Loading…
Loading your learning journey…
Loading…
Legal
Last updated: June 2026
CertifAI Educational Services, operated by DIGIAEON Services Pvt. Ltd. ("CertifAI", "Company", "we", "us", "our"), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the CertifAI platform (certifaiedu.com) and related services (the "Platform").
This policy is designed to comply with the Digital Personal Data Protection Act, 2023 (India) ("DPDP Act"), the Information Technology Act, 2000 (India), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and where applicable, the General Data Protection Regulation (EU) 2016/679 ("GDPR").
By accessing or using the Platform, you consent to the collection and processing of your data as described in this policy. This policy should be read in conjunction with our Terms of Service.
1.1. CertifAI acts as a "Data Fiduciary" (as defined under the DPDP Act, 2023) with respect to the personal data collected through the Platform.
1.2. We process personal data only for lawful, specified, and transparent purposes. We collect only the minimum data necessary to provide and improve our services.
1.3. This policy applies to all users of the Platform, including Students, Trainers, Institute Administrators, Parents/Guardians, and website visitors.
We collect the following categories of personal data:
We collect and process personal data for the following purposes:
We process your personal data on the following legal bases:
5.1. We do not sell your personal data. We will never sell, rent, or trade your personal information to third parties for marketing purposes.
5.2. We share data with the following categories of third-party service providers ("Data Processors") who assist us in operating the Platform:
5.3. All third-party service providers are bound by data processing agreements that require them to process your data only as instructed by CertifAI and to implement appropriate security measures.
5.4. We may disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of CertifAI, its users, or the public.
5.5. In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy. You will be notified of any such transfer.
5.6. For Institute and School accounts: limited student progress data (session completion, quiz scores, assessment results, certificates earned) may be shared with the associated Institute/School administrators and assigned Trainers as necessary for programme delivery.
7.1. Primary Storage: Your personal data is stored on Amazon Web Services (AWS) servers located in the India region (ap-south-1, Mumbai), ensuring that data primarily resides within India.
7.2. Database Security: Data is stored in encrypted databases with access restricted to authorised personnel and systems only.
7.3. Backups: Regular automated backups are maintained to prevent data loss. Backup data is subject to the same security controls as primary data.
7.4. Encryption: All data in transit is encrypted using TLS 1.2 or higher (HTTPS). Sensitive data at rest is encrypted using AES-256 or equivalent standards.
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law:
| Data Category | Retention Period |
|---|---|
| Account & profile data | While account is active |
| Learning progress & assessment records | While account is active + 5 years archive |
| Portfolio & capstone submissions | While account is active + 5 years archive |
| Certificate & verification data | Certificate validity period + 5 years |
| Payment & transaction records | 8 years (Indian tax law compliance) |
| AI Trainer interaction logs | While account is active + 2 years |
| Support correspondence | 3 years from resolution |
| Analytics & usage data | Aggregated and anonymised after 2 years |
| Parental consent records | Until child reaches 18 + 2 years |
After the retention period expires, data is securely deleted or irreversibly anonymised.
Under the DPDP Act, 2023, and applicable data protection laws, you have the following rights:
To exercise any of these rights, please contact our Data Protection Officer at support@certifaiedu.com with the subject line "Data Rights Request". We will respond to your request within 30 days.
10.1. Self-signup accounts are for users aged 18 and over. We do not knowingly collect personal data from anyone under 18 through self-registration. If we learn that a self-signup account belongs to a person under 18, we may suspend it and delete the associated data.
10.2. Learners under 18 access CertifAI only through the separate School / institution programme, where access is arranged and supervised by the school or institution with the consent of a parent or legal guardian, as contemplated by the DPDP Act, 2023.
10.3. Within the School programme, the parent/guardian and the institution may review the personal data collected from a minor, request correction or deletion, and withdraw consent at any time.
10.4. We apply additional safeguards for minor (School) users, including content filtering and data minimisation, in line with applicable child-safety regulations.
10.5. School Mode delivery collects only the data strictly necessary for educational delivery within the school environment.
We implement comprehensive technical and organisational measures to protect your personal data:
While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
12.1. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, CertifAI will notify the Data Protection Board of India within 72 hours of becoming aware of the breach, as required by the DPDP Act, 2023.
12.2. We will also notify affected users without undue delay, providing information about the nature of the breach, the data affected, the likely consequences, and the measures taken to address the breach.
12.3. We maintain an incident response plan to quickly detect, contain, and remediate data breaches.
13.1. CertifAI Educational Services is operated by DIGIAEON Services Pvt. Ltd., headquartered in Dubai, UAE. Certain operational data may be transferred to the UAE for company administration and management purposes.
13.2. Primary user data storage remains in India (AWS Mumbai region). Cross-border transfers are limited to operational necessities and are conducted in compliance with the DPDP Act, 2023, which permits transfers to jurisdictions not restricted by the Central Government of India.
13.3. Data shared with third-party service providers (such as Razorpay, Stripe, Brevo, Anthropic, and Google) may be processed in jurisdictions outside India (including the United States). We ensure that appropriate contractual safeguards are in place to protect your data.
13.4. For users located in the European Economic Area (EEA), we ensure that cross-border transfers are conducted in compliance with GDPR requirements, using Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.
CertifAI has designated a Data Protection Officer (DPO) responsible for overseeing data protection strategy and compliance. You may contact our DPO for any privacy-related inquiries or concerns:
15.1. While CertifAI primarily serves the Indian market, we recognise the rights of users located in the European Economic Area (EEA), United Kingdom, and other jurisdictions with comprehensive data protection laws.
15.2. For users subject to the GDPR, the following additional rights apply:
15.3. For GDPR-specific requests, please contact support@certifaiedu.com with the subject line "GDPR Request".
16.1. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by email and/or through a prominent notice on the Platform at least 30 days before the changes take effect.
16.2. Your continued use of the Platform after the updated policy becomes effective constitutes your acceptance of the changes. If you do not agree to the updated policy, you should discontinue use of the Platform and contact us to delete your account.
16.3. The "Last updated" date at the top of this policy indicates the most recent revision date.
For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Operated by DIGIAEON Services Pvt. Ltd.
Dubai, UAE
Email: support@certifaiedu.com
Website: certifaiedu.com
Data Protection Officer available at the same email address. Use subject line "DPO" for data protection queries.