🔒

Privacy Policy

Effective: April 27, 2026

1. About GenGlee

GenGlee is an educational quiz application for children in Classes 1 through 10 (typical age range 5–15 years), serving schools and families in India and the UAE. Content follows NCERT/CBSE syllabuses (India) and Cambridge Primary/IGCSE syllabuses (UAE and international schools). This Privacy Policy explains what data we collect, how we use it, and the rights available to you and your child under applicable law, including India's Digital Personal Data Protection Act, 2023 (the "DPDP Act") and the UAE Personal Data Protection Law (the "UAE PDPL").

2. Parental consent

Because GenGlee is used by minors, we require verifiable parental consent before processing a child's personal data. By creating an account or permitting your child to use the app, the parent or legal guardian:

  • confirms they are over 18 and act as the child's lawful guardian;
  • consents to the data practices described below;
  • may withdraw consent at any time using the contact details in section 11.

If you suspect a child has signed up without parental consent, contact us and we will delete the account.

3. Data we collect

We collect only what we need to deliver the service:

  • Account data: child's first name, age, class level, country. Optional at signup: parent's phone number, email, password (used for login + account recovery).
  • Identity: a randomly-assigned "Whiz Name" (e.g. BraveTiger) used on every public surface in place of the real name.
  • Learning activity: answers submitted, scores, streaks, badges, certificates, time-on-task per topic. Used by the adaptive engine to pick appropriate questions.
  • Social activity (optional): friend connections (only with mutual acceptance), challenge invites and results, emoji reactions (from a fixed set).
  • Technical data: session cookie, device fingerprint (IP and browser user-agent at login), web push subscription endpoint if you opt in.
  • Payment data (optional): if you purchase Premium, transaction metadata (Razorpay order id, plan, amount, status). Card and bank details are handled by Razorpay and never reach our servers.

4. What we do NOT collect

  • No precise location, GPS, or background location.
  • No photos, microphone, contacts, calendar, or device file access.
  • No persistent advertising identifiers and no third-party advertising of any kind.
  • No open free-text chat between users — all peer interaction is via fixed-set emoji reactions or accept/decline.

5. How we use your data

  • To deliver age-appropriate, curriculum-aligned questions (NCERT/CBSE or Cambridge, based on your selection) through the adaptive engine.
  • To track streaks, badges, certificates, and other in-app rewards.
  • To send opt-in web push notifications (e.g. streak-at-risk reminders) and, where applicable, weekly progress updates to a parent's phone number.
  • To process Premium subscription payments through Razorpay.
  • To prevent abuse and improve the service through aggregated, de-identified usage statistics.

We do not sell your data. We do not share your data with advertisers.

6. Service providers we share data with

We share strictly necessary data with these processors:

  • Railway & PostgreSQL — hosting and database (data stored within their secure infrastructure).
  • Razorpay — payment processing for Premium subscriptions (transaction metadata only; we never see card or bank details).
  • Cloudinary — content delivery for question images.
  • Web push services (Google FCM, Mozilla autopush, Apple push) — only if you opt in to notifications.
  • Cron-job.org — scheduled reminder triggers (no personal data shared, only an authenticated heartbeat to our endpoint).
  • Brevo — transactional email delivery (password-reset and account-recovery emails only; no marketing emails).

Each provider acts as a data processor under contract and processes data only for the purposes listed above.

7. Children's privacy controls

  • Real names are never displayed in public surfaces (leaderboards, arenas, friends). Only the Whiz Name appears.
  • Friend requests require explicit acceptance by the recipient — no one can force-add your child.
  • No open text chat. Reactions are limited to a fixed set of emojis.
  • Parent contact details (phone or email) are used only for account recovery, parent dashboards, and (if opted in) weekly progress updates.
  • Questions flagged as inappropriate by 3 or more children are auto-archived and reviewed by our team.

8. Storage, security, and retention

Data is stored on Railway-hosted PostgreSQL with encrypted connections. Passwords are hashed using bcrypt; sessions are signed HMAC-SHA256 cookies plus a server-side device record. We retain account data for as long as the account is active. If an account is inactive for 24 consecutive months, we may delete it after notifying you via the contact on file.

9. Your rights

You and your child (through you, as guardian) have the right to:

  • Access: obtain a copy of your child's personal data we hold.
  • Correction: ask us to correct inaccurate data.
  • Erasure: request deletion of your child's account and personal data. You can do this yourself at genglee.com/delete-account, in Profile → Settings → Delete my account, or by emailing us.
  • Withdraw consent: stop processing at any time. Withdrawal does not affect lawful processing before the withdrawal.
  • Grievance (India): raise a complaint with our Grievance Officer (section 11) or with the Data Protection Board of India under the DPDP Act, 2023.
  • Grievance (UAE): raise a complaint with the UAE Data Office under the UAE PDPL.

10. Cookies and local storage

We use a single signed session cookie (genglee_session) for authentication and the browser's localStorage to remember your in-progress quiz state and preferences. We do not use third-party tracking cookies or analytics SDKs that fingerprint your device.

11. Contact & Grievance Officer

For privacy questions, data requests, withdrawal of consent, or complaints under the DPDP Act, write to:

Email: hello@genglee.com

Subject line: "Privacy request — <your request>"

We respond to verified requests within 30 days. If you are not satisfied, you may approach the Data Protection Board of India.

12. Changes to this policy

We may update this Privacy Policy when we add features or change processors. Material changes will be notified through an in-app banner and, where we have an email or phone on file, by direct message. The "Effective" date at the top of this page reflects the most recent update.

← Back to GenGleeRefund Policy →