2. Personal Data We Collect

2.1 Overview

We collect different categories of data depending on your interaction with the Platform, including:

• information you provide directly;
• information collected automatically;
• information required for payouts or compliance;
• information related to child development inputs provided voluntarily;
• information from third-party services.

We collect personal data to operate, provide, support, improve, secure, and manage our services and related business functions.

The type and amount of personal data we collect depends on how you interact with our platform, including whether you:

• browse our website,
• make a purchase,
• access purchased content,
• create or update a profile,
• participate in referral, reward, feedback, or testimonial programs,
• submit payout details,
• contact customer support,
• upload content voluntarily,
• interact with cookies or tracking technologies.

Certain data is necessary for providing our core services, while other data is optional and depends on your participation in additional features.

2.2 Personal data you provide directly

You may provide personal data directly when interacting with our platform, services, or features.

(a) Identity and contact data

This may include:

• full name,
• email address,
• mobile number,
• WhatsApp number,
• country or region,
• billing or postal address (where required).

(b) Account and access data

Where applicable, this may include:

• login identifiers,
• authentication data (such as OTP-based access),
• account status and preferences.

(c) Transaction and purchase data

This may include:

• purchased program details,
• order and invoice records,
• transaction identifiers,
• payment status.

Payments are processed through third-party providers such as Razorpay, Cashfree, or PayPal. We do not store full card numbers or equivalent sensitive payment credentials.

(d) Referral, reward, feedback, and program data

If you participate in referral or feedback-based programs, we may collect:

• referral codes and referral relationships,
• eligibility and approval status,
• reward or payout status,
• feedback submissions,
• testimonial participation data.

(e) Domestic payout data (India)

If you choose to receive payouts, we may collect:

• bank account holder name,
• bank account number,
• IFSC code and bank name,
• UPI ID and confirmation,
• name as per bank or UPI,
• email and phone number for payout records,
• PAN (optional but may affect payout processing).

PAN may be requested or required to comply with applicable tax laws and withholding obligations. Where PAN is not provided, not verified, or invalid, higher tax deduction or withholding may be applied in accordance with applicable regulations.

Where multiple payout methods are available, only one payout method may be active at a time. Updating or selecting one method (such as UPI) may replace previously stored payout details (such as bank account information).

Where required for payouts, verification, or compliance, we may collect tax-related information such as PAN or equivalent identifiers. Such information is collected solely for validation, regulatory compliance, and payout processing purposes and is not used for marketing.

(f) International payout data

For international payouts, we may collect:

• full legal name,
• payout email address,
• phone number with country code,
• country of residence,
• postal address,
• optional tax identification information where required.

International payouts may be processed through third-party platforms such as Tremendous.

(g) Declarations and confirmations

We may collect confirmations that:

• the provided payout details belong to you,
• the information submitted is accurate,
• you understand payout, consent, or program-related terms.

(h) Communications data

This may include:

• support queries,
• emails and messages,
• complaint records,
• survey responses.

2.3 Child-related and feedback data (voluntary)

Child-related information, such as age, developmental stage, parent-reported observations, or optional media voluntarily submitted by a parent or guardian, is collected only when the parent or guardian chooses to provide it. Such data is not required for access to our core pre-recorded content and is used only for the limited purposes described in this Privacy Policy, such as feedback handling, optional program-related features, internal analysis, program improvement, and other specifically authorized uses.

Public marketing or promotional use of such content will occur only where such use has been clearly disclosed at the time of submission, and the user has acknowledged such use through acceptance of applicable policies and submission of the content.

Where feedback-based programs are linked to rewards or payouts, users may be requested to submit testimonial or experience-based content. Such submissions may include:

• a general feedback or testimonial video, where applicable to a specific voluntary feedback, reward, or testimonial workflow; and
• optional child-related content or demonstrations, which are not mandatory.

Submission of child-related content is always voluntary and is not required to access services or to participate in core platform functionality.

Where feedback, testimonials, or media content are submitted as part of voluntary programs (including reward or payout-based participation), such submissions may include consent for internal use and, where such use has been clearly disclosed at the time of submission, for marketing or promotional use based on the user’s acceptance of applicable policies during submission and the act of submission.

Users are clearly informed of the intended use of such content at the point of submission, and any marketing or public usage is based on the user’s acceptance of applicable policies during submission together with the act of submission, as required or permitted under applicable law.

Clarification on Submission-Based Authorization

Where feedback, testimonials, images, audio, or videos are submitted through a workflow that clearly discloses intended use (including marketing, promotional, or public display purposes), the user’s acceptance of applicable policies at the time of submission, together with the act of submission, shall be treated as informed acknowledgment and authorization for such use.

Such authorization is considered part of the submission process and does not require a separate standalone consent mechanism, unless required under applicable law.

2.4 Personal data collected automatically

When you use our platform, we may collect certain technical and usage data.

(a) Device and technical data

• IP address,
• browser type and version,
• device type and operating system,
• language settings,
• approximate location (derived from technical signals).

(b) Usage and interaction data

• pages visited,
• navigation patterns,
• session duration,
• clicks and interactions,
• feature usage,
• video interaction events (where applicable).

(c) Authentication and security data

• login attempts,
• session identifiers,
• OTP verification activity,
• device or session controls,
• failed access attempts.

(d) Cookies and tracking technologies

We may use cookies, pixels, SDKs, and similar technologies for:

• platform functionality and security,
• analytics and performance measurement,
• advertising and campaign effectiveness,
• remarketing and retargeting,
• personalization (where applicable)

Non-essential tracking technologies are used only after obtaining your consent where required by applicable law.

2.5 Personal data from third parties

We may receive limited data from trusted third-party providers, including:

(a) Payment providers

Transaction confirmations and payment status from providers such as Razorpay, Cashfree, or PayPal.

(b) Validation providers

Verification results for bank accounts, PAN, or related data from providers used in payout workflows.

(c) Payout providers

Payout status and processing information from providers such as Tremendous.

(d) Service and technology providers

Technical and usage-related data from providers supporting:

• analytics,
• hosting and infrastructure,
• video delivery (e.g., DRM systems),
• messaging and communication,
• platform operations.

2.6 Internal records and system-generated data

We may generate and maintain internal records to support operations, including:

• payout processing records,
• verification and validation results,
• fraud detection indicators,
• moderation decisions,
• referral and reward tracking data,
• audit and compliance records,
• dispute and exception handling records.

