Privacy Policy | My E tutors

Who we are

Our website address is: https://myetutors.com. providing chemistry education support for Senior secondary classes

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Visitor comments may be checked through an automated spam detection service. Where your data is sent

Where your data is sent

To provide our services, we utilize the web hosting services of Big Rock. All website data, files, and databases are stored on servers operated by Big Rock.

Location of Data: All data is stored exclusively on Big Rock’s servers located in Mumbai, India. No data is transferred to or stored on servers outside of the European Union.

Safeguards for Data Protection: Although the data is stored outside the European Economic Area (EEA), it is hosted in India. To ensure your data is protected to European standards, we rely on the following:

Hosting Provider’s Compliance: Big Rock is a major hosting provider that offers services to a global clientele and maintains robust security practices. Their data centers, such as the GPX facility in India, are certified Tier 4 facilities featuring 24/7 surveillance, biometric access controls, and on-site security personnel.

Security Measures: Big Rock employs industry-standard security measures, including 24/7 network firewall protection, intrusion detection systems, and DDoS protection to safeguard the server infrastructure. We have verified that your specific data is stored on their Indian infrastructure.

To provide our services, we utilize the web hosting services of Big Rock. All website data, files, and databases are stored on servers operated by Big Rock.

Location of Data: All data is stored exclusively on Big Rock’s servers located in Mumbai, India. No data is transferred to or stored on servers outside of the European Union.

No Further Transfers: We do not utilize any other third-party services (such as cloud storage, CRMs, or analytics tools) that would result in the transfer of your data outside of the Big Rock infrastructure.

Contact information

Data Controller and Contact Point

For the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR), the data controller responsible for your personal information is:

My E Tutors
Address: Sector-2, Panchkula, Haryana, India
Email: privacy@myetutors.com

If you have any questions about this privacy policy or how your personal data is handled, wish to exercise your rights (such as accessing, correcting, or deleting your data), or have a privacy-related concern, please contact us using the information above.

Data Protection Officer (DPO)

We do not currently have a legal obligation to appoint a Data Protection Officer (DPO). Our business does not fall under the specific criteria outlined in Article 37 of the GDPR, which requires a DPO for organizations whose core activities involve large-scale, systematic monitoring of individuals or large-scale processing of sensitive data. For any privacy inquiries, please direct them to the contact provided above .

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data is not being handled in accordance with the law. In the European Union, this would be the data protection authority in the member state of your habitual residence, place of work, or the alleged infringement

Additional information

Additional Information for E-Tutoring and Online Course Services

1. Types of Personal Data We Collect

In addition to basic contact information, we collect the following categories of data to provide our educational services:

Category	Specific Data Collected
Account Information	Full name, email address, phone number, date of birth (for age verification), parent/guardian contact details (where student is a minor)
Academic Records	Course enrollments, class participation records, test scores, assignment submissions, quiz results, certificates of completion, and learning progress data
Payment Information	Billing name and address, transaction history, and payment confirmation details (full payment card details are processed by our payment gateway and are not stored by us)
Communication Data	Messages exchanged with tutors, support inquiries, feedback, and reviews
Technical Data	IP address, browser type, device information, login timestamps, and course activity logs for security and analytics purposes

2. How We Use Your Personal Data

We process your personal data for the following purposes, based on the legal grounds specified:

Purpose	Legal Basis
Providing Educational Services: To create and manage your account, enroll you in courses, deliver live tuition sessions, provide access to course materials, conduct tests and assessments, and issue certificates of completion	Performance of a contract (Article 6(1)(b) GDPR)
Payment Processing: To process payments for courses and services, issue invoices, and manage refunds	Performance of a contract (Article 6(1)(b) GDPR)
Academic Integrity: To verify student identity during tests and examinations, monitor for cheating or plagiarism, and maintain assessment integrity	Legitimate interest (Article 6(1)(f) GDPR) – ensuring fairness and academic standards
Safeguarding Minors: To ensure the safety and well-being of students, particularly those under 18, and to comply with child protection obligations	Legal obligation / Vital interests (Article 6(1)(c) and (d) GDPR)
Service Improvement: To analyze usage patterns, evaluate course effectiveness, and improve our educational offerings	Legitimate interest (Article 6(1)(f) GDPR)
Communication: To send course updates, reminders, and respond to your inquiries	Performance of a contract / Legitimate interest
Marketing: To inform you about new courses, special offers, or educational content (only where you have consented or where permitted by law)	Consent (Article 6(1)(a) GDPR)

