Privacy Policy

Your privacy matters to us

Last Updated: January 1, 2025

BrightXR Pvt. Ltd. ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website brightxr.com (the "Site") and register for our services.

By using our Site or services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Site or use our services.

Table of Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Cookies and Tracking Technologies
  4. 4. How We Share Your Information
  5. 5. Data Security
  6. 6. Data Retention
  7. 7. Your Privacy Rights
  8. 8. Children's Privacy
  9. 9. International Data Transfers
  10. 10. Changes to This Policy
  11. 11. Contact Us

1. Information We Collect

1.1 Personal Information You Provide

When you register on our Site, we collect the following information:

  • Name: First name and last name
  • Email Address: For account creation and communication
  • Phone Number: For account verification and support
  • Address: Physical address for service delivery and verification
  • User Type: Student, Teacher, Parent, Educational Institution, or Other
  • Password: Encrypted and securely stored for account access
  • Newsletter Preferences: Your choice to receive marketing communications

1.2 Information Automatically Collected

When you visit our Site, we automatically collect certain information about your device and browsing activity:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent on pages, links clicked, referring URL
  • Location Data: General geographic location based on IP address
  • Session Data: Login times, session duration, and authentication tokens

1.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Social media platforms (if you choose to connect your accounts)
  • Analytics providers
  • Payment processors (when payments are implemented)

2. How We Use Your Information

We use the information we collect for the following purposes:

Account Management

  • Creating and managing your user account
  • Authenticating your identity and preventing fraud
  • Providing customer support and responding to inquiries
  • Sending important account notifications and updates

Service Delivery

  • Providing access to our AR/VR educational platform
  • Personalizing your learning experience
  • Tracking your progress and generating reports
  • Delivering notifications about our upcoming app launch

Communication

  • Sending newsletters and updates (with your consent)
  • Notifying you about product launches and new features
  • Sending promotional materials about our services (you can opt-out anytime)
  • Conducting surveys and gathering feedback

Analytics & Improvement

  • Analyzing user behavior to improve our services
  • Monitoring and analyzing usage patterns and trends
  • Testing new features and functionalities
  • Ensuring the security and integrity of our platform

3. Cookies and Tracking Technologies

3.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our Site. They help us recognize your browser and capture certain information about your visit.

3.2 Types of Cookies We Use

Cookie Type Purpose Duration
Essential Cookies Required for site functionality, login sessions, and security Session/2 hours
Analytics Cookies Help us understand how visitors use our Site 1 year
Preference Cookies Remember your settings and preferences 1 year
Marketing Cookies Track visits across websites for marketing purposes 90 days

3.3 Session Management

We use PHP sessions to maintain your login state and store temporary data during your visit. Session data includes:

  • User ID and authentication status
  • User email and name for display purposes
  • User type (student, teacher, parent, etc.)
  • Session expiry time (2 hours of inactivity)
  • Temporary form data to improve user experience

🔒 Security Note:

Session cookies are configured with HttpOnly and SameSite=Strict flags to prevent cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.

3.4 Managing Cookies

You can control cookies through your browser settings. However, disabling essential cookies may affect your ability to use certain features of our Site. To manage cookies:

  • Chrome: Settings → Privacy and Security → Cookies
  • Firefox: Options → Privacy & Security → Cookies
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Privacy → Cookies

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share information with trusted third-party service providers who assist us in operating our Site and delivering services (e.g., hosting providers, email services, analytics platforms). These providers are contractually obligated to protect your data.

Educational Institutions

If you register through a school or educational institution, we may share relevant progress and usage data with authorized administrators and teachers for educational purposes.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Site.

With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction.

5.1 Security Measures

Password Encryption

Passwords are hashed using bcrypt with a cost factor of 12, plus additional salt for extra security.

Secure Connections

HTTPS encryption for all data transmitted between your device and our servers (will be implemented on production).

Access Controls

Strict access controls and authentication mechanisms limit who can access your data.

Regular Backups

Automated backups ensure data recovery in case of system failures.

⚠️ Important Security Notice:

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your password and account credentials.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods:

  • Active Accounts: Data retained as long as your account is active
  • Inactive Accounts: After 2 years of inactivity, we may delete or anonymize your data
  • Deleted Accounts: Most data deleted within 30 days; some data retained for legal compliance (up to 7 years)
  • Session Data: Automatically deleted after 2 hours of inactivity
  • Cookies: Varies by type (session to 1 year)

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

Right to Access

Request a copy of the personal information we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete personal information.

Right to Deletion

Request deletion of your personal information, subject to legal exceptions.

Right to Object

Object to processing of your personal information for marketing purposes.

Right to Data Portability

Request a copy of your data in a structured, machine-readable format.

Right to Withdraw Consent

Withdraw your consent for data processing at any time (e.g., unsubscribe from newsletters).

How to Exercise Your Rights:

To exercise any of these rights, please contact us at support@brightxr.in with your request. We will respond within 30 days.

You may be required to verify your identity before we process your request to ensure the security of your personal information.

8. Children's Privacy

BrightXR's services are designed for students, including minors. We are committed to protecting children's privacy in accordance with applicable laws, including the Children's Online Privacy Protection Act (COPPA) in the United States and similar regulations globally.

Parental Consent Requirements:

  • Users under 13 years old (or applicable age in your region) must have verifiable parental consent before registering.
  • Parents or guardians can create accounts on behalf of their children and monitor their activity.
  • We do not knowingly collect personal information from children without parental consent.

Parental Rights:

Parents and guardians have the right to:

  • ✓ Review their child's personal information
  • ✓ Request deletion of their child's information
  • ✓ Refuse further collection or use of their child's information
  • ✓ Monitor their child's learning progress and activity

If you believe we have collected information from a child without proper consent, please contact us immediately at support@brightxr.in, and we will take steps to remove such information.

9. International Data Transfers

BrightXR is based in India. If you access our services from outside India, your information may be transferred to, stored, and processed in India or other countries where our service providers operate.

By using our services, you consent to the transfer of your information to countries outside of your residence, which may have different data protection laws than your country.

Data Protection Measures:

We ensure that all international data transfers are protected by appropriate safeguards, including standard contractual clauses, data protection agreements, and compliance with applicable data protection regulations.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

  • We will update the "Last Updated" date at the top of this policy
  • For significant changes, we will send email notifications to registered users
  • We may display a prominent notice on our website

Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated terms. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries

support@brightxr.in
BrightXR Pvt. Ltd.
Registered in India, 2025

Response Time

We are committed to responding to privacy-related inquiries promptly:

  • General inquiries: 24-48 hours
  • Data requests: Within 30 days
  • Urgent matters: Within 24 hours

Privacy Policy Summary

🔒

Data Security

Your data is encrypted and protected with industry-standard security measures

🙋

Your Rights

You have full control over your data - access, update, or delete anytime

🚫

No Selling

We never sell your personal information to third parties

Questions About Your Privacy?

We're here to help. Contact our privacy team anytime.

Email Privacy Team Contact Support