These records may include personal data where necessary for operational, security, compliance, or legal purposes.

For certain processes such as payout validation, account verification, or fraud prevention, we may implement system controls such as validation checks, attempt limits, cooldown periods, or verification workflows. These controls are designed to protect users, prevent misuse, and maintain platform integrity.

2.7 Mandatory and optional data

Some personal data is required to provide services, while other data is optional.

Mandatory data (for core services)

This may include:

• name,
• email or mobile number,
• payment-related information required to complete a purchase,
• authentication data required for access.

Without this data, we may not be able to provide the purchased service.

Optional or feature-based data

This may include:

• child-related data,
• feedback responses,
• media uploads,
• referral participation data,
• payout details (only if claiming payouts),
• PAN or tax-related information,
• testimonial or marketing permissions.

Providing such data is optional, but certain features (such as payouts or rewards) may not function without required information.

2.8 Data source summary

We may collect personal data:

• directly from you,
• automatically through your use of our platform,
• from third-party service providers supporting payments, payouts, analytics, and infrastructure,
• from internal systems used for verification, security, and compliance.

2.9 Data sensitivity and handling

Certain categories of personal data, such as:

• financial and payout-related data,
• identification numbers (such as PAN),
• account access data,
• uploaded media content,

may be treated as higher-sensitivity data under our internal data classification and risk management practices.

Such data may be subject to additional safeguards, access controls, and handling measures appropriate to its nature and associated risks.

2.10 Legal Basis for Processing (Where Applicable)

• Where required by applicable data protection laws (including GDPR or similar regulations), we process personal data on one or more of the following legal bases:
• performance of a contract (e.g., providing program access after purchase);
• compliance with legal obligations (e.g., tax, accounting, regulatory requirements);
• legitimate interests (e.g., fraud prevention, platform security, analytics, service improvement, and internal operations);
• Consent or submission-based authorization (where such authorization is obtained through clearly disclosed submission workflows and acceptance of applicable policies during submission), as permitted under applicable law (e.g., marketing communications, cookies, tracking technologies, testimonials, or optional data submission);
• other lawful bases as permitted under applicable laws.

Where processing is based on consent, you may withdraw such consent at any time, without affecting the lawfulness of processing prior to withdrawal.

2.10A Jurisdiction-Specific Legal Basis Clarification

The legal bases described above, including consent, contractual necessity, and legitimate interests, are primarily intended to comply with applicable international data protection laws such as the General Data Protection Regulation (GDPR) for users located in the European Union.

For users located in India, personal data is processed in accordance with applicable Indian laws, including the Digital Personal Data Protection framework and the Information Technology Act and Rules. Such processing is based on:

• voluntary provision of data by the user
• Consent provided at the time of data collection or submission-based authorization (where such authorization is obtained through clearly disclosed submission workflows and acceptance of applicable policies during submission), as permitted under applicable law
• necessity to provide requested services
• compliance with legal and regulatory obligations
• other lawful purposes permitted under applicable Indian law

References to “legitimate interests” or similar legal bases should be interpreted in a manner consistent with the laws applicable to the user’s jurisdiction.

2.11 Unified Authorization Framework for User-Submitted Content

For clarity, where users submit feedback, testimonials, images, audio, or video content through workflows that clearly disclose intended use (including marketing, promotional, or public display purposes):

• such disclosure shall define the scope of use;
• acceptance of applicable policies at the time of submission; and
• the act of submission itself

shall together constitute informed acknowledgment and authorization for such use.

This authorization:

• forms part of the submission process;
• does not require a separate standalone consent mechanism unless required under applicable law; and
• shall be interpreted in accordance with applicable data protection laws, including GDPR and relevant Indian data protection laws.

Where required by applicable law, such authorization shall be treated as valid consent, provided that the disclosure is clear, specific, and transparent at the point of submission.

3. How and Why We Use Personal Data (Purposes and Legal Bases)

3.1 Overview

The Company processes personal data in accordance with applicable laws based on the user’s location, including GDPR principles for EU users and applicable Indian data protection laws for users in India.

We process personal data for specific, defined purposes related to the operation, delivery, improvement, security, and promotion of our services.

Depending on the context, we rely on one or more of the following legal bases:

• Contractual necessity — where processing is required to provide services requested by you
• Legal obligation — where processing is required to comply with applicable laws
• Legitimate interests — where processing is necessary for our business operations, provided such interests are not overridden by your rights
• Consent — where processing is necessary for our business operations, provided such interests are not overridden by your rights

The applicable legal basis depends on the nature of the processing activity described below.

Where processing is based on legitimate interests, such processing is carried out only where permitted under applicable law and balanced against user rights, and may not apply in all jurisdictions.

3.2 Providing and delivering services

We process personal data to:

• provide access to purchased programs and content,
• deliver pre-recorded video-based services,
• manage purchases, invoices, and transactions,
• authenticate users and manage access,
• provide customer support and service communications.

Legal basis:

Contractual necessity

Without this processing, we would not be able to provide our services.

3.3 Managing referrals, rewards, feedback, and payouts

We process personal data to:

• track referrals and link referrers and customers,
• determine eligibility for rewards, cashback, or payouts,
• review and evaluate feedback or testimonial submissions,
• use testimonials, feedback, or user-submitted content (including child-related content where applicable) for marketing or promotional purposes where such use has been clearly disclosed at the time of submission and acknowledged by the user through acceptance of applicable policies during submission and submission of the content;
• process and execute payouts,
• maintain records for payout tracking, audit, and dispute resolution.

This may include processing payout-related information such as bank details, UPI IDs, PAN, or international payout details.

Where applicable:

• higher tax deduction or withholding may apply if required information (such as PAN) is not provided or validated,
• payout processing may depend on submission, verification, and approval workflows.

Legal basis:

Contractual necessity

Legal obligation

Legitimate interests (including fraud prevention, validation, and operational integrity)

3.4 Verification, fraud prevention, and platform integrity

We process personal data to:

• verify identity and payout details,
• validate bank accounts, UPI IDs, or tax-related identifiers,
• detect and prevent fraud, misuse, or unauthorized activity,
• identify duplicate or suspicious accounts,
• enforce platform rules and eligibility criteria,
• maintain audit trails and investigation records.