3. Academic Integrity and Student Conduct

Our platform is committed to maintaining high academic standards. To ensure fair and honest assessment:

Identity Verification: We may require students to verify their identity before participating in tests or examinations. This may include providing proof of identification or, in some cases, using video proctoring or keystroke pattern analysis to prevent fraud .
Plagiarism and Cheating: Students are expected to complete all assignments and tests independently. We reserve the right to use plagiarism detection tools and to investigate suspected academic misconduct .
Consequences of Violations: Violations of academic integrity may result in annulment of test results, suspension of course access, or termination of the student’s account .

4. Data Sharing with Third Parties

We do not sell your personal data. However, to deliver our services, we share data with the following categories of recipients:

Category of Recipient	Purpose	Data Shared
Payment Processors	To process payments securely	Name, billing address, payment amount (payment card details are handled directly by the processor)
Hosting Provider (BigRock)	To store website and user data	All data stored on our servers in India [as previously discussed]
Analytics Services	To understand platform usage and improve services	Anonymous usage data, IP addresses (with anonymization where possible)
Legal and Regulatory Authorities	To comply with legal obligations	As required by applicable law

All third-party service providers are contractually obligated to process personal data only on our instructions and in accordance with applicable data protection laws. We enter into Data Processing Agreements (DPAs) with all relevant processors .

5. Cookies and Tracking Technologies

Our website uses cookies to enhance your experience and enable core functionality:

Strictly Necessary Cookies: Required for website operation, including login functionality and course access. These do not require consent .
Performance/Analytics Cookies: Used to analyze how visitors use our site (e.g., Google Analytics). These require your consent and are activated only after you accept our cookie banner .
Functionality Cookies: Remember your preferences and settings to personalize your experience .

You can manage your cookie preferences through our cookie banner or your browser settings. Blocking necessary cookies may prevent you from accessing our courses.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Student Accounts: Active student data is retained while your account is active and for the duration of your course enrollment.
Academic Records: Test scores, certificates, and course completion records are retained for a period of 5 years after course completion to verify academic achievements and for record-keeping purposes .
Payment Records: Transaction records are retained for 7 years to comply with tax and accounting legal obligations .
Inactive Accounts: Accounts inactive for more than 12 months may be flagged for deletion after prior notice .

After the retention period expires, personal data will be securely deleted or anonymized.

7. Rights of Students and Parents

If you are a student under the age of 16 (or the applicable age in your country), your parent or guardian must provide consent on your behalf. Parents and legal guardians have the right to:

Access: Request a copy of their child’s personal data we hold .
Rectification: Correct inaccurate or incomplete information .
Deletion: Request deletion of their child’s account and data, subject to legal retention obligations .
Restrict Processing: Limit how we use their child’s data in certain circumstances .
Object: Object to processing based on legitimate interests .

To exercise these rights, please contact us at [your privacy email address] .

8. Updates to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified to you by email or through a prominent notice on our website .

Summary Table: Additional Sections to Add

Section Title	Purpose
Types of Personal Data We Collect	Lists academic and payment data specific to education services
How We Use Your Personal Data	Details purposes and legal bases (contract, legitimate interest, consent)
Academic Integrity and Student Conduct	Establishes rules for cheating prevention and consequences
Data Sharing with Third Parties	Lists payment processors, analytics, and hosting providers
Cookies and Tracking Technologies	Explains cookie types and consent requirements
Data Retention	Specifies how long different types of data are kept
Rights of Students and Parents	Explains GDPR rights for minors and parent controls
Updates to This Policy	Notification process for policy changes

How we protect your data

We take the security of your personal data seriously, particularly given the sensitive nature of academic records and our commitment to protecting students, including minors. We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks presented by our processing activities .

