CAEA Logo

Legal

Privacy Policy

Effective Date: 1 July 2026Last Updated: 13 July 2026

1. About This Privacy Policy

LARA, CARA and EdviseMe are education, learning, assessment, counselling, admissions, career-guidance and artificial-intelligence services operated by Graztech Private Limited and/or Junom Global Private Limited This Privacy Policy explains how we collect, use, analyse, store, combine, disclose, transfer and protect Personal Data when you visit, access or use our Services.

In this Privacy Policy:

  • “LARA” means our AI-powered learning, tutoring, revision, assessment, examination-readiness and academic-support services.
  • “CARA” means our AI-powered education, admissions, course, university, career and counselling services.
  • “EdviseMe” means our broader education, admissions, career, counselling and related platform services.
  • “Services” means LARA, CARA, EdviseMe and all associated websites, applications, dashboards, chatbots, messaging services, APIs, artificial-intelligence features, assessments, reports, subscriptions and communications.
  • “we”, “us” and “our” refer to Graztech Private Limited and/or Junom Global Private Limited as the legal operator of the Services.
  • “you”, “your” and “User” refer to any person who visits, accesses, registers for, purchases or uses a Service.
  • “Personal Data” or “Personal Information” means information relating to an identified or reasonably identifiable individual.
  • “Young User” means a User aged 13 to 17 or another User treated as a child or minor under applicable law.

This Privacy Policy applies to Services provided through:

  • withlara.ai and its subdomains;
  • withcara.ai and its subdomains;
  • edviseme.com and its subdomains;
  • LARA, CARA and EdviseMe web and mobile applications;
  • parent, teacher, counsellor, school, institutional and administrative dashboards;
  • WhatsApp and other messaging channels through which the Services are made available;
  • APIs, integrations, landing pages and campaign pages; and
  • any other Service that displays or links to this Privacy Policy.

By accessing or using the Services, you acknowledge that your Personal Data will be handled as described in this Privacy Policy.

Where applicable law requires consent for a particular activity, we will request that consent separately. Acceptance of our Terms of Service does not automatically constitute consent to optional advertising cookies, promotional communications or any other processing for which separate consent is legally required.

2. Who Is Responsible for Your Personal Data?

For Services offered directly to Users, the organisation responsible for determining how and why Personal Data is processed is:

Graztech Private Limited and/or Junom Global Private Limited Pentagon, Amrutha Valley Hyderabad – 500034 Telangana, India Email: support@edviseme.com Depending on applicable law, we may be described as the data fiduciary, data controller, business, organisation or another equivalent responsible entity.

References to LARA, CARA, EdviseMe, “we”, “us” or “our” mean Graztech Private Limited and/or Junom Global Private Limited in its capacity as the legal operator of the relevant Service.

Institution-managed Services Where your account is created, supplied, funded, administered or managed by a school, college, university, employer, counsellor, education provider or another organisation:

  • that organisation may determine how and why some of your Personal Data is processed;
  • we may process Personal Data on that organisation’s instructions as its processor or service provider;
  • the organisation may control account creation, access, permissions, retention and deletion;
  • authorised representatives may be able to access account information, assessments, submissions, progress, reports and usage activity; and
  • the organisation’s own privacy notice and agreement with us may also apply.

You should contact the relevant organisation if you have questions about its independent use of your Personal Data.

We remain independently responsible for processing for which we determine the purpose and means, including platform security, fraud prevention, account administration, subscriptions, product operations, legal compliance and protection of our rights.

3. Minimum Age and Young Users

The Services are intended for Users aged 13 and above.

A person under 13 must not create an account or submit Personal Data directly through the Services.

Users aged 13 to 17 may use the Services only where:

  • such use is permitted in their country or jurisdiction;
  • any required parent or lawful guardian authorisation has been obtained;
  • any required age-verification or parental-verification process has been completed; and
  • the User complies with the age-specific conditions applicable to the Service.

The age at which a User may independently consent to the processing of Personal Data varies by jurisdiction. We may therefore require parental or guardian involvement even where the User is aged 13 or above.

We may request or use proportionate information to:

  • establish or confirm age;
  • verify that a User is at least 13;
  • determine whether parental authorisation is required;
  • verify the identity and authority of a parent or guardian;
  • apply age-appropriate settings;
  • satisfy legal obligations; and
  • prevent circumvention of age restrictions.

Further information is available in our Children and Young Users Privacy Notice at:

https://edviseme.com/legal/children

4. Personal Data We Collect

The Personal Data we collect depends on:

  • the Service you use;
  • your age and country;
  • whether you are a student, parent, guardian, teacher, counsellor, administrator or visitor;
  • whether an organisation provides or manages your account;
  • the features you choose;
  • your subscription;
  • your device and settings;
  • the permissions and consents you provide; and
  • the information reasonably necessary to provide the requested Service.

We may collect, receive, generate or process the following categories of Personal Data.

4.1 Account and Profile Information

This may include:

  • first and last name;
  • display name;
  • username;
  • account identifier;
  • email address;
  • telephone number;
  • password or authentication credentials;
  • profile photograph;
  • preferred language;
  • country of residence;
  • nationality, where voluntarily provided and relevant;
  • city or broad geographic area;
  • date, month or year of birth;
  • age or age range;
  • time zone;
  • gender, where voluntarily provided;
  • school or institution;
  • curriculum;
  • grade or class;
  • parent or guardian details;
  • account type;
  • User role;
  • referral code;
  • verification status; and
  • account settings and preferences.

We may create internal identifiers to distinguish accounts, link activity, prevent fraud and administer the Services.

4.2 Age-Assurance and Parental-Authorisation Information

Where necessary, we may process:

  • date or year of birth;
  • age range;
  • country;
  • parent or guardian name;
  • parent or guardian email address;
  • parent or guardian telephone number;
  • relationship to the Young User;
  • parental-authorisation status;
  • consent records;
  • verification records;
  • linked parent and Young User account identifiers;
  • verification tokens;
  • institution confirmation; and
  • limited information supplied by an age- or identity-verification provider.

We aim to collect only the information reasonably necessary to complete the relevant verification.

4.3 Educational and Academic Information

This may include:

  • school;
  • curriculum or education board;
  • grade or class;
  • academic year;
  • subjects;
  • chapters;
  • topics;
  • syllabus information;
  • present marks;
  • target marks;
  • examination results;
  • predicted or estimated marks;
  • assessment attempts;
  • quiz responses;
  • examination answers;
  • answer workings;
  • time spent;
  • mistakes and correction history;
  • revision history;
  • teacher comments;
  • learning goals;
  • learning preferences;
  • academic strengths;
  • areas requiring improvement;
  • study plans;
  • revision plans;
  • learning-plan activity;
  • attendance or participation information supplied by an institution;
  • certificates;
  • transcripts;
  • academic reports;
  • performance reports; and
  • educational recommendations generated by the Services.

4.4 Career, Course, Admissions and Counselling Information

This may include:

  • intended qualification level;
  • subject stream;
  • courses of interest;
  • preferred careers;
  • skills;
  • qualifications;
  • work experience;
  • extracurricular activities;
  • achievements;
  • preferred institutions;
  • preferred countries or cities;
  • destination preferences;
  • tuition budget;
  • financial preferences;
  • scholarship preferences;
  • application plans;
  • application status;
  • test scores;
  • admission deadlines;
  • visa-related preferences or status information;
  • career goals;
  • salary or work preferences;
  • university and course shortlists;
  • counselling notes;
  • counsellor recommendations;
  • CV or résumé information;
  • application documents;
  • statements of purpose;
  • essays;
  • letters;
  • interview-preparation information; and
  • recommendations or matches generated by the Services.

4.5 Assessments, Reports and Inferred Information

When you complete an assessment or use a personalisation feature, we may collect or generate:

  • assessment responses;
  • scores;
  • aptitude indicators;
  • academic-readiness indicators;
  • subject-strength indicators;
  • learning preferences;
  • engagement indicators;
  • career-interest indicators;
  • course-interest indicators;
  • education and career recommendations;
  • inferred preferences;
  • strengths and development areas;
  • learner profiles;
  • counselling profiles;
  • student-performance profiles;
  • recommendation rankings;
  • compatibility scores;
  • estimated readiness;
  • estimated performance;
  • behavioural patterns within the Services;
  • recommended next actions; and
  • generated reports.