This may include monitoring:

• login attempts,
• validation attempts,
• account activity patterns,
• payout-related behavior.

Decisions involving account restrictions, payout approval, or fraud detection are not based solely on automated processing and involve human review where appropriate.

Legal basis:

Legitimate interests

Legal obligation (where applicable)

3.5 Improving services, analytics, and product development

We process personal data to:

• understand how users interact with our platform,
• analyze usage patterns and engagement,
• improve content, features, and user experience,
• evaluate feedback and responses,
• develop new services and program enhancements,
• conduct internal analysis and business insights.

Where possible, we may use aggregated or non-identifiable data for long-term analysis.

Legal basis:

Legitimate interests

3.6 Personalization, profiling, and optimization

We may process personal data to:

• personalize user experience within the platform,
• tailor content, recommendations, or communications,
• segment users based on behavior, preferences, or engagement,
• improve relevance of offers, features, and messaging,
• optimize marketing campaigns and performance.

This may involve profiling based on:

• interaction patterns,
• feedback data,
• usage behavior,
• preferences or contextual information.

We do not use profiling to make solely automated decisions that produce legal or similarly significant effects without appropriate human involvement where required by applicable law.

You have the right to object to such processing where it is based on legitimate interests, subject to applicable law.

Where profiling is based on legitimate interests, users have the right to object to such processing at any time, and we will assess such objections in accordance with applicable law.

Legal basis:

Legitimate interests

We do not use profiling involving sensitive personal data or special categories of data for advertising or marketing purposes.

3.7 Marketing communications

We may use your personal data to:

• send service-related updates,
• share educational or product-related content,
• communicate offers, campaigns, or new features,
• provide relevant information related to your purchase or usage.

Where you are an existing customer:

• we may send communications based on a legitimate interest (soft opt-in),
• such communications will relate to similar services,
• you will be provided with clear and easy opt-out options.

Legal basis:

Legitimate interests

Consent (where required)

Where required by applicable law, we will obtain your consent before sending marketing communications.

Where marketing communications are based on legitimate interests, such communications are limited to existing customers, relate to similar services, and include a clear and simple opt-out mechanism in every communication. Where required under applicable law, such communications will be sent only with prior consent.

Users are provided with a clear and simple mechanism to opt out of such communications at any time, and such opt-out requests are respected without undue delay.

For users located in the European Economic Area, direct marketing communications shall be based on prior consent where required under applicable law, except where a soft opt-in is permitted in accordance with applicable regulations.

3.8 Advertising, remarketing, and tracking

We process personal data to:

• measure campaign performance,
• understand user behavior across sessions or platforms,
• build audiences for advertising,
• enable remarketing or retargeting,
• optimize advertising effectiveness,
• manage frequency and relevance of advertisements.

This may involve the use of:

• cookies,
• pixels,
• SDKs,
• device identifiers,
• interaction and event data.

Non-essential tracking and advertising technologies are used only after obtaining your consent where required by applicable law.

Legal basis:

Consent (for non-essential tracking and advertising)

Legitimate interests (for essential analytics and operational insights)

Where consent is required under applicable law, such processing will not be carried out on the basis of legitimate interests alone.

3.9 Communications and support

We process personal data to:

• respond to queries and support requests,
• provide important service-related communications,
• manage customer relationships,
• maintain records of communications for quality and compliance purposes.

Legal basis:

Contractual necessity

Legitimate interests

3.10 Testimonials, feedback, and media processing

We process feedback, testimonial submissions, and uploaded content to:

• evaluate and review submissions,
• determine eligibility for rewards or payouts,
• improve services and understand user experiences,
• maintain internal records and audit trails.

Submission of feedback or media content:

• is voluntary,
• may be linked to reward or payout programs,
• may be subject to review and approval processes.

We do not use submitted content for public marketing purposes unless such use has been clearly disclosed at the time of submission and acknowledged by the user through acceptance of applicable policies during submission and submission of the content, where permitted or required under applicable law.

Where feedback, testimonials, or media content are submitted through workflows that clearly disclose intended use, including potential marketing or promotional use, the user’s acceptance of applicable policies at the time of submission, together with the act of submission, constitutes acknowledgment and authorization for such use.

Such authorization is considered part of voluntary participation in feedback, testimonial, or reward-based programs and does not require a separate standalone consent mechanism, unless required under applicable law.

Legal basis:

Contractual necessity (for program participation and payouts)

Legitimate interests (for internal analysis and improvement)

Consent or submission-based authorization (where such authorization is obtained through clearly disclosed submission workflows and acceptance of applicable policies during submission), as permitted under applicable law.

3.11 Legal compliance and enforcement

We may process personal data to:

• comply with applicable laws, regulations, and tax requirements,
• respond to lawful requests from authorities,
• enforce our Terms of Use and policies,
• establish, exercise, or defend legal claims.

Legal basis:

Legal obligation

Legitimate interests

3.12 Internal research, analysis, and program improvement

We may use personal data for internal research, analysis, quality review, and program improvement, including evaluating the effectiveness of our content, services, and user experience.

Where feasible, we aim to use aggregated, de-identified, or anonymized information for these purposes.

Legal basis:

Legitimate interests

Consent, where required by applicable law or where we rely on optional submissions provided for such use

3.13 Marketing, testimonials, and user-submitted content

We may use testimonials, feedback, and user-submitted content, including child-related content where applicable, for marketing, promotional, or public-facing purposes where such use has been clearly disclosed at the time of submission.

Where such disclosure is provided, the user’s acceptance of applicable policies during submission, together with the act of submission, shall constitute acknowledgment and authorization for such use.

Such authorization forms part of the user’s voluntary participation in feedback, testimonial, or reward-related workflows and does not require a separate standalone consent mechanism unless required by applicable law.

Legal basis:

Consent or submission-based authorization (where such authorization is obtained through clearly disclosed submission workflows and acceptance of applicable policies during submission), as permitted under applicable law.

4. How We Share and Disclose Personal Data

4.1 Overview

We may share personal data with third parties where necessary to:

• provide and operate our services,
• process payments and payouts,
• support analytics and platform functionality,
• communicate with users,
• comply with legal and regulatory obligations,
• protect our rights, users, and platform.

We do not sell personal data as a standalone commercial activity involving exchange of personal data for monetary consideration.

