Skip to main content

Privacy Policy

Last updated: March 2026

Privacy at a Glance

🔒

Your Data is Secure

End-to-end encryption, HTTPS, secure servers

✋

Your Rights Matter

Access, edit, or delete your data anytime

🚫

We Don't Sell Data

Your information is never sold to third parties

Table of Contents

1. Information We Collect

Personal Information: Name, email address, phone number, education details (board, class), and BXR ID when you register.

Automatic Information: Device type, operating system, IP address, browser type, usage patterns, and session duration.

Third-Party Information: If you sign in with Google or other providers, we receive your basic profile information as permitted by those services.

2. How We Use Your Information

  • • Account management and authentication
  • • Delivering personalized learning experiences
  • • Sending progress reports and notifications
  • • Analytics to improve our platform
  • • Customer support and communication
  • • Processing payments and subscriptions

3. Cookies & Tracking

We use essential cookies for authentication and session management. Analytics cookies help us understand how you use our platform. You can manage cookie preferences in your browser settings.

For full details, see our Cookie Policy.

4. How We Share Information

Service Providers: We share data with Firebase (Google) for authentication and database services, and Razorpay for payment processing.

Institutions: If you're part of a school or institution, your progress data may be shared with authorized teachers and administrators.

Legal Requirements: We may disclose information when required by law or to protect our rights.

We never sell your personal information to third parties.

5. Data Security

We implement industry-standard security measures including:

  • ✓ HTTPS encryption for all data in transit
  • ✓ Firebase security rules for database access control
  • ✓ HttpOnly, SameSite=Strict cookies for session management
  • ✓ Regular security audits and monitoring
  • ✓ Encrypted password storage (never stored in plain text)

6. Data Retention

Active accounts: Data retained as long as your account is active.

Inactive accounts: After 2 years of inactivity, we may archive or delete your data.

Deleted accounts: Upon account deletion, personal data is removed within 30 days. Anonymized analytics may be retained.

7. Your Privacy Rights

Access

Request a copy of your data

Rectification

Correct inaccurate information

Deletion

Request deletion of your data

Objection

Object to certain data processing

Portability

Export your data in a standard format

Withdraw Consent

Withdraw previously given consent

8. Children's Privacy

BrightXR is designed for students, including those under 13. We comply with applicable children's privacy regulations:

  • • Parental consent is required for users under 13
  • • We collect minimal data necessary for the educational service
  • • Parents can review, modify, or delete their child's data at any time
  • • No targeted advertising to children

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of BrightXR after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related inquiries, contact our privacy team:

Email: info@brightxr.in

You can also reach us through our Contact Page.