These assessments and inferences are estimates based on the information available to us. They are not medical diagnoses, clinical evaluations or definitive statements about intelligence, personality, ability, admission prospects or future success.

4.6 Prompts, Chats and User Content

We may process information that you enter, upload, transmit, record or otherwise make available through the Services, including:

  • prompts;
  • questions;
  • messages;
  • AI conversations;
  • answers;
  • workings;
  • essays;
  • assignments;
  • personal statements;
  • statements of purpose;
  • letters;
  • CVs and résumés;
  • examination papers;
  • answer sheets;
  • photographs;
  • screenshots;
  • scanned documents;
  • transcripts;
  • certificates;
  • reports;
  • notes;
  • application materials;
  • files;
  • voice messages;
  • audio recordings;
  • video recordings;
  • support communications;
  • ratings;
  • comments; and
  • feedback.

You should not submit information that is unnecessary for the feature or request concerned.

You must not upload another person’s Personal Data unless you have lawful authority or permission to do so.

4.7 Artificial-Intelligence Interaction Information

When you use an AI-powered feature, we may process:

  • your prompt, message or request;
  • relevant previous messages;
  • uploaded materials;
  • selected profile information;
  • learning or counselling context;
  • information retrieved to answer your request;
  • generated responses;
  • generated assessments and recommendations;
  • feedback on responses;
  • response ratings;
  • safety classifications;
  • model and system configuration;
  • processing time;
  • token or usage information;
  • model performance information;
  • error information; and
  • information used to evaluate response quality.

We may create summaries, embeddings, classifications or other technical representations of information to provide retrieval, personalisation, search, safety and AI functionality.

4.8 Documents, Photographs and Scanned Information

Where you use document-upload, camera, scanning or image-analysis functionality, we may process:

  • the uploaded image or document;
  • printed or handwritten text;
  • document structure;
  • embedded metadata;
  • academic information;
  • photographs;
  • signatures;
  • names and contact details appearing in the document;
  • document type;
  • extracted text;
  • document classifications; and
  • derived or generated information.

You should review documents before uploading them and remove unnecessary Personal Data where reasonably possible.

4.9 Voice and Video Information

Where you choose to use voice or video features, we may process:

  • voice recordings;
  • audio;
  • speech transcriptions;
  • pronunciation;
  • spoken questions;
  • voice commands;
  • video;
  • images captured through your camera;
  • background content captured by your device;
  • meeting information;
  • technical metadata; and
  • generated summaries or notes.

Unless we expressly inform you otherwise and obtain any legally required consent, we do not use voice or facial information to identify or authenticate you through biometric recognition.

4.10 Device, Browser and Network Information

We may automatically collect:

  • IP address;
  • browser type and version;
  • device type;
  • device model;
  • operating system;
  • application version;
  • screen dimensions;
  • language;
  • time zone;
  • network provider;
  • connection type;
  • device or browser identifiers;
  • mobile advertising identifier, where permitted;
  • application installation source;
  • user-agent information;
  • referral information;
  • crash logs;
  • diagnostic logs;
  • performance information;
  • security information; and
  • other technical information supplied by your device, browser or operating system.

4.11 Usage, Clickstream and Interaction Information

We may collect and analyse how Users interact with the Services, including:

  • pages viewed;
  • screens opened;
  • buttons clicked;
  • links selected;
  • taps;
  • scrolling;
  • cursor or navigation activity;
  • searches;
  • navigation paths;
  • features accessed;
  • content viewed;
  • time spent;
  • session duration;
  • dates and times of access;
  • login activity;
  • referral source;
  • campaign source;
  • advertisement interaction;
  • assessment starts and completions;
  • registration events;
  • subscription events;
  • checkout events;
  • purchase events;
  • conversion events;
  • abandoned actions;
  • notification interactions;
  • email openings;
  • communications selected;
  • errors;
  • failed actions;
  • feature adoption;
  • product funnels; and
  • other events reasonably necessary to understand, secure and improve the Services.

Subject to applicable law and consent requirements, we may use analytics tools, event tracking, heatmaps, interaction analytics and session-replay or similar technologies.

Where session-replay or comparable functionality is used, we will take reasonable steps to mask or exclude passwords, payment credentials, private messages, academic answers and other sensitive input fields.

4.12 Location Information

We may infer your approximate location from:

  • IP address;
  • country settings;
  • language;
  • time zone;
  • network information; or
  • information you provide.

Approximate location may be used for:

  • language and regional settings;
  • legal compliance;
  • pricing;
  • fraud prevention;
  • security;
  • campaign measurement;
  • age-appropriate advertising;
  • product availability; and
  • relevant content.

We do not collect precise device location unless:

  • a feature requires it;
  • you receive an appropriate notice;
  • you provide the required device permission or consent; and
  • the collection is permitted by applicable law.

4.13 Payment, Subscription and Transaction Information

Where you purchase or subscribe to a paid Service, we may process:

  • payer name;
  • billing address;
  • email address;
  • telephone number;
  • selected plan;
  • transaction amount;
  • currency;
  • tax information;
  • invoice information;
  • payment method type;
  • payment status;
  • payment-provider transaction identifier;
  • renewal date;
  • cancellation information;
  • refund information;
  • chargeback information;
  • promotional code;
  • subscription history; and
  • usage entitlement.

Payment-card or banking credentials may be collected directly by a payment provider. We may not receive or retain complete card or bank-account details.

4.14 Support, Grievance and Communication Information

When you communicate with us, we may process:

  • your name and contact details;
  • account information;
  • the content of your request;
  • attachments;
  • support history;
  • complaint information;
  • call or meeting notes;
  • grievance information;
  • privacy requests;
  • security reports;
  • correspondence; and
  • our response and resolution history.

4.15 Marketing and Communication-Preference Information

Subject to applicable law, we may process:

  • marketing-consent status;
  • communication preferences;
  • product interests;
  • campaign source;
  • campaign interactions;
  • advertisement impressions or selections;
  • email delivery, opening and selection information;
  • referral information;
  • event participation;
  • audience membership;
  • suppression-list status;
  • consent withdrawal; and
  • opt-out records.

4.16 Information from Schools, Institutions and Organisations

A school, counsellor, institution, employer or other organisation may provide:

  • User name;
  • contact details;
  • student, teacher, counsellor or employee identifier;
  • institution identifier;
  • class or group;
  • curriculum;
  • grade;
  • subjects;
  • account entitlement;
  • User role;
  • assessment information;
  • assignments;
  • reports;
  • progress information;
  • attendance or engagement information;
  • account-management instructions; and
  • other information necessary to provide the contracted Service.

4.17 Information from Third Parties

We may receive information from:

  • identity and login providers;
  • payment providers;
  • app stores;
  • messaging platforms;
  • analytics providers;
  • advertising providers;
  • campaign and referral partners;
  • schools and institutions;
  • counsellors;
  • universities;
  • education providers;
  • service integrations;
  • fraud-prevention services;
  • age-assurance providers; and
  • publicly available sources where lawful and relevant.

The information received depends on the third-party service, your settings, your instructions and the permissions you grant.

4.18 Sensitive Personal Data

Some information submitted through the Services may be treated as sensitive, special-category or otherwise protected information under applicable law, including information concerning:

  • children;
  • health;
  • disability;
  • race or ethnicity;
  • religion;
  • government identifiers;
  • financial accounts;
  • precise location;
  • immigration;
  • private communications; or
  • another legally protected characteristic.

We do not generally require Users to provide such information unless it is relevant to a specific requested feature or lawful purpose.

Please do not enter unnecessary sensitive information into general chat, feedback or upload features.

Where sensitive Personal Data is required, we will process it only where a lawful basis exists and apply additional safeguards where appropriate.

5. Information We Generate, Combine and Derive

We may combine information obtained:

  • through different devices;
  • through different sessions;
  • from different pages;
  • from different LARA, CARA and EdviseMe Services;
  • from website and application use;
  • from WhatsApp or other messaging use;
  • from account and subscription records;
  • from schools or institutions;
  • from connected services; and
  • from advertising, analytics or referral partners.