Vendor disclosure (illustrative categories):

We may share personal data with trusted third-party service providers strictly for operational purposes, including:

• video hosting and streaming providers (e.g., VdoCipher or equivalent);
• messaging and communication providers (e.g., SMS or WhatsApp service providers);
• payment gateways and financial processors (e.g., Razorpay, PayPal, or equivalent);
• payout and reward processing providers (e.g., Tremendous or equivalent);
• analytics and business intelligence tools (e.g., Power BI or equivalent);
• cloud infrastructure and storage providers.

4.2 Service providers (processors and operational partners)

We engage third-party service providers who support our platform and business operations. These providers process personal data on our behalf or as part of integrated services.

This may include providers supporting:

• payment processing,
• payout processing,
• infrastructure and hosting,
• video delivery and content protection,
• messaging and communication,
• analytics and performance monitoring,
• platform operations and administration.
• mobile platform and application distribution providers, including Google Play Store and Apple App Store, where relevant

Examples of such providers include:

• Razorpay, Cashfree, PayPal (payment processing),
• Tremendous (international payouts),
• Microsoft Azure / infrastructure providers (hosting and storage),
• VdoCipher (video delivery and DRM),
• MSG91 (communication and messaging services),
• Google services / Firebase / analytics tools (analytics, app performance, tracking),
• email and domain service providers such as GoDaddy or email infrastructure used for communications.

We require, through contractual or comparable arrangements where appropriate, that such providers process personal data only for defined purposes, implement reasonable security measures, and comply with applicable data protection obligations.

4.3 Independent third-party controllers

Certain third parties act as independent data controllers, meaning they determine how and why personal data is processed independently.

This may include:

• payment service providers,
• payout platforms,
• certain analytics or advertising platforms.

When interacting with such services:

• your data may be subject to their own privacy policies,
• they may process data for their own compliance, regulatory, or operational purposes.

4.4 Advertising, analytics, and tracking partners

We may allow certain data to be collected through:

• cookies,
• pixels,
• SDKs,
• tags and similar technologies.

These may be used by analytics and advertising partners to:

• measure usage and performance,
• understand user behavior,
• support advertising and campaign effectiveness,
• enable remarketing or retargeting,
• perform attribution and reporting.

This typically involves:

• device identifiers,
• browser or app-level data,
• interaction events,
• cookie or tracking identifiers.

We do not upload direct customer lists (such as email address or phone number databases) to advertising platforms for custom audience targeting unless we have an appropriate legal basis to do so and have provided any notice or obtained any consent required under applicable law.

Where required by applicable law, such tracking is enabled only after obtaining your consent.

4.5 Payment, payout, and verification partners

We share personal data with payment, payout, and verification providers to:

• process transactions,
• validate payment or payout details,
• verify identity or tax-related information,
• execute payouts,
• maintain financial and audit records.

This may include sharing:

• transaction identifiers and payment status,
• payout-related details (such as bank account, UPI, or payout email),
• verification inputs such as PAN or bank validation data (where applicable),
• payout processing and delivery status.

For international payouts, we typically share limited information such as name, payout email, and country with payout providers such as Tremendous.

4.6 Analytics, internal reporting, and business insights

We may process and analyze personal data using internal tools and platforms (including business intelligence systems) to:

• understand customer behavior,
• evaluate performance and engagement,
• support decision-making,
• improve services and offerings.

Such analysis may involve user-level data or aggregated data, depending on the purpose.

Where feasible, we aim to use aggregated or non-identifiable data for broader analysis.

4.7 Communications and messaging providers

We use communication service providers (such as MSG91 and related messaging infrastructure) to:

• send service-related messages (such as login or transaction updates),
• send notifications related to referrals, payouts, or account activity,
• communicate updates, offers, or marketing messages where permitted.

These providers may process data such as phone numbers, message content, and delivery status as part of providing messaging services.

4.8 Video delivery and content protection

We use specialized video delivery and DRM providers (such as VdoCipher) to:

• deliver protected video content,
• manage access control and streaming,
• enforce content protection measures.

This may involve sharing:

• user/session identifiers,
• device or playback-related data,
• access control information.

4.9 Professional advisors and compliance partners

We may share personal data with professional advisors and service providers where necessary for:

• accounting, auditing, and financial compliance,
• tax filings and reporting,
• legal advice and regulatory compliance.

This may include sharing data with:

professional advisors, including auditors, accountants, tax consultants, and legal advisors engaged for compliance and regulatory purposes.

4.10 Legal obligations and regulatory disclosures

We may disclose personal data where required to:

• comply with applicable laws and regulations,
• respond to lawful requests from government authorities, regulators, or law enforcement,
• fulfill tax, financial reporting, or compliance obligations.

4.11 Protection of rights and platform integrity

We may disclose personal data where necessary to:

• enforce our Terms of Use and policies,
• detect, prevent, or investigate fraud, abuse, or misuse,
• protect the rights, property, or safety of our company, users, or third parties,
• resolve disputes or respond to claims.

4.12 Business transfers and restructuring

In the event of:

• merger,
• acquisition,
• restructuring,
• investment,
• sale of assets,

personal data may be transferred as part of such transaction, subject to appropriate confidentiality and legal safeguards.

4.13 Internal access within our organization

Personal data may be accessed by authorized personnel within our organization on a need-to-know basis, including teams responsible for:

• customer support,
• operations and platform management,
• finance and payouts,
• compliance and audit,
• security and fraud prevention,
• marketing and analytics.

Access is controlled based on role and purpose.

4.14 No uncontrolled third-party disclosure

We do not:

• share personal data with unrelated third parties for their independent marketing use without a valid legal basis,
• disclose personal data beyond what is necessary for the purposes described in this Privacy Policy.

We do not sell personal data to third parties.

5. International Data Transfers

5.1 Overview

We operate a digital platform that may be accessed by users across multiple jurisdictions. As part of providing our services, personal data may be processed, stored, or accessed in different countries depending on:

• your location,
• our infrastructure and hosting arrangements,
• the location of our service providers,
• the nature of services used, such as payments, payouts, analytics, messaging, or video delivery.

5.2 Primary processing and cross-border nature

We aim to primarily process and store personal data using infrastructure located in India.

However, due to the nature of digital services and integrated technologies, personal data may also be processed in other jurisdictions where our service providers or technology partners operate.

