cloud infrastructure services (Amazon Web Services – AWS), including user credential management (AWS Cognito), monitoring (AWS CloudTrail and Amazon CloudWatch), and data storage.
  • Other countries: Third-party analytics or communication tools, asrequiredfrom time to time.
All cross-border transfers are subject to the following safeguards:
  • Contractual protections : We enter into data processing agreements with all third-party processors that include obligations equivalent to those under the DPDPA and applicable data protection laws.
  • Adequacy : We transfer data only to countries or processors thatmaintainappropriate dataprotection standards.
  • Standard Contractual Clauses : Where required, standard contractual clauses or equivalent mechanisms are used to ensure adequate protection.
You may request information about the specific safeguards applicable to any cross-border transfer by contacting us at support@iguroo.com.
8. With Whom iGuroo Shares Your Information
iGuroo does not sell, rent or exchange your Personal Information with any third party for commercial purposes. We may share information in the following circumstances:
  • Payment Processors : With authorised payment gateways for transaction processing and fraud prevention.
  • Service Providers : With trusted third-party vendors whoassistin platform operations, subject to confidentiality agreements.
  • Legal Compliance : With government or regulatory authorities when required by law, court order, or to protect rights, property, or safety.
  • Business Transfers : In the event ofa merger, acquisition, orsale of business assets, with the successor entity (subject to equivalent privacy obligations).
9. Your Rights as a Data Principal
In accordance with Sections 11–13 and 16 of the DPDPA, you have the following rights with respect to your personal data:
9.1 Right to Access and Confirmation
You have the right to obtain confirmation of whether iGuroo is processing your personal data, a summary of the data processed, the processing activities undertaken, and the identities of all Data Fiduciaries and processors with whom data has been shared.
9.2 Right to Correction and Erasure
You have the right to request correction of inaccurate or misleading personal data, completion of incomplete data, and erasure of personal data that is no longer necessary for the purposes for which it was collected, or where consent has been withdrawn.
9.3 Right to Grievance Redressal
You have the right to have your grievances redressed by iGuroo. Complaints will be acknowledged within 48 hours and resolved within 40 (thirty) days of receipt.
9.4 Right to Nominate
You have the right to nominate another individual who shall, in the event of your death or incapacity, exercise your rights as a Data Principal. To register a nominee, please contact our Grievance Officer with the details of your nominee.
9.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used and machine-readable format and to have such data transferred to another Data Fiduciary of your choice, where technically feasible.
9.6 How to Exercise Your Rights
To exercise any of the above rights, you may :
  • Email: support@iguroo.com with subject “DPDPA Rights Request – [Type of Right]”;or
  • Write to our Grievance Officer at the address below.
We will respond to your request within 30 (thirty) days. We may need to verify your identity before processing your request. There is no fee for exercising your rights, except in cases of manifestly unfounded or excessive requests.
10. Security Policy
iGuroo employs robust technical and organisational security measures, including:
  • User credentials managed through AWS Cognito with strict password policies and rotation;
  • All APIs secured with HTTPS/SSL and AWS Cognito’s authorisation framework;
  • Sensitive personal data (date of birth, phone numbers) encrypted at application level;
  • Continuous security monitoring via AWS CloudTrail and Amazon CloudWatch;
  • Restricted access to production databases on a need-to-know basis only.
11. How We Use Cookies
Cookies are small files placed on your device to enhance your browsing experience. We use essential cookies (necessary for platform functionality) and non-essential cookies (analytics, personalisation) which require your separate consent. You may manage cookie preferences in your browser settings. Declining non-essential cookies will not prevent access to core features.
12. Minors
The Platform is intended for persons above the age of 14. Users below 18 years (“Minors”) must obtain verifiable consent from a parent or legal guardian prior to registration. iGuroo will not knowingly collect personal data from Minors without parental consent. If a parent/guardian becomes aware that their child has provided information without consent, they should contact us immediately at support@iguroo.com for deletion.
13. Grievance Redressal and Complaint Escalation
13.1 Grievance Officer
If you have any concern, grievance, or complaint regarding this Privacy Policy or the processing of your personal data, please contact our Grievance Officer:
Name : Srinivas Pisipati (SP)
Address: 403, 4th Floor, Elemental #337, Sy No 337 Partly, Puppalaguda Village, Financial District, Nanakaramguda, Telangana – 500032
Email Address: support@iguroo.com
Contact Number: +91 8977826140
All complaints will be acknowledged within 48 hours and resolved within 30 (thirty) days of receipt. If you are not satisfied with the resolution, you may escalate as described below.
13.2 Escalation to the Data Protection Board of India
If your grievance is not resolved by iGuroo to your satisfaction, or if you believe that iGuroo has violated any provision of the DPDPA, you have the right to file a complaint with the Data Protection Board of India (“DPB”), established under Section 18 of the DPDPA.

The procedure to file a complaint with the DPB is as follows:
  1. First exhaust the grievance redressal mechanism available withiGuroo(Section 13.1 above).
  2. If your complaintremainsunresolved after 30 days, or you are dissatisfied with the outcome, you may approach the DPB.
  3. Complaints to the DPB may be filed through the official portalestablishedby the Central Government under the DPDPA. The DPB portal and contact details will be made available at the official Ministry of Electronics and Information Technology (MeitY) website: https://www.meity.gov.in.
  4. The DPB has the power to inquire into complaints, conduct hearings, and impose penalties on Data Fiduciaries for breaches of the DPDPA.
  5. Appeals against orders of the DPB may be made to the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) under Section 29 of the DPDPA.
14. Availability in Indian Languages
In compliance with Rule 3 of the DPDP Rules, 2025 and Section 5 of the DPDP Act, 2023, iGuroo is committed to making this Privacy Policy and all consent notices accessible in relevant Indian languages to ensure that all Data Principals can make an informed decision regarding their personal data.
This Privacy Policy and relevant consent notices are available (or will be made available) in the following scheduled languages of the Indian Constitution, as applicable to the primary user base of the Platform:
  • Hindi (हिंदी)
  • Telugu (తెలుగు)
  • Tamil (தமிழ்)
  • Kannada (ಕನ್ನಡ)
  • Odiya (ଓଡିଆ)
Users may select their preferred language at registration or at any time via Settings → Language Preference. Where a language version is not yet available, iGuroo will endeavour to provide it within a reasonable time. For requests for a specific language version, please contact support@iguroo.com.
The English version of this Privacy Policy shall be the governing version in case of any conflict or inconsistency with any translation.
15. Third-Party Websites and Platforms
The Platform may contain hyperlinks to external or third-party websites. iGuroo is not responsible for the privacy practices or content of such third-party sites. iGuroo does not recommend or endorse any third-party links, and shall not be liable for any collection, storage or disclosure of your information by third parties.
16. Governing Law
This Privacy Policy is governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and applicable rules thereunder. Any dispute not resolved through the DPB mechanism shall be subject to the exclusive jurisdiction of the courts in Bengaluru, Karnataka.
17. Changes to This Privacy Policy
iGuroo may revise this Privacy Policy from time to time. Material changes will be communicated to you via email, in-app notification, or a prominent notice on the Platform at least 14 (fourteen) days before they take effect. Where changes affect the lawful basis for processing or require fresh consent, iGuroo will seek your renewed consent before processing your data under the revised terms. Your continued use of the Platform after the effective date of changes constitutes acceptance of the revised Policy.
18. Severability
Each clause of this Privacy Policy is independent and severable. If any clause is held unenforceable or invalid under applicable law, it shall be excluded, and the remainder of the Privacy Policy shall continue in full force and effect.

Privacy Policy