We may combine this information to:

  • recognise a User across our Services;
  • provide a consistent account experience;
  • maintain learning and counselling history;
  • personalise the Services;
  • understand User journeys;
  • prevent duplicate accounts;
  • prevent fraud;
  • measure marketing;
  • improve products;
  • develop new functionality;
  • administer subscriptions; and
  • protect the Services.

Where required by law, we will obtain consent before combining information for a particular purpose.

We may derive or infer information from existing information, including likely interests, learning requirements, academic development areas, preferred courses, relevant features, likely next actions, engagement patterns and campaign attribution.

6. How We Collect Personal Data

We may collect or obtain Personal Data:

  • directly from you when you register, enter information, upload content, complete assessments, make purchases, communicate with us or use the Services;
  • from a parent or guardian where they create, approve, pay for, supervise or manage an account;
  • from a school, institution or organisation where it provides or administers the account or Service;
  • automatically through cookies, logs, tags, pixels, SDKs, APIs, analytics tools, local storage and similar technologies;
  • from connected third-party services where you use a login, messaging, payment, application, communication or other integration;
  • from other authorised Users, including teachers, counsellors, parents or administrators;
  • from service providers, including fraud, verification, analytics, attribution and payment providers;
  • from publicly available sources where lawful and reasonably relevant; and
  • through generation and inference where our systems produce scores, reports, classifications, recommendations or other derived information.

7. How We Use Personal Data

We may use Personal Data for the purposes described below.

7.1 Providing and Administering the Services

We may use Personal Data to:

  • create and manage accounts;
  • authenticate Users;
  • provide access;
  • deliver requested features;
  • maintain account information;
  • provide AI interactions;
  • maintain conversation context;
  • answer questions;
  • generate content;
  • analyse uploaded materials;
  • deliver learning activities;
  • conduct assessments;
  • evaluate answers;
  • generate reports;
  • provide recommendations;
  • create learning plans;
  • provide counselling support;
  • maintain progress;
  • manage applications;
  • provide parent, teacher or counsellor dashboards;
  • link authorised accounts;
  • enable sharing requested by the User;
  • process subscriptions and payments; and
  • otherwise fulfil User requests.

7.2 Personalising and Adapting the Services

We may use Personal Data to:

  • tailor content by curriculum, grade, subjects or goals;
  • recommend topics;
  • identify areas for revision;
  • adjust assessment difficulty;
  • personalise learning plans;
  • personalise dashboards;
  • remember settings;
  • maintain continuity between sessions;
  • recommend courses, careers, institutions or scholarships;
  • prioritise relevant features;
  • provide relevant reminders;
  • adapt language and explanations;
  • improve the relevance of AI responses; and
  • provide age-appropriate experiences.

7.3 Assessments, Reports and Recommendations

We may use Personal Data to create:

  • quiz results;
  • assessment results;
  • estimated performance;
  • academic-readiness indicators;
  • strengths and weakness analysis;
  • mistake books;
  • revision recommendations;
  • progress reports;
  • aptitude or interest reports;
  • career recommendations;
  • course recommendations;
  • university matches;
  • scholarship suggestions;
  • application guidance;
  • counselling reports;
  • learner profiles; and
  • other personalised outputs.

Such outputs are intended to assist Users and are not guarantees of grades, admissions, scholarships, visas, employment or other outcomes.

7.4 Developing and Improving Artificial-Intelligence Systems

We may process prompts, interactions, User Content, feedback, Outputs, usage information and technical information to:

  • generate requested responses;
  • maintain relevant context;
  • evaluate response quality;
  • evaluate model performance;
  • detect errors;
  • detect unsafe or inappropriate responses;
  • develop prompts and workflows;
  • improve retrieval;
  • improve recommendations;
  • improve automated assessments;
  • test new features;
  • train, fine-tune or evaluate systems;
  • conduct quality assurance;
  • debug technical problems;
  • improve safety controls;
  • improve reliability; and
  • develop new Services.

Where reasonably appropriate, we use aggregated, de-identified, anonymised or pseudonymised information for system development, training, testing and evaluation.

We may also use identifiable interactions and User Content to develop and improve the Services where:

  • the use is reasonably related to providing or improving the Services;
  • the processing is permitted by applicable law;
  • we have provided any notice required by law;
  • consent is obtained where legally required; and
  • any available opt-out or objection is honoured where applicable.

We will not use identifiable Personal Data from known Young Users to train an unrelated general-purpose advertising model.

We may use Young User information to provide, personalise, secure, evaluate and improve the educational or counselling Service used by that Young User, subject to applicable law, appropriate safeguards and any required parental authorisation.

We may use de-identified, aggregated or statistical information derived from Young User activity to evaluate and improve the Services, provided it is not reasonably used to identify the individual.

7.5 Product Analytics and Service Improvement

We may use usage, clickstream, event and interaction information to:

  • understand how Users navigate the Services;
  • understand User journeys;
  • identify popular or underused features;
  • measure feature adoption;
  • identify usability issues;
  • measure registration and subscription funnels;
  • analyse assessment completion;
  • diagnose errors;
  • prevent crashes;
  • improve application performance;
  • improve accessibility;
  • conduct A/B testing;
  • test interface changes;
  • allocate infrastructure;
  • improve content;
  • develop new products;
  • understand regional demand; and
  • measure the effectiveness of product changes.

Where applicable law requires consent for particular analytics technologies, we will request that consent.

7.6 Security, Safety, Integrity and Fraud Prevention

We may use Personal Data to:

  • secure accounts;
  • authenticate Users;
  • detect suspicious access;
  • detect bots;
  • prevent fraud;
  • prevent payment abuse;
  • prevent account sharing or circumvention;
  • enforce usage limits;
  • detect prohibited content;
  • detect cheating, impersonation or misuse;
  • investigate security events;
  • protect systems;
  • preserve evidence;
  • enforce our Terms and policies;
  • protect Users, institutions and third parties; and
  • maintain the integrity of the Services.

7.7 Support and Service Administration

We may use information to:

  • respond to questions;
  • resolve technical issues;
  • investigate complaints;
  • recover accounts;
  • process privacy requests;
  • process grievances;
  • provide billing assistance;
  • communicate with parents or institutions where appropriate;
  • improve support quality; and
  • maintain support records.

7.8 Payments, Subscriptions and Financial Administration

We may process Personal Data to:

  • process transactions;
  • activate paid features;
  • manage subscriptions;
  • calculate taxes;
  • issue invoices;
  • administer renewals;
  • administer cancellations;
  • process lawful refunds;
  • investigate failed payments;
  • prevent payment fraud;
  • address chargebacks;
  • maintain financial records; and
  • comply with tax and accounting requirements.

7.9 Transactional and Service Communications

We may send:

  • account-verification messages;
  • password and security alerts;
  • OTPs;
  • subscription notices;
  • renewal notices;
  • payment notices;
  • requested reports;
  • learning reminders;
  • parent or teacher notifications;
  • application-status information;
  • support responses;
  • service updates;
  • legal notices;
  • policy updates; and
  • other communications reasonably necessary to provide or administer the Services.

You may not be able to opt out of communications necessary to operate the account, complete a requested transaction, protect security or comply with law.

7.10 Marketing and Promotions

Subject to applicable law and consent requirements, we may use Personal Data to:

  • send product news;
  • send educational or career-related content;
  • promote subscriptions;
  • communicate offers;
  • invite Users to events;
  • conduct referral campaigns;
  • measure campaigns;
  • understand campaign sources;
  • attribute registrations and purchases;
  • manage affiliate or referral relationships;
  • limit repeated advertising;
  • create or use advertising audiences where lawful;
  • display relevant advertising;
  • optimise campaign delivery; and
  • improve marketing effectiveness.

You may withdraw consent to optional direct marketing at any time.

7.11 Age-Appropriate Advertising to Young Users

We may advertise age-appropriate LARA, CARA and EdviseMe Services to Users aged 13 to 17 where permitted by applicable law and the rules of the relevant advertising platform.

Depending on the User’s jurisdiction, age, consent status and the platform used, advertising may be selected using limited criteria such as:

  • age range;
  • broad geographic location;
  • language;
  • context;
  • the general subject matter of the page or Service; and
  • other criteria expressly permitted by applicable law and platform rules.

We may use limited and proportionate information for lawful:

  • campaign measurement;
  • aggregate conversion reporting;
  • attribution;
  • fraud prevention;
  • security;
  • frequency management;
  • reach measurement; and
  • understanding whether an advertisement resulted in a visit, registration or purchase.