These jurisdictions may include countries outside India, including regions where data protection laws may differ from those in your country of residence.

5.3 Transfers through service providers

Personal data may be transferred internationally where necessary to:

• process payments through providers such as Razorpay, Cashfree, or PayPal,
• process international payouts through providers such as Tremendous (which may operate in the United States or other regions),
• support analytics, performance monitoring, and infrastructure services through providers such as Google or Microsoft,
• deliver content and services through systems such as video delivery platforms or messaging infrastructure.

These transfers are part of the normal operation of our services.

5.4 Safeguards for international transfers

Where personal data is transferred across borders, we take reasonable steps to ensure that such transfers are subject to appropriate safeguards.

These may include:

• contractual arrangements with service providers,
• data protection and confidentiality obligations,
• vendor selection based on security and reliability considerations,
• limiting access to personal data based on role and purpose,
• applying appropriate technical and organizational measures.

Where required by applicable law, we rely on legally permitted transfer mechanisms and safeguards.

5.5 Transfers for global users

If you access our services from outside India, your personal data may be transferred to and processed in India and in other jurisdictions where our service providers operate, to the extent necessary for the operation of our services and in accordance with this Privacy Policy.

Where required by applicable law, we implement appropriate safeguards or rely on legally recognized transfer mechanisms for such cross-border processing. Your use of the services does not by itself replace any transfer mechanism or safeguard required by law.

5.6 Third-party environments and limitations

When personal data is processed by third-party service providers, such providers may operate under their own technical, operational, and legal frameworks, and certain aspects of their processing may be governed by their own privacy policies and compliance obligations. We select providers carefully and aim to implement appropriate safeguards, contractual protections, and oversight measures as described in this Policy.

5.7 No restriction to a single jurisdiction

Due to the nature of cloud infrastructure, global services, and platform integrations, personal data may be stored or processed in one or more jurisdictions depending on system architecture, service configuration, vendor operations, and user location.

6. Data Retention

The Company retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including to provide services, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. Retention periods vary depending on the nature of the data and applicable legal requirements.

Retention periods are determined based on the nature of the data, the purpose for which it is processed, applicable legal and regulatory requirements, contractual obligations, and the need to resolve disputes, enforce agreements, and maintain security.

6.1 Financial, Transactional, and Compliance Records

Personal data related to payments, invoices, referrals, payouts, taxation (including PAN where applicable), and financial transactions may be retained for up to 8 years or such longer period as required under applicable tax, accounting, or legal obligations.

6.2 Account and Service Data

Personal data associated with user accounts, program access, and service usage is retained for as long as the account remains active and for a reasonable period thereafter to support user requests, dispute resolution, and legal compliance.

6.3 Security, Access, and System Logs

Authentication records, login attempts, device information, and system security logs are typically retained for a limited operational period generally not exceeding 6 to 12 months, unless extended retention is necessary for fraud prevention, investigation, legal claims, or regulatory compliance.

6.4 Analytics and Usage Data

Aggregated and individual analytics data used for performance improvement, product optimization, and statistical analysis is typically retained for up to 24 months, after which it may be anonymized or deleted.

6.5 Communication and Support Data

Customer support communications, queries, and service-related interactions may be retained for a reasonable period necessary to resolve issues, maintain service quality, and comply with legal obligations.

6.6 Testimonials, Feedback, and Media Content

• Internal Review Data: Feedback submissions, including optional child-related data or media, may be retained internally for evaluation, research, and program improvement for a limited and proportionate duration.
• Public Marketing Content: Testimonials, images, videos, or child-related content used for marketing or public display are retained only where such use has been clearly disclosed at the time of submission and acknowledged by the user through acceptance of applicable policies during submission and submission of the content, and may remain in use until such authorization is withdrawn or otherwise limited, subject to practical limitations (e.g., content already published or distributed).

6.7 Legal Claims, Disputes, and Enforcement

Data necessary for establishing, exercising, or defending legal claims, preventing fraud, enforcing agreements, or complying with regulatory obligations may be retained for longer periods as required by applicable law.

6.8 Deletion and Retention Practices

• User-facing personal data may be deleted, corrected, or updated upon user request, subject to verification and applicable legal limitations.
• Certain data may be retained even after account deletion where required for legal, regulatory, audit, fraud prevention, or contractual purposes.
• The Company currently performs manual and system-assisted data management processes, and continues to improve automated retention and deletion mechanisms over time.

The Company periodically reviews retention practices to ensure compliance with applicable data protection laws, including GDPR and Indian data protection requirements.

7. Data Security

7.1 Overview

We implement and are designed to maintain appropriate technical and organizational measures to protect personal data against:

• unauthorized access,
• accidental loss,
• misuse,
• alteration, or
• unauthorized disclosure.

Our approach to security takes into account the nature of the data, the risks involved, and generally accepted industry practices.

In case of a personal data breach, users may contact support@allrounderbaby.com for information or assistance, subject to applicable legal requirements.

Key decisions affecting users are subject to human review and are not based solely on automated processing.

7.2 Secure transmission and data protection

We use secure communication protocols (such as HTTPS) to protect data transmitted between your device and our platform.

Where applicable, data stored within our systems or through infrastructure providers may be protected using security features and safeguards provided by such platforms.

7.3 Access control and internal handling

Access to personal data is restricted to authorized personnel on a need-to-know basis.

We aim to ensure that:

• access is limited to individuals responsible for specific functions (such as support, operations, or finance),
• data is accessed only for legitimate business purposes,
• internal handling of data is subject to operational controls and oversight.

7.4 Authentication and account security

We implement measures to protect user accounts and prevent unauthorized access, including:

• OTP-based authentication mechanisms,
• limits on login attempts within defined time periods,
• session and access controls,
• monitoring of suspicious login activity.

Users are responsible for maintaining the confidentiality of their access methods and ensuring secure use of their accounts.

7.5 Device and access controls

We implement device and access-related controls to reduce unauthorized usage, including:

• limiting the number of devices that may access an account at a given time,
• requiring additional verification or manual intervention when device limits are exceeded,
• monitoring account usage patterns to detect unusual access behavior.

7.6 Platform and content protection

We implement measures to protect digital content and platform access, including:

• controlled access to purchased content,
• restrictions on unauthorized sharing or misuse,
• use of video protection and digital rights management (DRM) technologies through service providers such as VdoCipher.