Technical Security Measures

Encryption

Data in Transit: All data transmitted between your browser and our website is protected using SSL/TLS encryption (HTTPS). This ensures that information such as login credentials, payment details, and course materials cannot be intercepted during transmission .
Data at Rest: Any sensitive data stored on our BigRock hosting servers is encrypted to protect against unauthorised access in the event of a security breach .

Secure Hosting Infrastructure
We utilise BigRock’s enterprise-grade hosting services, which provide the following security features :

Web Application Firewall (WAF): Protects against common web exploits such as SQL injection and cross-site scripting (XSS) attacks that could compromise user data
DDoS Protection: Prevents denial-of-service attacks that could disrupt access to courses and tests
24/7 Network Monitoring: Continuous surveillance for suspicious activity and potential threats
Automated Malware Scanning: Daily scans to detect and remove malicious code
Secure Backups: Automated, encrypted backups to enable rapid disaster recovery in the event of data loss or ransomware attack

Access Controls and Authentication

Multi-Factor Authentication (MFA): We strongly encourage (and may require) the use of MFA for administrative accounts and tutor access to protect against credential theft
Role-Based Access Control (RBAC): Access to personal data is restricted based on role—only authorised personnel (administrators and assigned tutors) can access student records, and only to the extent necessary for their responsibilities
Strong Password Policies: All accounts are protected by strong password requirements to prevent unauthorised access

Organisational Security Measures

Staff Training and Awareness

All staff members, including tutors and administrators, receive regular training on data protection principles and security best practices
Training covers topics such as identifying phishing attempts, secure handling of personal data, and proper incident reporting procedures
Staff are contractually bound to confidentiality obligations and may only process personal data on our instructions

Data Protection by Design
We apply the principle of “data protection by design and default” to all our systems and processes :

Data Minimisation: We collect only the personal data necessary for providing our educational services
Purpose Limitation: Data is used only for the purposes disclosed in this privacy policy
Access Restrictions: Default access settings ensure that only essential personnel have data access

Vendor Management

All third-party service providers (such as payment processors) are carefully vetted for security practices
We enter into Data Processing Agreements with relevant vendors to ensure they meet European data protection standards

Protecting Student Data (Minors)

Because our services are offered to senior secondary classes, many users may be under 18. We implement additional safeguards:

Parental Consent: Where required, we obtain verifiable parental consent before collecting personal data from minors
Restricted Data Collection: We limit data collection from students to what is necessary for educational purposes
Privacy by Default: Privacy settings for student accounts are configured to the highest protection level by default
No Unnecessary Sharing: Student data is never shared for marketing or unrelated commercial purposes

Data Breach Response

Despite our best efforts, no security measures are perfect. In the event of a personal data breach:

We will investigate the incident promptly
Where required by law, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach
If the breach is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay
We maintain an internal Data Breach Response Plan to ensure a coordinated and effective response

Security Audits and Testing

We regularly test, assess, and evaluate the effectiveness of our security measures
This includes vulnerability scanning and reviewing access logs for suspicious activity
Our hosting provider (BigRock) undergoes independent security audits and maintains industry-standard certifications

Privacy Impact Assessment (DPIA/PIA)

We have conducted a Data Protection Impact Assessment (DPIA) for our e-tutoring platform. This assessment:

Identified potential privacy risks associated with processing student academic records and minors’ data
Evaluated the necessity and proportionality of our data processing activities
Established appropriate safeguards to mitigate identified risks

The DPIA process is documented and will be reviewed whenever we introduce new features or significant changes to our data processing practices.