We do not use a known Young User’s:

  • private AI conversations;
  • uploaded documents;
  • examination answers;
  • academic marks;
  • target marks;
  • identified learning difficulties;
  • counselling notes;
  • scholarship information;
  • immigration information;
  • psychometric responses; or
  • other sensitive educational information to determine which advertisements are shown to that User.

Where prohibited by applicable law, we do not:

  • behaviourally monitor a Young User for advertising purposes;
  • create an advertising profile based on a Young User’s activity;
  • use a Young User’s clicks, searches, assessment activity or learning behaviour for personalised or cross-context behavioural advertising;
  • place a known Young User in a remarketing, retargeting, custom-audience or lookalike-audience programme;
  • disclose a known Young User’s Personal Data to an advertising partner for targeted advertising; or
  • direct targeted advertising to a Young User.

Advertising and tracking practices may differ based on the User’s age, country, consent choices and applicable legal requirements.

Nothing in this section prevents us from:

  • advertising an age-appropriate Service to a general audience;
  • advertising based on age range or broad location where permitted;
  • using contextual advertising;
  • promoting the Services through schools, parents or education channels;
  • measuring campaigns on an aggregated basis; or
  • advertising in another manner that does not involve prohibited use of a Young User’s Personal Data.

7.12 Research, Analytics and Statistical Purposes

We may use aggregated, de-identified, anonymised or statistical information to:

  • understand educational trends;
  • evaluate learning outcomes;
  • understand career interests;
  • improve educational content;
  • evaluate product effectiveness;
  • benchmark platform performance;
  • conduct internal research;
  • create reports;
  • support product development;
  • support business planning; and
  • understand market demand.

We may retain and use properly de-identified or aggregated information for these purposes for an extended period.

We will not describe information as anonymous where it remains reasonably capable of identifying an individual.

7.13 Legal Compliance and Protection

We may process Personal Data to:

  • comply with applicable law;
  • respond to valid legal process;
  • comply with tax and accounting obligations;
  • investigate fraud or unlawful conduct;
  • enforce agreements;
  • protect intellectual property;
  • establish, exercise or defend legal claims;
  • protect the safety of Users or other persons;
  • protect the Services;
  • cooperate with lawful investigations; and
  • respond to courts, regulators or governmental authorities.

7.14 Corporate and Business Operations

We may process Personal Data for:

  • internal administration;
  • corporate governance;
  • auditing;
  • reporting;
  • risk management;
  • insurance;
  • business continuity;
  • financial planning;
  • due diligence;
  • financing;
  • investment;
  • restructuring;
  • merger;
  • acquisition;
  • asset sale; or
  • transfer of all or part of our business.

8. Legal Bases for Processing

The legal ground we rely upon depends on the jurisdiction, User, information and purpose.

Where applicable, we may rely on one or more of the following grounds.

8.1 Performance of a Contract

We may process Personal Data where necessary to:

  • create and administer an account;
  • provide requested Services;
  • generate requested Outputs;
  • process documents;
  • provide assessments and reports;
  • process purchases;
  • provide customer support;
  • fulfil our Terms of Service; and
  • take steps requested before entering into a contract.

8.2 Consent

We may rely on consent for:

  • non-essential cookies;
  • advertising technologies;
  • optional analytics;
  • optional marketing;
  • sensitive Personal Data;
  • precise location;
  • optional recordings;
  • parental authorisation;
  • optional integrations;
  • use of information for a new incompatible purpose; and
  • other processing where consent is legally required.

You may withdraw consent at any time.

Withdrawal does not affect processing lawfully undertaken before withdrawal.

Where information is necessary for a requested feature, withdrawing consent may prevent us from continuing to provide that feature.

8.3 Legitimate Interests

Where permitted, we may process Personal Data for our legitimate interests or the legitimate interests of another person, including:

  • operating the Services;
  • improving product functionality;
  • developing relevant features;
  • maintaining security;
  • preventing fraud;
  • protecting legal rights;
  • providing support;
  • administering our business;
  • measuring basic product performance;
  • understanding User needs;
  • maintaining service reliability; and
  • communicating important Service information.

Where required, we balance those interests against the User’s rights, reasonable expectations and potential impact.

We apply particular care where the User is a Young User.

8.4 Legal Obligations

We may process Personal Data where necessary to comply with:

  • data-protection law;
  • consumer-protection law;
  • taxation and accounting requirements;
  • court orders;
  • regulatory duties;
  • lawful governmental requests;
  • recordkeeping requirements; and
  • other applicable legal obligations.

8.5 Vital Interests, Safety and Public Interests

In exceptional cases, we may process or disclose information where reasonably necessary to protect:

  • a User’s life;
  • another person’s life;
  • physical safety;
  • another vital interest; or
  • a substantial public interest recognised by applicable law.

8.6 User-Requested and Permitted Processing

Where permitted by applicable law, we may process information voluntarily provided by a User for the purpose requested by the User or for another compatible purpose reasonably connected with providing the Services.

9. Artificial Intelligence and Automated Processing

9.1 AI Technologies Used

The Services may use:

  • large language models;
  • machine-learning systems;
  • recommendation systems;
  • automated assessment tools;
  • document extraction;
  • optical and handwriting analysis;
  • speech-to-text systems;
  • text-to-speech systems;
  • retrieval systems;
  • classification tools;
  • moderation systems;
  • scoring systems; and
  • automated safety tools.

Information submitted through an AI-powered feature may be processed by one or more technical service providers to generate, secure, evaluate or improve the requested response.

9.2 Recommendations and Inferences

Our systems may infer or estimate:

  • academic strengths;
  • areas requiring improvement;
  • engagement patterns;
  • subject preferences;
  • likely learning needs;
  • course suitability;
  • career interests;
  • institution compatibility;
  • academic readiness;
  • likely next actions; and
  • relevant recommendations.

These inferences are probabilistic and may be incomplete or incorrect.

They should not be treated as definitive statements about intelligence, personality, capability, future performance, admission prospects or career success.

9.3 Automated Assessments

Automated evaluation may be used to:

  • assess answers;
  • compare answers with expected steps;
  • estimate marks;
  • identify mistakes;
  • suggest improvements;
  • generate practice activities; and
  • create progress indicators.

Automated results may differ from those provided by a teacher, examination board, university or other authority.

9.4 Decisions With Legal or Similarly Significant Effects

We do not intend to use solely automated processing to make final decisions concerning:

  • school or university admission;
  • employment or termination of employment;
  • immigration or visas;
  • credit;
  • insurance;
  • healthcare;
  • government benefits; or
  • access to an essential service.

The Services may provide recommendations, estimates or support, but final decisions are made by relevant third parties or appropriately authorised persons.

Where applicable law gives you rights concerning automated decisions, you may request:

  • meaningful information about the processing;
  • human review;
  • correction of inaccurate input information;
  • an opportunity to express your view; or
  • reconsideration of an eligible decision.

9.5 Human Review and Quality Assurance

Authorised personnel or contractors may review limited interactions or content where reasonably necessary to:

  • investigate a support request;
  • investigate a safety concern;
  • investigate misuse;
  • evaluate quality;
  • correct an error;
  • improve prompts or workflows;
  • test system performance;
  • comply with law; or
  • protect Users and the Services.

Access is limited according to role and purpose and is subject to confidentiality and security requirements.

10. Cookies and Similar Technologies

We may use:

  • cookies;
  • pixels;
  • tags;
  • SDKs;
  • scripts;
  • APIs;
  • local storage;
  • device identifiers;
  • advertising identifiers;
  • browser storage;
  • server-side event tracking;
  • conversion APIs;
  • analytics tools;
  • heatmaps;
  • attribution tools; and
  • similar technologies.

These technologies may be used for:

  • authentication;
  • security;
  • fraud prevention;
  • account continuity;
  • preferences;
  • functionality;
  • analytics;
  • product improvement;
  • application performance;
  • campaign attribution;
  • conversion measurement;
  • advertising;
  • audience management; and
  • frequency management.

We may use Google Tag Manager or similar tag-management systems to manage these technologies.

Google Tag Manager manages tags, but individual technologies activated through it may independently collect information for their disclosed purposes.