7.7 Monitoring and risk management

We may monitor system activity and usage patterns to:

• detect potential security incidents,
• identify suspicious or fraudulent behavior,
• protect platform integrity and user accounts.

This may include analysis of:

• login patterns,
• device or session data,
• transaction or payout-related activity.

7.8 Vendor and infrastructure security

We rely on established service providers for key components of our infrastructure and operations, including:

• hosting and cloud infrastructure providers,
• payment and payout platforms,
• video delivery and DRM systems,
• communication and messaging services.

We aim to work with providers that implement appropriate security measures. However, such providers operate under their own systems and policies.

7.9 Incident handling and response

We take security incidents seriously and aim to:

• investigate potential incidents,
• take appropriate corrective actions,
• mitigate risks and prevent recurrence.

Where required under applicable law, we may notify affected users and/or relevant authorities in connection with certain types of data breaches or security incidents.

7.10 Data minimization and responsible handling

We aim to:

• collect only data necessary for defined purposes,
• limit unnecessary access to personal data,
• handle personal data in a manner consistent with this Privacy Policy.

7.11 Limitations of security

While we take reasonable steps to protect personal data, no system can guarantee absolute security. Transmission of data over the internet involves inherent risks. Users should take appropriate precautions when accessing online services. We cannot guarantee complete security of data at all times.

8. Your Rights and Choices

8.1 Overview

Depending on your location and applicable law, you may have certain rights in relation to your personal data. These rights may include, where applicable:

• the right to access your personal data;
• the right to correct or update inaccurate data;
• the right to request deletion or erasure of certain data;
• the right to restrict or object to certain processing;
• the right to withdraw consent where processing is based on consent;
• the right to data portability;
• the right to manage marketing preferences; and
• the right to lodge a complaint with a competent data protection authority or other regulator, where such right is available under applicable law.

These rights are not absolute and may be subject, where permitted by applicable law, legal obligations, contractual requirements, technical feasibility, legitimate interests, fraud prevention needs, and the rights of others.

You may request deletion of your data; however, certain data may be retained where required for legal, compliance, fraud prevention, audit, contractual, security, or record-keeping purposes.

8.2 Right to access your data

You may request access to personal data we hold about you.

This may include:

• account and profile data,
• transaction and payout-related data,
• referral and program participation data,
• feedback or testimonial data submitted by you.

We may provide:

• a copy of your data, or
• a structured summary of relevant information,

subject to applicable legal requirements and verification of identity.

8.3 Right to correct or update data

You may:

• update or correct your personal data through your account where available,
• request correction of inaccurate or incomplete information.

Certain updates, particularly those relating to payout or verification data, may be subject to:

• validation checks,
• verification requirements,
• system controls such as update limits, cooldown periods, or restricted edit frequency, to prevent fraud, misuse, or errors.

8.4 Right to request deletion

You may request deletion of your personal data.

Upon such request:

• profile data and optional information may be deleted or anonymized where feasible.

However, certain data may be retained where necessary for:

• legal obligations (including tax and financial record-keeping),
• audit and compliance requirements,
• fraud prevention and security,
• dispute resolution or enforcement of agreements.

As a result, data such as:

• transaction records,
• payout records,
• invoices,
• audit logs,

may continue to be retained even after deletion requests.

This means that, where applicable, you may ask us to delete or erase profile-facing and optional data associated with your account, while understanding that we may still retain certain records where required or permitted for legal, tax, accounting, audit, security, anti-fraud, payout, evidentiary, or dispute-resolution purposes.

8.5 Right to restrict or object to processing

You may have the right to:

• request restriction of certain processing activities,
• object to processing based on legitimate interests,

including certain types of:

• marketing,
• profiling,
• analytics (where applicable).

We will evaluate such requests in accordance with applicable law.

However, certain processing may continue where necessary for:

• service delivery,
• contractual obligations,
• legal compliance,
• security and fraud prevention.

8.6 Marketing preferences and opt-out

You may opt out of marketing communications at any time by:

• using unsubscribe links,
• adjusting account settings where available,
• contacting us directly.

After opting out:

• you will no longer receive marketing communications,
• however, you may continue to receive service-related communications such as:
  • account updates,
  • transaction notifications,
  • payout or referral-related updates,
  • security alerts.

8.7 Cookies and tracking choices

Non-essential cookies, analytics, and tracking technologies are activated only after obtaining your explicit consent through a cookie banner or similar mechanism, where required by applicable law.

Essential cookies required for platform functionality may be used without consent.

8.8 Withdrawal of consent

Where processing is based on consent, you may withdraw your consent at any time.

Withdrawal of consent:

• does not affect processing already carried out,
• may impact your ability to use certain features or services.

This includes consent or authorization associated with testimonials, feedback, images, audio, or videos submitted through clearly disclosed submission workflows, subject to applicable law and the practical limitations described in this Privacy Policy.

8.9 Testimonials, feedback, and media content

If you have submitted:

• feedback,
• testimonial content,
• images, audio, or videos,

you may request:

• restriction of further use,
• removal from future use where feasible.

However:

• content already used in campaigns, advertisements, or public materials may not always be immediately removable,
• content shared or distributed on third-party platforms (such as social media) may be outside our direct control,
• removal requests may be subject to:
  • the terms of the authorization provided through the clearly disclosed submission workflow,
  • technical feasibility,
  • audit or legal retention requirements,
  • payout or program-related conditions.

We will review such requests on a case-by-case basis.

8.10 Right to data portability

Where applicable law provides such a right, you may request your personal data in a structured, commonly used, and machine-readable format, where technically feasible.

8.11 Exercising your rights

We aim to respond to valid requests within a reasonable period and, where applicable law requires, within prescribed statutory timelines.

To exercise your rights, you may contact us at:

support@allrounderbaby.com

We may:

• request identity verification,
• require additional information to process your request,
• decline or limit requests where permitted by applicable law.

8.12 Limitations and misuse prevention

Requests may be limited or declined where:

• they are repetitive or excessive,
• they are technically infeasible,
• they would impact the rights of others,
• they interfere with legal, audit, or compliance obligations,
• they are suspected to be abusive or intended to misuse platform processes.

