SynIQ — Privacy Policy

Effective date: 1 May 2026

This policy explains what personal data SysMindX collects when you use SynIQ, how we use it, and your rights under the Digital Personal Data Protection Act, 2023 (DPDP Act).

1. What We Collect

Parent account:

  • Mobile number (used for OTP login and communications)
  • Name (as entered during registration)
  • Consent record (timestamp of acceptance of these terms)
  • Account creation date

Child (student) profile:

  • Name and school grade
  • School name and city (optional)
  • Practice activity: sessions started, questions answered, scores, time spent
  • PIN (stored as a cryptographic hash — we cannot read it)

Automatically collected:

  • Browser type and device type (for compatibility, not tracking)
  • Approximate session timestamps

We do not collect email addresses for accounts, location data, camera or microphone access, or any biometric information.

2. How We Use Your Data

We use your data only for the following purposes:

  • Authenticating your login via OTP
  • Providing and personalising the practice experience
  • Showing progress reports to the parent
  • Sending service communications (login OTP, subscription updates, new features) to the registered mobile number
  • Responding to support or deletion requests

We will never sell, rent, or share your personal data with any third party for marketing, advertising, or commercial purposes.

3. Data Shared With Third Parties

We share minimal data with the following categories of processors, solely to operate the service:

  • OTP delivery provider (MSG91): Your mobile number is shared only to send the login OTP. MSG91 does not retain it beyond delivery.
  • Cloud hosting provider: Our servers are hosted on a VPS in India. The provider has access to the infrastructure but not to application data.

No data is transferred outside India. All processors are bound by confidentiality obligations.

4. Children's Privacy

SynIQ is intended for children aged 8–14 (Grades 3–8). In line with the DPDP Act, child accounts are created and managed exclusively by a verifiable parent or guardian.

We do not allow children to register independently. We do not knowingly collect data from children without parental consent.

If you believe a child's data has been collected without your consent, contact us immediately at sysmindx@gmail.com and we will delete it within 72 hours.

5. Data Retention

We retain your data for as long as your account is active. If you request deletion:

  • Child account: Locked immediately; permanently deleted within 48 hours unless cancelled by the parent.
  • Parent account: Locked immediately; permanently deleted within 30 days unless you log back in to cancel. All linked child accounts are deleted at the same time.

After deletion, anonymised aggregate data (e.g. "X questions attempted in Grade 5") may be retained for internal analytics with no link to your identity.

6. Your Rights (DPDP Act 2023)

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the right to:

  • Access: Request a summary of personal data we hold about you
  • Correction: Request correction of inaccurate data (name, grade)
  • Erasure: Request deletion of your account and all associated data
  • Grievance redressal: Raise a complaint about how we handle your data
  • Nominee: Designate a nominee to exercise rights on your behalf

To exercise any of these rights, contact our Data Protection Officer at sysmindx@gmail.com. We will respond within 7 business days.

7. Security

All data is transmitted over HTTPS. PINs are stored as bcrypt hashes — they are not recoverable even by our staff. Access to the production database is restricted to authorised personnel only.

Despite these measures, no system is 100% secure. If you suspect unauthorised access to your account, please contact us immediately.

8. Cookies & Local Storage

We use browser localStorage (not cookies) to keep you logged in. Specifically:

  • syniq_parent_token — stores your 30-day parent session token
  • syniq_token — stores the child's 24-hour practice session token

No third-party tracking cookies or analytics scripts are loaded. Clearing browser storage signs you out.

9. Changes to This Policy

If we make material changes to this policy, we will notify you via SMS to your registered mobile number at least 15 days before the changes take effect. The effective date at the top of this page will be updated.

10. Grievance Officer & Contact

For privacy concerns, data requests, or grievances under the DPDP Act 2023:

SysMindX — Data Protection Officer
Email: sysmindx@gmail.com
Response time: within 7 business days