Where applicable law requires prior consent:

  • non-essential technologies will not be activated before the required consent is received;
  • Users will be given an appropriate method to accept or reject optional categories;
  • choices may be changed through our cookie-preference controls; and
  • withdrawal will apply to future collection.

Further information is available in our Cookie and Tracking Technologies Policy at:

https://edviseme.com/legal/cookies

11. Google, Meta and Other Analytics and Advertising Technologies

Subject to applicable law and User choices, our websites and applications may use services provided by Google, Meta and other analytics, advertising, attribution and technology providers.

These may include:

  • Google Tag Manager;
  • Google Analytics;
  • Google advertising and conversion technologies;
  • Firebase;
  • Meta Pixel;
  • Meta Conversions API;
  • advertising attribution tools;
  • product-analytics tools;
  • error-monitoring tools;
  • campaign-management tools; and
  • similar current or future services.

Depending on their configuration, these technologies may receive:

  • IP address;
  • browser and device information;
  • cookie or device identifiers;
  • approximate location;
  • page or screen viewed;
  • referral information;
  • campaign information;
  • selected events;
  • registration events;
  • assessment events;
  • checkout events;
  • purchase events;
  • subscription events; and
  • other permitted interaction information.

We may use enhanced conversion, advanced matching, server-side event or similar technology for eligible adult Users where:

  • permitted by law;
  • any required notice has been provided;
  • any required consent has been obtained; and
  • applicable opt-out choices are respected.

We do not intentionally send advertising partners private AI chats, examination answers, uploaded documents or sensitive educational records as advertising-event parameters.

Known Young Users may be placed into a restricted advertising and analytics configuration based on applicable law and platform rules.

12. Sale, Sharing and Targeted Advertising

We do not sell Personal Data in exchange for money.

However, some privacy laws use the terms “sale”, “sharing”, “targeted advertising” or “cross-context behavioural advertising” broadly.

Under those laws, our use of:

  • advertising pixels;
  • advertising cookies;
  • conversion APIs;
  • audience tools;
  • social-media integrations; or
  • other advertising technologies may be classified as sale, sharing or targeted advertising even where no money is paid for the information.

Where applicable, eligible Users may opt out through:

  • our cookie-preference centre;
  • a “Your Privacy Choices” or equivalent link;
  • an applicable browser-based opt-out preference signal; or
  • a request to support@edviseme.com.

We do not knowingly sell Personal Data belonging to a known Young User for money.

We do not knowingly share a known Young User’s Personal Data for targeted advertising where such sharing is prohibited by applicable law.

13. When We Disclose Personal Data

We may disclose Personal Data to the following categories of recipients.

13.1 Service Providers and Processors

We may use service providers for:

  • cloud infrastructure;
  • hosting;
  • databases;
  • content delivery;
  • file storage;
  • AI processing;
  • model hosting;
  • document extraction;
  • speech processing;
  • authentication;
  • age assurance;
  • security;
  • monitoring;
  • analytics;
  • product operations;
  • error reporting;
  • communications;
  • email;
  • SMS;
  • WhatsApp and messaging;
  • customer support;
  • payment processing;
  • billing;
  • tax administration;
  • fraud prevention;
  • marketing;
  • attribution;
  • consent management; and
  • professional services.

These providers may process Personal Data only for the relevant service and subject to contractual, confidentiality and security obligations appropriate to their role.

13.2 AI and Infrastructure Providers

We may disclose prompts, content, files, technical information and relevant account context to AI, cloud and infrastructure providers where necessary to:

  • generate a response;
  • transcribe audio;
  • process documents;
  • host models;
  • store information;
  • retrieve information;
  • provide safety checks;
  • monitor reliability; or
  • operate the Services.

We seek to limit disclosure to information reasonably necessary for the relevant function.

13.3 Parents and Guardians

Where an account is linked to or managed by a parent or guardian, we may provide authorised access to:

  • account information;
  • consent records;
  • profile details;
  • progress;
  • assessment activity;
  • learning goals;
  • reports;
  • usage information;
  • safety or security notices;
  • subscription information; and
  • other information disclosed during the account-linking process.

A Young User’s privacy rights belong to the Young User, although a parent or guardian may exercise or support those rights where legally authorised.

13.4 Schools, Teachers, Counsellors and Institutions

Where an account is provided by, linked to or used through an organisation, we may disclose information to authorised representatives, including:

  • account status;
  • User role;
  • class or group;
  • curriculum;
  • assignments;
  • submissions;
  • assessment activity;
  • answers;
  • marks;
  • progress;
  • reports;
  • engagement information;
  • learning plans;
  • counselling information; and
  • administrative information.

The scope of access depends on:

  • the User’s role;
  • the Service;
  • the institution’s configuration;
  • the applicable agreement;
  • the purpose for which the information was collected; and
  • applicable law.

13.5 Counsellors and Authorised Advisers

Where a User requests counselling or adviser support, we may disclose relevant information to the assigned or selected adviser, including:

  • profile information;
  • goals;
  • academic information;
  • interests;
  • reports;
  • shortlists;
  • application information;
  • messages;
  • counselling notes; and
  • progress.

13.6 Universities, Education Providers, Scholarship Providers and Employers

We may disclose information to such organisations where:

  • you request or authorise the disclosure;
  • it is necessary to complete an application requested by you;
  • you instruct us to communicate with the recipient;
  • an institution-managed relationship lawfully requires it; or
  • another lawful basis applies.

The receiving organisation will generally process the information under its own privacy notice.

13.7 Payment and Financial Providers

We may disclose transaction and account information to:

  • payment processors;
  • app stores;
  • banks;
  • card networks;
  • tax providers;
  • invoicing providers;
  • accounting providers; and
  • fraud-prevention services.

13.8 Analytics and Advertising Providers

Subject to applicable law, consent and opt-out rights, we may disclose limited:

  • device information;
  • browser information;
  • cookie or advertising identifiers;
  • campaign information;
  • page or screen information;
  • interaction events;
  • conversion events;
  • approximate location; and
  • transaction events to analytics, attribution and advertising providers.

Different restrictions may apply to known Young Users.

13.9 Professional Advisers and Insurers

We may disclose information to:

  • lawyers;
  • auditors;
  • accountants;
  • insurers;
  • consultants;
  • investigators; and
  • other professional advisers where reasonably necessary and subject to appropriate duties of confidentiality.

13.10 Legal Authorities, Regulators and Safety Disclosures

We may disclose information where we reasonably believe disclosure is necessary to:

  • comply with law;
  • comply with a court order;
  • respond to valid legal process;
  • respond to a regulator;
  • investigate fraud or unlawful conduct;
  • enforce our agreements;
  • protect intellectual property;
  • protect our systems;
  • protect the rights or safety of a User;
  • respond to an emergency;
  • prevent serious harm; or
  • establish, exercise or defend a legal claim.

Where legally permitted and appropriate, we may notify the affected User.

13.11 Corporate Transactions

If we are involved in a merger, financing, restructuring, acquisition, sale of assets, insolvency, transfer of business or similar transaction, Personal Data may be disclosed to:

  • potential purchasers;
  • investors;
  • lenders;
  • advisers;
  • insurers;
  • affiliates;
  • counterparties; and
  • successors.

Any recipient will be subject to applicable legal and confidentiality obligations.

13.12 Affiliates and Related Businesses

We may disclose information to current or future affiliates, subsidiaries, holding companies or related businesses for:

  • administration;
  • security;
  • support;
  • technology;
  • product operations;
  • corporate governance;
  • shared services;
  • restructuring; and
  • lawful business purposes.

Where required, we will provide notice or obtain consent before an affiliate uses Personal Data for an incompatible independent purpose.

13.13 At Your Direction

We may disclose Personal Data where you:

  • share a report;
  • invite a parent or teacher;
  • connect an account;
  • submit an application;
  • enable an integration;
  • forward content;
  • create a shareable link; or
  • otherwise instruct us to disclose it.

14. Public, Shared and Collaborative Information

Ordinary private chats, educational records and personal reports are not intended to be publicly available.

Information may become visible to other authorised persons where you:

  • create a shareable link;
  • share a report;
  • join a shared class or group;
  • submit work to an institution;
  • collaborate with another User;
  • link a parent, teacher or counsellor;
  • enable a third-party integration;
  • use a shared device;
  • share login credentials; or
  • instruct us to send content to another person.