8.13 Right to lodge a complaint

Where provided by applicable law, you may lodge a complaint with a competent data protection authority, supervisory authority, or other regulator if you believe our processing of your personal data violates applicable law. We encourage you to contact us first at support@allrounderbaby.com so we can try to resolve your concern directly.

9. Cookies and Tracking Technologies

9.1 Overview

We use cookies and similar technologies to operate, secure, analyze, and improve our services, as well as to support advertising and marketing activities.

These technologies may include:

• cookies,
• pixels,
• tags,
• SDKs,
• local storage,
• and similar tracking tools.

They may be used across our:

• website,
• mobile applications,
• and integrated services.

9.2 What are cookies

Cookies are small data files stored on your device when you visit a website or use an application.

They help:

• enable core platform functionality,
• remember preferences and settings,
• understand how users interact with services,
• support analytics and advertising activities.

9.3 Types of cookies and tracking technologies

We use different categories of cookies and similar technologies:

(a) Necessary cookies

These cookies are essential for the functioning of our platform.

They may be used to:

• enable login and authentication,
• maintain sessions,
• support security and fraud prevention,
• ensure core platform functionality.

These cookies are used without requiring consent where permitted by applicable law.

(b) Functional cookies

These cookies help improve user experience by:

• remembering preferences,
• supporting user settings,
• enhancing usability of features.

(c) Analytics and performance technologies

These technologies help us:

• understand how users interact with our platform,
• measure usage and engagement,
• improve performance and functionality.

(d) Advertising and marketing technologies

These technologies are used to:

• measure campaign effectiveness,
• build audiences for advertising,
• enable remarketing or retargeting,
• deliver relevant advertisements,
• track conversions and attribution.

9.4 Third-party tracking technologies

We may use or integrate third-party tools and services that use cookies or similar technologies.

These may include:

• analytics providers such as Google Analytics or Firebase,
• advertising platforms such as Google Ads and Meta (Facebook/Instagram),
• messaging and communication providers such as MSG91,
• video delivery and DRM providers such as VdoCipher,
• payment and infrastructure providers where relevant to functionality.

These third parties may collect and process data in accordance with their own privacy policies.

9.5 Tracking in mobile applications

Within our mobile applications, we may use SDKs and similar technologies to collect data such as:

• app usage and interaction data,
• device identifiers or app instance identifiers,
• performance and crash-related information,
• video playback and interaction data (including through video delivery systems such as VdoCipher).

9.6 Consent for cookies and tracking

For cookies and tracking technologies that are not strictly necessary:

• we obtain your consent before enabling such technologies where required by applicable law,
• analytics, advertising, and remarketing technologies are activated only after consent is provided,
• you may accept, reject, or customize your preferences through our cookie consent interface.

9.7 Personalization and cross-platform tracking

We may use tracking technologies to:

• personalize content and user experience,
• analyze behavior across sessions or devices,
• support cross-platform advertising and attribution,
• optimize campaign performance and user engagement.

9.8 Managing your preferences

You can manage your preferences for cookies and tracking technologies by:

• using our cookie consent banner or settings interface,
• adjusting your browser settings,
• using device-level privacy controls where applicable.

You may also withdraw your consent at any time.

9.9 Withdrawal of consent

If you withdraw your consent:

• non-essential tracking will be disabled for future interactions,
• certain functionality or personalization may be affected,
• previously collected data may continue to be used where permitted by applicable law.

9.10 Duration of cookies

Cookies and similar technologies may be:

• session-based, which expire when you close your browser or app, or
• persistent, which remain on your device for a defined period.

The duration depends on:

• the purpose of the technology,
• system configuration,
• and third-party provider settings.

9.11 Limitations of tracking technologies

We do not use cookies or similar technologies to access sensitive information stored on your device, such as:

• contacts,
• personal files,
• or unrelated device data.

9.12 Impact of disabling cookies

If you disable certain cookies or tracking technologies:

• some features of our platform may not function properly,
• your experience may be less personalized,
• certain services or features may become limited or unavailable.

9.13 Updates to tracking technologies

We may update or introduce new cookies or tracking technologies from time to time to:

• improve functionality,
• enhance analytics,
• support new features,
• improve advertising effectiveness.

Where required, we will update consent mechanisms accordingly.

10. Children’s Privacy

10.1 Overview

Our services are designed for parents, guardians, and caregivers, particularly in relation to children in the 0–5 years age group.

We do not offer our services directly to children as independent users.

10.2 Minimum age requirement

Our platform is intended for use by individuals who are at least 18 years of age.

• Only adults may create accounts, make purchases, or interact with our services, 
• children are not permitted to independently register, submit personal data, or enter into agreements through our platform.

10.3 Parent or guardian responsibility

Any personal data relating to a child is provided by a parent or guardian.

By submitting such information, you confirm that:

• you are the parent, guardian, or authorized caregiver of the child,
• you have the authority to provide such information,
• you understand how such information may be used in accordance with this Privacy Policy.

You are responsible for ensuring that:

• the information shared is accurate and appropriate,
• necessary permissions or authorizations have been obtained,
• no unauthorized third-party child data is submitted.

10.4 Nature of child-related data

Child-related data may include:

• age or developmental stage,
• parent-reported observations and feedback,
• behavioral or contextual information,
• optional uploaded content such as images, audio, or videos.

Such data is treated as information submitted by the parent or guardian and not as data collected directly from the child.

10.5 Voluntary nature of child data submission

Submission of child-related data is entirely voluntary.

• Child-related data is not required to access or use our core services,
• Our primary service — access to pre-recorded video content — is not dependent on submission of child-related information,
• Optional submissions may be made through secure, logged-in features such as feedback or testimonial workflows.

10.6 Use of child-related data

Child-related data may be used for:

• service delivery (where relevant to feedback features),
• feedback evaluation and program participation,
• internal analysis, research, and program improvement,
• aggregated insights and statistical analysis to understand overall effectiveness of programs.

Where data is used for analysis or reporting, we aim to use aggregated or non-identifiable information where feasible.

10.7 Use of child-related data for marketing

We do not automatically use child-related data for public marketing purposes.

However:

• we may use aggregated, anonymized, or statistical information derived from user data (including child-related data) to demonstrate program effectiveness,
• we may use specific child-related content (including images or videos) for marketing, testimonials, or promotional purposes where such use has been clearly disclosed at the time of submission by the parent or guardian, and accepted as part of the submission process;

Such authorization is obtained through clear and transparent disclosure at the point of submission, and is established through the parent’s or guardian’s acceptance of applicable policies during submission together with submission of the content within that disclosed workflow.