Your Responsibility

While we take extensive measures to protect your data, you also play a role in maintaining security:

Use a strong, unique password for your account
Do not share your login credentials with others
Log out of your account after each session, especially on shared devices
Report any suspicious activity or potential security incidents to us immediately at [your privacy email address]

Summary: Key Points for This Section

Security Category	Measures Implemented
Technical	SSL/TLS encryption, WAF, DDoS protection, malware scanning, encrypted backups, MFA
Organisational	Staff training, confidentiality obligations, access controls, data minimisation
Student/Minor Protections	Parental consent, privacy by default, restricted data collection
Breach Response	72-hour notification procedure, incident investigation plan
Accountability	DPIA conducted, regular testing, vendor agreements

What data breach procedures we have in place

Breach Procedures

Despite our best efforts to secure personal data, no system is completely invulnerable. We have established clear and robust procedures to handle any personal data breach swiftly, effectively, and in full compliance with applicable data protection laws .

What Constitutes a Data Breach

We define a personal data breach as any security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data we process . This includes:

Confidentiality Breaches: Unauthorised access to or disclosure of student or parent data, such as sending exam results to the wrong email address or unauthorised access to tutor accounts
Integrity Breaches: Unauthorised alteration or corruption of academic records, test scores, or course progress data
Availability Breaches: Accidental loss of access to personal data due to system failure, ransomware, or hardware issues

Immediate Response: The First 24 Hours

When we discover a potential breach, our incident response team follows a structured “first-hour” protocol to ensure no critical step is missed, even if an incident occurs outside business hours :

Confirmation and Containment: The detecting team member immediately alerts the designated Incident Response Lead. Affected systems are isolated to prevent further data loss—this may include disconnecting compromised accounts, resetting passwords, or temporarily restricting access to affected services .
Evidence Preservation: Before any fixes are applied, we preserve logs, system images, and other evidence to support investigation and demonstrate compliance. This includes documenting the exact time of discovery and initial observations .
Team Assembly: The Incident Response Lead activates the full incident response team within 4 hours of discovery, including technical staff, legal advisors, and communications personnel .

Incident Response Team Structure

To ensure clarity during a crisis, we have assigned specific roles with named individuals and backups :

Role	Responsibility
Incident Response Lead	Takes overall ownership, approves major decisions, and ensures resources are allocated
Technical Lead	Leads containment, evidence collection, and system recovery efforts
Documentation Officer	Records all actions, maintains a detailed timeline, and preserves evidence chain of custody
Legal Contact	Assesses notification obligations and manages regulatory communications
Communications Lead	Prepares and coordinates messaging to affected individuals and stakeholders

For a business of our size, one person may fulfill multiple roles, but the Technical Lead and Communications Lead are always separate to allow simultaneous action .

Risk Assessment and Notification Decision

Within hours of containment, we assess whether the breach creates a risk to individuals’ rights and freedoms. This assessment considers :

The nature and sensitivity of the data involved (e.g., academic records, payment information, minors’ data)
The number of affected individuals
The potential for identity theft, fraud, or significant distress
Whether special categories of data or data of children are involved

Based on this assessment, we determine our notification obligations :

Risk Level	Supervisory Authority Notification	Data Subject Notification
Unlikely Risk	Not required	Not required
Risk	Required within 72 hours	Not required
High Risk	Required within 72 hours	Required without undue delay

Regulatory Notification (Article 33 GDPR)

If the breach is likely to result in a risk to individuals, we notify the relevant supervisory authority (in the EU, this would be the data protection authority of the member state where the affected individuals reside) .