You should verify the recipient and content before sharing.

We are not responsible for a recipient’s independent use of information after you have lawfully directed us to share it, although the recipient may remain subject to applicable law and separate obligations.

15. Children and Young Users

We recognise that Young Users may require additional privacy protections.

15.1 Age Assurance

We may use proportionate methods to establish or verify age, including:

  • date-of-birth collection;
  • age-range selection;
  • country information;
  • parent confirmation;
  • linked parent accounts;
  • email or OTP verification;
  • institution confirmation;
  • approved age-assurance providers; and
  • another lawful method.

We aim to collect no more information than reasonably necessary for the verification.

15.2 Parent or Guardian Authorisation

Where required, a parent or guardian may be asked to:

  • verify their identity;
  • verify their relationship to the User;
  • confirm their authority;
  • accept applicable terms;
  • approve account creation;
  • provide required privacy consent;
  • approve particular features; and
  • manage relevant privacy settings.

We may retain records reasonably necessary to demonstrate the authorisation and comply with law.

15.3 Age-Appropriate Safeguards

Depending on the Service and applicable law, Young User accounts may receive:

  • higher-privacy defaults;
  • restricted profile visibility;
  • restricted sharing;
  • restricted advertising settings;
  • reduced collection;
  • limited optional tracking;
  • age-appropriate explanations;
  • age-appropriate content;
  • parental involvement;
  • proportionate retention; and
  • additional security or safety controls.

15.4 Educational Personalisation

We may use a Young User’s academic and Service activity to:

  • personalise learning;
  • recommend revision;
  • adapt assessments;
  • maintain progress;
  • identify errors;
  • generate reports;
  • provide counselling;
  • protect the User;
  • improve the Service used by the User; and
  • support parents, teachers or institutions where authorised.

Educational personalisation is distinct from advertising personalisation.

15.5 Product Analytics Concerning Young Users

Subject to applicable law, we may use limited Young User information to:

  • provide the Service;
  • maintain security;
  • remember necessary settings;
  • measure reliability;
  • identify technical errors;
  • understand whether educational features work correctly;
  • prevent fraud;
  • maintain institutional reporting; and
  • improve the Service.

Where consent or parental authorisation is required, we will seek the appropriate authorisation.

15.6 Advertising Concerning Young Users

We may promote age-appropriate Services to Users aged 13 to 17 where lawful.

We will configure advertising practices based on:

  • the User’s known age;
  • country;
  • consent status;
  • applicable law; and
  • advertising-platform rules.

We do not use sensitive educational information from a known Young User to select advertisements.

Where local law prohibits tracking, behavioural monitoring or targeted advertising concerning children, we will restrict or disable the relevant processing.

15.7 Young Users’ Privacy Rights

Privacy rights belong to the Young User, subject to applicable law.

A parent or guardian may exercise or support those rights where legally authorised.

Before acting on a request, we may consider:

  • the User’s age;
  • maturity;
  • understanding;
  • legal capacity;
  • safety;
  • the nature of the information;
  • the nature of the request; and
  • the requesting adult’s authority.

15.8 Users Under 13

The Services are not intended for Users under 13.

If we discover that we collected Personal Data directly from a person under 13 through the ordinary User flow, we may:

  • suspend the account;
  • restrict the account;
  • request parental verification;
  • delete the information;
  • de-identify the information; or
  • take another action required by law.

A parent or guardian who believes a person under 13 has provided Personal Data should contact:

support@edviseme.com Use the subject line:

Child Privacy Request

16. WhatsApp and Other Messaging Services

Where CARA, LARA or EdviseMe is accessed through WhatsApp or another messaging platform:

  • the messaging provider may independently process your information;
  • its terms and privacy policy also apply;
  • your telephone number, profile name and message-delivery information may be available through the integration;
  • messages may be processed by our AI, hosting, database, communication and support providers;
  • the messaging provider may store information independently according to its own practices;
  • information may be linked to your existing LARA, CARA or EdviseMe account where appropriate; and
  • deleting content from our Service may not delete information independently retained by the messaging provider.

Do not send unnecessary sensitive Personal Data through a third-party messaging service.

17. App Stores, Devices and Operating Systems

Where a mobile application is downloaded, installed or purchased through an app store:

  • the app-store provider may independently process device, account, subscription and transaction information;
  • the provider’s privacy policy applies to its processing;
  • subscriptions may be managed by the provider;
  • deleting the application does not necessarily cancel a subscription;
  • deleting the application does not necessarily delete your account; and
  • app-store purchase information may be supplied to us.

Your device or operating system may provide controls for:

  • camera;
  • microphone;
  • photographs;
  • files;
  • notifications;
  • location;
  • contacts;
  • advertising identifiers; and
  • other permissions.

You can manage these permissions through your device settings. Disabling a required permission may prevent a feature from functioning.

18. International Data Transfers

We operate from India and may use providers, systems and personnel located in India, the United States, the United Kingdom, the European Economic Area and other countries.

Personal Data may therefore be:

  • collected in one country;
  • transferred to another country;
  • stored in another country; or
  • accessed by authorised recipients in another country.

Privacy laws in the receiving country may differ from those in your country.

Where required by applicable law, we may use safeguards such as:

  • adequacy decisions;
  • standard contractual clauses;
  • the United Kingdom’s approved transfer mechanisms;
  • data-processing agreements;
  • contractual privacy and security requirements;
  • transfer-risk assessments;
  • technical controls;
  • consent where appropriate; and
  • other lawful transfer mechanisms.

We may also transfer information where the transfer is necessary to:

  • perform a contract requested by you;
  • provide the Service;
  • complete an application directed by you;
  • establish or defend legal claims;
  • protect vital interests;
  • comply with law; or
  • fulfil another legally permitted purpose.

You may contact us for additional information concerning safeguards relevant to your Personal Data.

19. Data Retention

We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy.

The applicable period depends on:

  • the nature and sensitivity of the information;
  • the purpose of processing;
  • the User’s age;
  • account activity;
  • the Service concerned;
  • User settings;
  • contractual obligations;
  • institutional instructions;
  • legal obligations;
  • tax and accounting requirements;
  • applicable limitation periods;
  • security requirements;
  • the risk of fraud or misuse;
  • the existence of a dispute; and
  • whether the information can be de-identified.

19.1 Account and Profile Information

We may retain account and profile information for the duration of the account and for a reasonable period after closure where necessary for:

  • account recovery;
  • security;
  • fraud prevention;
  • dispute resolution;
  • legal compliance;
  • financial reconciliation; and
  • enforcement.

19.2 Learning, Counselling and Progress Information

We may retain learning, counselling and progress information for as long as reasonably necessary to:

  • preserve User history;
  • provide longitudinal reports;
  • maintain learning continuity;
  • provide counselling continuity;
  • comply with institutional requirements;
  • respond to disputes; and
  • provide the requested Service.

19.3 Chats, Prompts and User Content

We may retain chats, prompts and User Content for as long as reasonably necessary to:

  • maintain conversation history;
  • provide requested features;
  • generate reports;
  • preserve account continuity;
  • provide support;
  • investigate safety concerns;
  • debug errors;
  • improve the Services;
  • comply with law; and
  • resolve disputes.

Account settings may provide controls for deleting certain content.

19.4 Payment and Transaction Records

We may retain payment and transaction records for the period required by:

  • tax law;
  • accounting law;
  • payment rules;
  • fraud prevention;
  • chargeback management;
  • audit requirements; and
  • dispute limitation periods.

19.5 Consent and Preference Records

We may retain consent and preference records for as long as reasonably necessary to:

  • demonstrate consent;
  • demonstrate withdrawal;
  • maintain marketing suppression;
  • maintain cookie preferences;
  • demonstrate parental authorisation; and
  • comply with legal obligations.

19.6 Security and Diagnostic Information

We may retain security and diagnostic information for a reasonable monitoring period, which may be extended where:

  • an incident occurs;
  • an investigation is pending;
  • fraud is suspected;
  • litigation is reasonably anticipated; or
  • a legal requirement applies.

19.7 Institution-Managed Information

We may retain institution-managed information according to:

  • the applicable agreement;
  • the institution’s lawful instructions;
  • the User’s relationship with the institution;
  • legal requirements; and
  • our independent legal and security obligations.