10.8 Sharing of child-related data

Child-related data may be shared only where necessary for:

• internal operations and evaluation,
• service delivery and platform functionality,
• processing through service providers involved in storage, hosting, or content delivery.

We do not knowingly share child-related data with unrelated third parties for independent marketing purposes without a valid legal basis.

10.9 Withdrawal and removal requests

Parents or guardians may request:

• removal of child-related content from future use,
• restriction of further processing.

However:

• content already used in campaigns, advertisements, or public materials may not always be immediately removable,
• content shared or distributed through third-party platforms (such as social media) may be outside our direct control,
• removal requests may be subject to:
  • the terms of the authorization provided through the clearly disclosed submission workflow
  • technical feasibility,
  • audit or legal retention requirements,
  • program or payout-related conditions.

Requests will be reviewed on a case-by-case basis.

10.10 Incorrect or unauthorized submissions

If we become aware that:

• child-related data has been submitted without proper authorization, or
• content violates applicable rights or policies,

we may:

• investigate the matter,
• restrict access to such data,
• remove or delete such content where appropriate.

10.11 No direct child interaction

We do not knowingly:

• collect personal data directly from children without parental involvement,
• allow children to independently submit personal data,
• allow children to independently participate in transactions, payouts, or contractual activities.

10.12 Approach to child data protection

We aim to apply a high standard of care when handling child-related data, including:

• limiting unnecessary collection,
• restricting use to defined purposes,
• avoiding misuse or unauthorized disclosure,
• handling such data with additional sensitivity due to its nature.

11. Updates, Contact, and General Provisions

11.1 Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• changes in our services, features, or business operations,
• updates to our data processing practices,
• changes in applicable legal or regulatory requirements,
• improvements to our security, privacy, or compliance measures.

The updated version will be made available on our website and will include a revised “Last Updated” date.

We encourage you to review this Privacy Policy periodically to stay informed about how we handle personal data.

11.2 Notification of changes

We may, at our discretion, provide additional notice of material changes through:

• website notifications,
• in-app messages,
• email or other communication channels.

However, unless required by applicable law, we are not obligated to provide individual notice for every update.

11.3 Grievance Officer / Privacy Contact

In accordance with applicable laws, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Company has designated a Grievance Officer to address privacy-related concerns, complaints, and data protection requests.

Name: Shubha Nayak

Designation: Director & Grievance Officer

Email: support@allrounderbaby.com

Address: Flat A 304, Royal City, Potiya Road, Durg, Chhattisgarh – 491001, India

Users may contact the Grievance Officer for:

• data access, correction, or deletion requests
• withdrawal of consent
• complaints regarding data processing
• any privacy or security-related concerns

The Company aims to acknowledge and resolve grievances within 30 days from the date of receipt, or within such period as required under applicable law.

11.4 Data Protection Officer (DPO)

The Company has assessed its current operations and does not appoint a formal Data Protection Officer under Article 37 of the GDPR at this stage, as its core activities do not currently involve large-scale systematic monitoring or large-scale processing of special categories of personal data.

The Company will continue to review this position periodically and will appoint a Data Protection Officer where required under applicable law.

For all privacy-related matters, users may contact the Grievance Officer or the Company at: support@allrounderbaby.com.

11.5 Response to requests

We handle privacy-related queries, requests, and complaints in accordance with our internal processes and applicable law, including applicable verification requirements and response timelines.

11.6 Governing law and jurisdiction

This Privacy Policy is governed by the laws of India.

This does not limit any mandatory rights or protections available to you under applicable data protection laws in your jurisdiction.

11.7 Relationship with applicable laws

Where applicable data protection laws grant you specific rights or protections, such rights will apply to the extent required by law.

Nothing in this Privacy Policy is intended to limit or exclude rights that cannot be lawfully restricted.

11.8 Severability

If any provision of this Privacy Policy is found to be invalid, unlawful, or unenforceable, the remaining provisions will continue to remain in full force and effect.

11.9 No waiver

Failure by us to enforce any provision of this Privacy Policy shall not constitute a waiver of that provision or any other rights.

11.10 Interpretation

Headings in this Privacy Policy are for convenience only and do not affect interpretation.

12. Additional Disclosures and Clarifications

12.1 No sale of personal data

We do not sell personal data as a standalone commercial activity involving the exchange of personal data for monetary consideration.

However, we may use analytics, advertising, and tracking technologies as described in this Privacy Policy and our Cookies Policy.

12.2 No solely automated decision-making with legal effect

We do not use personal data to make solely automated decisions that produce legal effects or similarly significant impacts on individuals without appropriate human involvement where required by applicable law.

Certain automated processes (such as validation checks, fraud detection indicators, or system controls) may be used as part of our operations, but such processes are designed to support decision-making and are not intended to replace appropriate human oversight where required.

12.3 Data accuracy and user responsibility

You are responsible for ensuring that the personal data you provide is:

• accurate,
• complete,
• and up to date.

We may rely on the information provided by you for operational, payout, and compliance purposes, and are not responsible for issues arising from incorrect, incomplete, or outdated information submitted by users.

12.4 Third-party platforms and environments

Our platform may contain links to third-party websites, services, or applications, or may integrate with third-party systems.

Where you interact with such third-party services:

• your data may be processed under their respective policies,
• we do not control their independent processing practices,
• we are not responsible for their privacy practices or content.

We encourage you to review the privacy policies of such third parties before providing personal data.

12.5 Platform availability and operational limitations

We aim to provide our services in a reliable and secure manner, subject to technical, operational, and third-party limitations.

While we aim to maintain reliable and secure services, we do not guarantee:

• uninterrupted or continuous availability,
• error-free operation,
• compatibility across all devices, environments, or networks.

This does not affect our obligations under applicable data protection laws.

12.6 Scope of this Privacy Policy

This Privacy Policy describes how we handle personal data within the scope of our platform and services.

It does not:

• create contractual obligations beyond what is required under applicable law,
• override specific contractual terms applicable to particular products, services, or programs, except where required by law.

12.7 Interpretation and structure

Headings in this Privacy Policy are for convenience only and do not affect interpretation.

References to sections are intended to improve readability and do not limit the meaning of the content.