Timeline: Notification is made within 72 hours of becoming aware of the breach
Phased Reporting: If all details are not yet available within 72 hours, we provide an initial notification and submit additional information in phases as the investigation progresses
Required Information: Our notification includes the nature of the breach, categories and approximate number of affected individuals, likely consequences, and measures taken or proposed

Notification to Affected Individuals (Article 34 GDPR)

If the breach is likely to result in a high risk to individuals’ rights and freedoms, we notify affected individuals without undue delay . Our communication includes :

A clear, plain-language description of the incident
The categories of personal data affected
The likely consequences of the breach
Specific, actionable steps individuals can take to protect themselves (e.g., monitoring accounts, changing passwords, being vigilant for phishing)
Contact details for further information

Communication is made directly via email, SMS, or other appropriate means. Where direct communication would involve disproportionate effort, we issue a prominent public notice on our website .

Documentation and Accountability

We maintain a Breach Register documenting all security incidents involving personal data, regardless of whether they were reportable . This register records:

The date and time of discovery
A detailed description of the incident
The scope and impact assessment
Actions taken to contain and remediate
The rationale for any decision not to notify
Follow-up measures to prevent recurrence

This documentation demonstrates our commitment to accountability and may be requested by supervisory authorities .

Post-Incident Review and Improvement

After resolving a breach, we conduct a post-incident review to :

Identify the root cause and any systemic vulnerabilities
Evaluate the effectiveness of our response
Document lessons learned
Implement improvements to prevent similar incidents
Update our breach procedures and training materials accordingly

Bug Bounty and Vulnerability Disclosure

We believe in proactive security and welcome responsible disclosure of security vulnerabilities. If you are a security researcher and have identified a potential vulnerability in our platform, please contact us at privacy@myetutors.com.

We will:

Acknowledge receipt of your report within 48 hours
Investigate and validate the issue
Keep you informed of our progress
Work to resolve validated issues promptly

We do not currently operate a formal bug bounty program, but we appreciate the security community’s efforts to help us protect our users’ data .

Contact for Breach Concerns

If you suspect that your personal data may have been involved in a security incident or if you have any concerns about data security on our platform, please contact us immediately at [your privacy email address] with the subject line “Security Concern.”

Summary Table: Breach Response Procedures

Stage	Action	Timeline
Detection	Staff member identifies potential breach	Immediate
Containment	Isolate affected systems, reset passwords	Within hours
Team Activation	Incident Response Lead assembles team	Within 4 hours
Risk Assessment	Evaluate impact and notification obligations	Within 24 hours
Regulatory Notification	Notify supervisory authority if risk exists	Within 72 hours
Individual Notification	Notify affected individuals if high risk	Without undue delay
Documentation	Record all actions in Breach Register	Ongoing
Post-Incident Review	Identify improvements and update procedures	Within 30 days

What third parties we receive data from

Information We Receive From Third Parties

We primarily collect personal information directly from you when you register for our services, enroll in courses, or communicate with us. However, in certain circumstances, we may receive information about you from third-party sources as described below.

1. Payment Processing Partners

When you make a payment for our courses or tutoring services, our payment processor shares limited information with us to confirm and reconcile transactions. This typically includes:

Transaction confirmation and status
Payment amount and date
Billing name and last four digits of the payment method (full payment card details are never shared with us)

We do not receive or store your full payment card information. All payment processing is handled directly by our secure payment gateway partners .

2. Analytics and Marketing Tools

We use analytics services (such as Google Analytics) to understand how visitors interact with our website. These tools may collect information about your device, browser, and browsing behavior. This data is collected directly by these third-party tools and shared with us in aggregated or pseudonymized form. For more information about our use of analytics cookies, please refer to our Cookies Policy.

3. Academic Integrity and Verification Services

To maintain the integrity of our assessments and examinations, we may in the future engage third-party services for:

Plagiarism detection: To verify the originality of student submissions
Identity verification: To confirm student identity during remote examinations

If and when we implement such services, they will receive only the information necessary to perform these functions (such as assignment submissions or identity documents) and will be contractually obligated to process such data solely on our instructions .