19.8 Inactive Accounts

We may delete, anonymise or de-identify information associated with inactive accounts after a reasonable period.

Where reasonably practicable and legally required, we may provide notice before deleting material account information.

19.9 Backups

Deleted information may remain temporarily in encrypted or access-restricted backups until overwritten through normal backup and disaster-recovery cycles.

We do not ordinarily restore deleted User information from backups except where necessary for:

  • disaster recovery;
  • security;
  • legal compliance; or
  • business continuity.

19.10 Legal Holds

We may retain information beyond an ordinary retention period where reasonably necessary for:

  • litigation;
  • regulatory inquiries;
  • fraud investigations;
  • security incidents;
  • tax matters;
  • enforcement;
  • complaints;
  • legal claims; or
  • another legal obligation.

19.11 De-identified and Aggregated Information

We may retain properly de-identified, anonymised, aggregated or statistical information for a longer or indefinite period where it is not reasonably used to identify an individual.

20. Security

We use reasonable administrative, organisational, physical and technical measures designed to protect Personal Data.

These may include:

  • role-based access;
  • authentication;
  • password controls;
  • encryption in transit;
  • encryption at rest where appropriate;
  • network protections;
  • database security;
  • access logging;
  • monitoring;
  • backups;
  • environment separation;
  • vendor assessments;
  • confidentiality obligations;
  • security testing;
  • incident-response procedures;
  • least-privilege access;
  • data minimisation; and
  • employee and contractor controls.

No system, internet transmission or storage method is completely secure.

We do not guarantee that unauthorised access, loss, misuse, alteration or disclosure will never occur.

Users are responsible for:

  • protecting account credentials;
  • protecting OTPs;
  • using secure devices;
  • logging out of shared devices;
  • avoiding unauthorised account sharing;
  • reviewing content before uploading it; and
  • notifying us promptly about suspected compromise.

Security concerns may be reported to:

support@edviseme.com Use the subject line:

Security Report

21. Personal Data Breaches

Where a Personal Data breach occurs, we will take reasonable steps to:

  • investigate;
  • contain the incident;
  • remediate affected systems;
  • assess likely risk;
  • preserve required records;
  • notify regulators where required; and
  • notify affected individuals where required.

A notification may include:

  • the nature of the incident;
  • affected information;
  • likely consequences;
  • steps taken;
  • protective steps recommended to the User; and
  • a contact point.

We may delay or limit details where necessary to:

  • protect security;
  • avoid compromising an investigation;
  • comply with law-enforcement instructions; or
  • protect another person’s rights.

22. Your Privacy Rights

Depending on your location and applicable law, you may have the right to:

  • know whether we process your Personal Data;
  • receive information about processing;
  • access Personal Data;
  • receive a copy of Personal Data;
  • correct inaccurate information;
  • complete incomplete information;
  • update information;
  • request deletion or erasure;
  • withdraw consent;
  • object to processing;
  • restrict processing;
  • request data portability;
  • opt out of targeted advertising;
  • opt out of sale or sharing as legally defined;
  • opt out of certain profiling;
  • request human review of certain automated decisions;
  • nominate another person to exercise rights where available;
  • appeal a refusal to act;
  • complain to us;
  • complain to a regulator; and
  • receive equal service without unlawful discrimination for exercising a right.

These rights are not absolute.

A request may be limited or refused where permitted by law, including where:

  • we cannot verify the requester;
  • another person’s rights would be adversely affected;
  • retention is legally required;
  • information is protected by legal privilege;
  • the request is manifestly unfounded or excessive;
  • security or fraud prevention would be compromised;
  • the information cannot reasonably be associated with the requester;
  • an applicable legal exception applies; or
  • the requested right is not available in the relevant jurisdiction.

22.1 Submitting a Privacy Request

Send requests to:

support@edviseme.com Use the subject line:

Privacy Request Please include:

  • your full name;
  • account email address or telephone number;
  • the relevant Service;
  • your country of residence;
  • the right you wish to exercise; and
  • sufficient information to identify the relevant account or information.

Do not send unnecessary government identity documents through ordinary email.

22.2 Verification

We may verify a request by:

  • contacting the registered email address;
  • contacting the registered telephone number;
  • requiring account authentication;
  • requesting confirmation of recent account activity;
  • requesting limited additional information;
  • confirming parental or representative authority; or
  • using another proportionate verification method.

Verification information will not be used for unrelated purposes.

22.3 Authorised Representatives

An authorised representative may submit a request where permitted by law.

We may request evidence that:

  • the representative has authority;
  • the User’s identity has been verified;
  • the request reflects the User’s instructions; and
  • the representative’s identity is verified.

22.4 Response Period

We will respond within the period required by applicable law.

Where permitted, we may extend the response period due to:

  • complexity;
  • the volume of requests;
  • verification requirements;
  • third-party consultation; or
  • another legally permitted reason.

22.5 Fees

Privacy requests are generally processed without charge.

Where permitted by law, we may charge a reasonable fee or refuse to act if a request is manifestly unfounded, excessive or repetitive.

22.6 Appeals

Where applicable law gives you a right to appeal, you may appeal by replying to our decision or emailing:

support@edviseme.com Use the subject line:

Privacy Request Appeal Explain why you believe the decision should be reconsidered.

23. Account Correction, Download and Deletion

Certain information may be corrected through account settings.

Where available, you may also download selected reports or account information.

You may request account deletion through:

  • account settings; or
  • support@edviseme.com.

Account deletion may result in the permanent loss of:

  • conversation history;
  • reports;
  • learning progress;
  • assessment history;
  • stored documents;
  • counselling history;
  • preferences;
  • subscription-related access; and
  • other account information.

Deleting an account does not necessarily:

  • cancel an app-store subscription;
  • reverse a completed payment;
  • entitle the User to a refund;
  • delete records required by law;
  • delete information held independently by an institution;
  • delete information another User lawfully retains;
  • delete security or fraud records;
  • delete information needed for a legal claim; or
  • delete de-identified or aggregated information.

Where an account is institution-managed, the User may need to contact the institution separately.

24. Marketing Choices

You may withdraw consent to optional marketing communications by:

  • selecting the unsubscribe link in an email;
  • replying with an available opt-out instruction;
  • changing account preferences;
  • using the method provided in an SMS or WhatsApp message; or
  • contacting support@edviseme.com.

After an opt-out, we may retain limited information on a suppression list to ensure that the opt-out remains effective.

Marketing opt-out does not prevent:

  • account messages;
  • security alerts;
  • payment notices;
  • subscription notices;
  • requested reminders;
  • requested reports;
  • legal notices;
  • support responses; or
  • communications necessary to provide the Services.

25. Cookie, Analytics and Advertising Choices

Where available, you may use our cookie-preference controls to:

  • accept all technologies;
  • reject non-essential technologies;
  • manage functional technologies;
  • manage analytics;
  • manage advertising;
  • withdraw a previous choice; and
  • review current preferences.

Your browser or device may also allow you to:

  • block cookies;
  • delete cookies;
  • restrict tracking;
  • reset an advertising identifier;
  • limit advertising personalisation;
  • control application permissions; or
  • clear local storage.

Blocking certain technologies may affect:

  • login;
  • preferences;
  • embedded content;
  • personalisation;
  • analytics;
  • application functionality; or
  • campaign attribution.

Recognised Opt-Out Preference Signals Where required by applicable law, we will treat a recognised opt-out preference signal, such as Global Privacy Control, as a request to opt out of applicable sale, sharing or targeted advertising for the relevant browser or device.

Do Not Track There is no universally accepted technical standard for all browser “Do Not Track” signals.

We may not respond to such signals unless applicable law requires recognition of the particular signal.

26. Regional Privacy Information

26.1 India

Where Indian data-protection law applies, you may have rights relating to:

  • information about processing;
  • access;
  • correction;
  • completion;
  • updating;
  • erasure;
  • consent withdrawal;
  • grievance redressal;
  • nomination; and
  • complaints to the competent authority.

Consent may be withdrawn using a reasonably comparable method to the one used to provide it.

Withdrawal does not affect processing lawfully undertaken before withdrawal.

We may continue processing where another lawful basis or legal obligation applies.

