Skip to main content

Privacy Policy

Last updated: April 2026

Privacy at a Glance

🔒

Your Data is Secure

End-to-end encryption, HTTPS, secure servers

Your Rights Matter

Access, edit, or delete your data anytime

🚫

We Don't Sell Data

Your information is never sold to third parties

Table of Contents

1. Information We Collect

Personal Information: Name, email address, phone number, education details (board, class), and BXR ID when you register.

Automatic Information: Device type, operating system, IP address, browser type, usage patterns, and session duration.

Third-Party Information: If you sign in with Google or other providers, we receive your basic profile information as permitted by those services.

2. How We Use Your Information

  • Account management and authentication
  • Delivering personalized learning experiences
  • Sending progress reports and notifications
  • Analytics to improve our platform
  • Customer support and communication
  • Processing payments and subscriptions

3. Cookies & Tracking

We use essential cookies for authentication and session management. Analytics cookies help us understand how you use our platform. You can manage cookie preferences in your browser settings.

For full details, see our Cookie Policy.

4. How We Share Information

Service Providers: We share data with Firebase (Google) for authentication and database services, and Razorpay for payment processing.

Institutions: If you're part of a school or institution, your progress data may be shared with authorized teachers and administrators.

Legal Requirements: We may disclose information when required by law or to protect our rights.

We never sell your personal information to third parties.

5. Data Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Firebase security rules for database access control
  • HttpOnly, SameSite=Strict cookies for session management
  • Regular security audits and monitoring
  • Encrypted password storage (never stored in plain text)

6. Data Retention

Active accounts: Data retained as long as your account is active.

Inactive accounts: After 2 years of inactivity, we may archive or delete your data.

Deleted accounts: Upon account deletion, personal data is removed within 30 days. Anonymized analytics may be retained.

7. Your Privacy Rights (DPDP Act, 2023)

As a Data Principal under the Digital Personal Data Protection Act, 2023 of India, you have the following rights with respect to your personal data:

Right to Access

Obtain a summary of personal data being processed and the processing activities undertaken.

Right to Correction

Request correction of inaccurate or misleading personal data and updating of incomplete data.

Right to Erasure

Request deletion of your personal data, subject to legal retention requirements.

Right to Grievance Redressal

Raise concerns or complaints with our Grievance Officer (see Section 11).

Right to Nominate

Nominate another individual to exercise these rights in case of death or incapacity.

Right to Withdraw Consent

Withdraw your consent at any time, with the same ease with which it was given.

To exercise any of these rights, contact us at info@brightxr.in. We will respond within the timelines prescribed by applicable law.

8. DPDP Act Compliance & Lawful Basis

BrightXR Pvt. Ltd. acts as a Data Fiduciary under the Digital Personal Data Protection Act, 2023. We collect and process personal data only on the following lawful bases:

  • Consent: When you register, sign up for marketing communications, or opt into optional features.
  • Performance of Service: To deliver the educational platform you signed up for, including AI tutoring, AR/VR experiences, and progress tracking.
  • Legitimate Use: For account security, fraud prevention, and improving our services through anonymized analytics.
  • Legal Obligation: When required to comply with applicable laws, court orders, or regulatory requests.

We do not transfer personal data outside India unless the destination country provides an adequate level of protection under applicable law, or unless you have explicitly consented.

9. Children's Privacy

BrightXR is designed for students, including those under 13. We comply with applicable children's privacy regulations:

  • Parental consent is required for users under 13
  • We collect minimal data necessary for the educational service
  • Parents can review, modify, or delete their child's data at any time
  • No targeted advertising to children

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of BrightXR after changes constitutes acceptance of the updated policy.

11. Grievance Officer & Contact

In accordance with the Digital Personal Data Protection Act, 2023 and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, BrightXR has appointed a Grievance Officer to address your concerns:

Grievance Officer: Nirmal Singh

Designation: Founder & CEO, BrightXR Pvt. Ltd.

Email: info@brightxr.in

Address: Mohali, Punjab, India

We aim to acknowledge grievances within 24 hours and resolve them within the timelines prescribed by applicable law (typically within 30 days).

You can also reach us through our Contact Page.