4. Public and Government Sources

In certain circumstances, we may receive information from publicly available sources or government authorities, including:

Information required to comply with legal obligations
Data obtained to verify educational credentials where necessary

5. Referring Websites

If you arrive at our website from a referring website (such as a link from a partner site or search engine), we may receive information about the referring source. This typically includes the URL of the referring page and is used for analytics and marketing measurement purposes.

How We Use Information Received From Third Parties

Information we receive from third parties is:

Combined with information we already hold about you to improve and personalize our services
Used to verify your identity and prevent fraud
Used to complete transactions you have initiated
Processed in accordance with this privacy policy and applicable data protection laws

Your Rights Regarding Third-Party Data

If we receive information about you from a third party, you retain all rights under applicable data protection laws, including the right to:

Access the information we hold about you
Request correction of inaccurate information
Object to processing
Request deletion where applicable

To exercise these rights, please contact us at [your privacy email address] .

Important Note for Parents and Students

We do not knowingly collect information about students from third-party sources for marketing or commercial purposes. Any information received about students from third parties is limited to what is necessary for providing educational services, processing payments, or maintaining academic integrity.

Summary Table: Third-Party Data Sources

Source Type	Information Received	Purpose
Payment Processors	Transaction confirmation, billing name	Order fulfillment, accounting
Analytics Tools	Usage data, device information	Service improvement, analytics
Social Login (if applicable)	Name, email, profile information	Account creation, authentication
Verification Services	Identity confirmation, plagiarism reports	Academic integrity
Referring Sites	Referral source URL	Marketing analytics

What automated decision making and/or profiling we do with user data

Automated Decision Making and Profiling

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects our users. This section explains what these terms mean, how our payment processor operates, and your rights under applicable data protection laws.

What Are Automated Decision Making and Profiling?

Under the General Data Protection Regulation (GDPR), automated decision-making refers to decisions made solely by automated means without any human intervention, where those decisions produce legal effects or similarly significantly affect an individual .

Profiling refers to any form of automated processing of personal data intended to evaluate, analyse, or predict certain aspects concerning a person, such as:

Performance at work or academic studies
Economic situation
Personal preferences
Reliability or behaviour
Location or movements

Our Use of Automated Processing

We Do Not Perform Automated Decision Making

As an e-tutoring platform, we do not use automated decision-making systems to evaluate students, determine academic outcomes, or make significant decisions about users. Specifically:

No Academic Profiling: We do not use algorithms to predict student performance, learning styles, or academic potential
No Automated Grading Decisions: Any assessments or test results are either self-graded by students or manually reviewed by tutors
No Credit or Eligibility Decisions: We do not use automated systems to determine whether users can access our services
No Behavioural Tracking for Marketing: We do not build profiles about users for targeted advertising or marketing purposes

Payment Processing via Razorpay

Our only use of automated processing occurs through our payment gateway, Razorpay. Razorpay uses automated systems to process payments and perform necessary compliance checks. This processing is:

Limited in Scope: Razorpay’s automated systems only process transaction data necessary to complete your payment
Required for Contract Performance: This processing is necessary for entering into and performing the contract between you and us (i.e., processing your payment for course enrollment)
Subject to Safeguards: Razorpay implements robust security and compliance measures, including automated fraud detection and anti-money laundering (AML) screening, to protect transactions

Razorpay’s Automated Processing

When you make a payment on our platform, Razorpay’s systems may perform the following automated processing:

Processing Activity	Purpose	Legal Basis
Payment Authentication	Verifying payment details and authorising transactions	Contract performance
Fraud Detection	Identifying potentially fraudulent transactions using AI-powered systems	Legitimate interest (preventing financial loss)
AML Screening	Conducting automated anti-money laundering checks where required by law	Legal obligation
Risk Assessment	Evaluating transaction risk levels to determine appropriate processing	Legitimate interest

Razorpay has implemented sophisticated multi-agent AI architecture for fraud detection that operates in real-time, reducing manual review requirements while maintaining high accuracy . This processing is:

Necessary for Payment Processing: Without these automated checks, we cannot accept payments
Performed by Razorpay as Data Processor: Razorpay processes this data on our behalf and in accordance with our instructions
Subject to Data Processing Agreements: We maintain contractual arrangements with Razorpay that ensure your data is protected

Important Clarification: No Educational Profiling

We do not use any of the following automated processing methods that are sometimes found in educational technology platforms:

Learning Style Analysis: We do not use algorithms to analyse student behaviour or predict learning preferences
Predictive Analytics: We do not use AI to predict student outcomes, identify at-risk students, or recommend interventions
Automated Essay Scoring: All assignments and written work requiring evaluation are reviewed by human tutors
Tutor Matching Algorithms: Students are assigned to tutors based on availability and subject matter expertise, not automated profiling systems
Session Analytics: We do not use AI to analyse tutoring sessions or generate automated insights about student progress

Your Rights Regarding Automated Processing

Even though we do not engage in significant automated decision-making, you still have rights under the GDPR regarding any automated processing of your data:

Right Not to Be Subject to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects you . Since we do not engage in such processing, this right is not triggered by our services.

Right to Human Intervention

If you believe you have been affected by automated decision-making, you have the right to:

Obtain human intervention in the decision-making process
Express your point of view
Contest the decision

Right to Object to Profiling

You have the right to object to processing of your personal data for profiling purposes where the processing is based on legitimate interests . To exercise this right, please contact us at [your privacy email address] .

Rights Regarding Payment Processing

For payments processed through Razorpay, you have the right to:

Request information about automated decisions made regarding your transactions
Seek review of any payment-related decisions by contacting our support team
Lodge complaints with Razorpay directly through their grievance mechanism

Transparency and Accountability

We are committed to transparency regarding any automated processing of your data. Currently:

No AI Tools with Student Data: We do not use AI tools that process student personal data for academic evaluation or profiling
No Third-Party Data Sharing for Profiling: We do not share user data with third parties for profiling or targeted advertising purposes
No Automated Communication Triggers: We do not use automated systems to send intervention messages or alerts based on student behaviour or performance

If we introduce any new automated decision-making or profiling capabilities in the future, we will:

Update this privacy policy with specific details
Obtain your consent where required by law
Provide clear information about how the system works
Implement appropriate safeguards to protect your rights

Contact for Automated Processing Concerns

If you have questions or concerns about automated processing of your data, including Razorpay’s payment processing activities, please contact us:

Email: privacy@myetutors.com
Subject Line: “Automated Decision Making Inquiry”

For payment-specific concerns, you may also contact Razorpay directly through their support portal at https://razorpay.com/support/ .

Summary Table: Automated Processing at a Glance

Aspect	Our Practice
Automated Academic Decisions	None – all academic evaluations are human-reviewed
Student Profiling	None – we do not analyse learning styles or predict outcomes
Payment Processing	Yes – Razorpay performs automated fraud detection and AML checks
Legal Basis	Contract performance and legal obligation
User Rights	Full GDPR rights apply; human review available upon request
Future Changes	Policy will be updated with notice before implementing new automated systems

Industry regulatory disclosure requirements

Compliance with Indian EdTech and Consumer Laws

As an online education platform providing services to users in India, including senior secondary students, we adhere to the following regulatory frameworks:

Digital Personal Data Protection (DPDP) Act, 2023: In compliance with Indian law, we recognize that users under the age of 18 are considered “children.” We do not engage in behavioral tracking, targeted advertising, or profiling of children. We process the personal data of students only after obtaining verifiable parental consent .
Consumer Protection (EdTech) Guidelines: We are committed to transparency in our advertising and marketing. We do not make exaggerated claims regarding academic outcomes, career prospects, or “guaranteed results” that are not verifiable. Our refund and cancellation policy is provided separately and adhered to strictly .
Educational Standards: Our services are provided as coaching and tutoring support. We do not award university degrees or diplomas, and therefore our offerings are not currently subject to licensing by AICTE or UGC for formal degree programs