Where applicable law treats a User as a child, we may:

  • require verifiable parental consent;
  • apply age-appropriate processing;
  • restrict tracking;
  • restrict behavioural monitoring;
  • restrict targeted advertising;
  • apply statutory exemptions where available; and
  • take other measures required by law.

26.2 European Economic Area

Where the General Data Protection Regulation applies, Users may have rights relating to:

  • access;
  • correction;
  • erasure;
  • restriction;
  • objection;
  • portability;
  • consent withdrawal;
  • automated decision-making; and
  • complaints to a supervisory authority.

Our legal bases may include:

  • performance of a contract;
  • consent;
  • legitimate interests;
  • legal obligations; and
  • vital interests.

Where we rely on legitimate interests, you may request additional information about those interests.

Where legally required, we will appoint and identify an EEA representative.

26.3 United Kingdom

Where the UK GDPR applies, Users may have rights broadly corresponding to those described for the European Economic Area.

For Services likely to be accessed by children, we seek to consider:

  • the best interests of the child;
  • age-appropriate transparency;
  • high-privacy defaults;
  • data minimisation;
  • limits on unnecessary profiling;
  • proportionate age assurance;
  • restrictions on unnecessary sharing;
  • age-appropriate content; and
  • parental controls that respect the Young User’s rights.

Where legally required, we will appoint and identify a United Kingdom representative.

26.4 California

Where the California Consumer Privacy Act applies, California residents may have rights to:

  • know the categories and specific pieces of Personal Information collected;
  • know the sources and purposes;
  • know the categories of recipients;
  • request deletion;
  • request correction;
  • receive portable information;
  • opt out of sale or sharing;
  • limit certain uses of sensitive Personal Information; and
  • receive equal treatment when exercising their rights.

We do not sell Personal Information for money.

Advertising-pixel, audience or campaign activity may constitute sale or sharing under California law.

Eligible Users may opt out using our cookie controls, privacy-choice link, recognised opt-out signals or a request to us.

We do not knowingly sell or share Personal Information belonging to a User under 16 without any affirmative authorisation required by applicable law.

Known Users under 18 are subject to the age-appropriate advertising restrictions described in this Privacy Policy.

Depending on Service usage, we may collect and disclose the following categories for business purposes:

  • identifiers, including name, email, telephone number, IP address and account ID;
  • customer-record information, including contact, account, institution and subscription information;
  • commercial information, including purchases, plans, transaction and renewal history;
  • internet or electronic activity, including pages, clicks, sessions, events and interactions;
  • approximate geolocation, including IP-derived country, region or city;
  • audio, visual and electronic information, including uploaded images, documents, voice and video;
  • education information, including grade, subjects, assessments, marks and reports;
  • professional or employment information, including CV, experience, skills and career preferences;
  • inferences, including recommendations, interests and performance indicators; and
  • sensitive Personal Information, including credentials, age, precise location where enabled and sensitive uploaded content.

We retain each category according to the criteria described in Section 19.

26.5 Other United States Jurisdictions

Residents of other US states may have applicable rights concerning:

  • access;
  • correction;
  • deletion;
  • portability;
  • targeted-advertising opt-out;
  • sale opt-out;
  • profiling opt-out;
  • sensitive-data consent; and
  • appeals.

We will honour those rights where applicable.

26.6 Canada

Where Canadian privacy law applies, we seek to:

  • identify processing purposes;
  • limit collection;
  • limit use and retention;
  • apply safeguards;
  • provide transparency;
  • maintain accountability; and
  • support lawful access and correction rights.

26.7 Australia

Where Australian privacy law applies, we seek to:

  • manage Personal Information openly;
  • collect information reasonably necessary for our functions;
  • use information for disclosed or permitted purposes;
  • apply reasonable safeguards;
  • support access and correction; and
  • address cross-border disclosures appropriately.

26.8 Brazil

Where Brazil’s General Data Protection Law applies, Users may have rights concerning:

  • confirmation of processing;
  • access;
  • correction;
  • anonymisation;
  • blocking;
  • deletion;
  • portability;
  • information about disclosures;
  • information about consent;
  • withdrawal of consent;
  • review of certain automated decisions; and
  • complaints to the competent authority.

26.9 Other Jurisdictions

Users may have additional rights under the law of their country, state or territory.

Nothing in this Privacy Policy is intended to remove or restrict a right that cannot lawfully be waived or limited.

27. Third-Party Websites, Platforms and Services

The Services may contain links to or integrate with:

  • universities;
  • schools;
  • employers;
  • scholarship providers;
  • government services;
  • payment providers;
  • app stores;
  • social networks;
  • messaging platforms;
  • video platforms;
  • identity providers; and
  • external websites.

Those third parties may independently collect and process Personal Data.

Their privacy notices, terms and settings govern their independent processing.

We are not responsible for the privacy practices of an independently operated third party.

You should review the relevant third-party privacy information before providing Personal Data or enabling an integration.

28. Providing Personal Data Is Optional in Some Cases

You may choose not to provide certain Personal Data.

However, if information is necessary to:

  • create an account;
  • verify age;
  • verify parental authority;
  • provide a requested feature;
  • process a payment;
  • generate a requested report;
  • comply with law;
  • prevent fraud; or
  • protect security, we may be unable to provide the relevant Service without it.

Optional fields will be identified where reasonably practicable.

29. Accuracy of Information

You are responsible for providing information that is accurate, current and complete.

You should update account information when it changes.

Inaccurate information may affect:

  • personalisation;
  • recommendations;
  • assessments;
  • reports;
  • account recovery;
  • age-appropriate settings;
  • payment processing;
  • communications; and
  • legal compliance.

We may correct or request correction of information where we reasonably believe it is inaccurate, fraudulent or misleading.

30. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

  • changes to the Services;
  • new products or features;
  • changes in technology;
  • changes in data practices;
  • security developments;
  • legal or regulatory changes;
  • corporate changes; or
  • clarification of existing practices.

The updated version will display a revised “Last Updated” date.

Where required, we will provide notice of a material change through:

  • email;
  • an in-app message;
  • a website notice;
  • a parent notification;
  • an institution notification; or
  • another appropriate method.

Where a change requires new consent, we will request that consent before carrying out the affected processing.

We may retain previous versions for audit, legal and compliance purposes.

31. Grievances and Complaints

You may submit a privacy complaint or grievance to:

Email: support@edviseme.com Subject: Privacy Grievance Please include:

  • your name;
  • account information;
  • the relevant Service;
  • a description of the issue;
  • relevant dates;
  • the outcome requested; and
  • supporting information.

We may request additional information to:

  • verify identity;
  • understand the complaint;
  • investigate the matter; and
  • protect another person’s rights.

We will acknowledge and respond within the period required by applicable law.

Where you remain dissatisfied, you may have the right to contact the applicable privacy, data-protection, consumer or regulatory authority.

Grievance Officer Name: Rachael Kharshong Designation: Grievance Officer Address: Pentagon, Amrutha Valley, Hyderabad – 500034, Telangana, India Email: support@edviseme.com

32. Contact Us

Questions, requests or concerns relating to this Privacy Policy may be sent to:

LARA, CARA and EdviseMe Operated by Graztech Private Limited and/or Junom Global Private Limited Pentagon, Amrutha Valley Hyderabad – 500034 Telangana, India Email: support@edviseme.com You may use one of the following subject lines:

  • Privacy Question
  • Privacy Request
  • Child Privacy Request
  • Privacy Grievance
  • Privacy Request Appeal
  • Security Report
  • Marketing Opt-Out

33. Related Policies

This Privacy Policy should be read together with:

  • the Terms of Service at https://edviseme.com/legal/terms;
  • the Cookie and Tracking Technologies Policy at https://edviseme.com/legal/cookies;
  • the Acceptable Use Policy at https://edviseme.com/legal/acceptable-use;
  • the Subscription, Cancellation and Refund Policy at https://edviseme.com/legal/subscriptions; and
  • the Children and Young Users Privacy Notice at https://edviseme.com/legal/children.

Where there is a conflict concerning Personal Data:

  • applicable law will prevail;
  • a specific privacy notice presented at the point of collection will govern the particular processing it describes;
  • the Children and Young Users Privacy Notice will govern child-specific processing;
  • an institution’s privacy notice may govern processing independently controlled by that institution; and
  • this Privacy Policy will otherwise govern our general Personal Data practices.