Legal Agreements

PRIVACY POLICY

Last Updated: 30 May, 2025
View or Download PDF

This Privacy Policy describes how TuitionLance ("we," "us,", "our" or "platform") collect, use and protect your Personal Data in a lawful, transparent and fair manner when you visit our website (www.tuitionlance.com), use our mobile application, raise queries, engage with our Services (refer to Terms of Service) or participate in our social media channels. The brand and platform TuitionLance is owned and operated by the proprietorship Natural Programmer operating at 13AA Mani Tribhuvan, Kalarahanga, Bhubaneswar, Odisha, India, PIN – 751024.

We conform to the data protection laws and privacy rights as per the Digital Personal Data Protection Act 2023 (DPDPA), General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

1. DEFINITIONS

a. Academy

An educational entity registered on our platform, consisting of one or more teachers and staff (such as a principal and mentors), offering educational services such as courses or coaching classes.

b. Deidentification

The process of modifying personal data so that it can no longer be attributed to a specific individual without additional information. It may still allow for reidentification if combined with other data sources.

c. Personal Data

Any information that relates to an individual and enables, either directly or when combined with other information, the identification of that individual. This may include, but is not limited to, names, contact information, identification numbers, online identifiers, and information regarding the use of our website or services, whether or not the information is accurate.

d. Process

Any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, storage, use, alteration, retrieval, disclosure, transmission, or erasure.

e. Special Categories of Data

Sensitive data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

f. Student

Any individual who registers on our platform to receive educational services offered by the Academies.

2. PERSONAL DATA COLLECTED

a. Identifying and Contact Data

We collect personal identifiers such as your name and contact information — email addresses and mobile numbers. For users registering as academies or students, signing up via Gmail is mandatory; therefore, we collect Gmail identifiers.

b. Technical and Usage Data

We use cookies and similar technologies to collect certain categories of technical and usage data when you interact with our website. These technologies may include:

i. Strictly Necessary Cookies: These are essential for the operation of the website and include cookies used for login sessions, navigation control, form validation, security tokens, and language or interface preferences.

ii. Analytical or Performance Cookies: These help us understand how visitors interact with the website. They may collect information such as time spent on pages, user click paths, browser type, screen resolution, and referring URLs. The data collected is typically aggregated and used to identify areas for performance improvement.

iii. We do not collect or use marketing, advertising, behavioural, or cross-site tracking cookies. This includes cookies used for profiling users, personalising ads, or tracking users across different websites for remarketing purposes.

c. Academic Data

Academies may require students to provide additional academic or contextual information, such as school name, nationality, grade level, or similar data for effective educational delivery. Such information is governed by the respective academy's internal privacy policies, and students are advised to confirm the same with the academy directly. In the event we become privy to such information, we will treat it with the same level of confidentiality and protection as personal data directly collected by us and in accordance with this Privacy Policy. The data that we collect from Academies include:

i. Address of the principal or registered address of the academy (if applicable)

ii. Goods & Services Tax Identification Number (GSTIN), if applicable

iii. Payment and billing information, for advertising on our platform and other promotional services.

iv. Identity verification documents, including incorporation certificates and proof of educational qualifications.

v. Course and service-related content such as syllabi, subject listings, and teacher profiles.

d. Chat transcripts between students and academy personnel.

e. Feedback regarding website functionality, user experience, and satisfaction with services received.

f. Access Tokens and Refresh Tokensassociated with your Google account

Note: We do not collect geolocation data or Special Categories of Data unless explicitly provided for compliance.

3. SOURCES OF COLLECTION

a. Direct Input

Data you provide directly when registering, submitting forms, uploading documents, or contacting us.

b. Automated Collection

Technical and usage data may be collected automatically through cookies and similar tracking technologies when you access or interact with our website.

c. Third-Party Integrations

Access and Refresh tokens are collected automatically when you authorise our platform to access your Google account. The tokens are issued directly by Google following your explicit consent and are transmitted to us via secure communication channels as part of the integration process.

4. PURPOSES OF PROCESSING PERSONAL DATA

We process your Personal Data only where permitted under applicable law. Depending on the nature of the interaction, the lawful basis may include your consent, contractual necessity, compliance with legal obligations, or our legitimate interests, provided such interests are not overridden by your fundamental rights.

a. Operation of Platform and Delivery of Services

To create, manage, and administer user accounts; enable registration and profile configuration; facilitate class scheduling and service bookings; and respond to service-related queries.

b. User Authentication and Verification

To authenticate users during login; verify the identity and legitimacy of Academies and their personnel; and ensure compliance with platform eligibility criteria through validation of submitted documentation.

c. Payment and Billing Management

To collect, process, and record payments related to Academy advertising and promotional services, and to meet legal and accounting obligations.

d. Communication and Notices

To send transactional, administrative, service-related, promotional, and marketing communications via email or other channels. The Google Access and Refresh tokens allow us to perform specific actions on your behalf via Google's APIs, such as creating or managing events in your Google Calendar.

e. Calendar Synchronisation and API Integrations

To synchronise user schedules, enable class notifications, and support related functionality via authorised third-party services such as Google Calendar. This requires the secure storage and use of Gmail identifiers and encrypted refresh tokens.

f. Display of Feedback and Testimonials

To publish positive feedback, testimonials, or endorsements submitted by users on our website or associated social media channels, subject to user consent.

g. Platform Security, Monitoring, and Legal Compliance

To detect and prevent unauthorised access, abuse, fraud, and service misuse; to enforce our Terms of Service; and to comply with applicable legal, audit, and regulatory obligations.

h. Usage Analytics and Service Improvement

To analyse website usage patterns, user engagement, and technical performance in order to improve website stability, interface design, content relevance, and overall user experience.

i. Quality Assurance and Dispute Resolution

To retain and review chat transcripts, support interactions, and user feedback for quality assurance, issue resolution, and maintaining service standards.

Note: We do not make decisions based solely on automated processing that has legal or significant effects on you. While we may use tools to assist with tasks like course recommendations, all final decisions are reviewed by qualified staff to ensure fairness and accuracy.

5. RECIPIENTS OF PERSONAL DATA

We may disclose Personal Data to the following categories of recipients, strictly on a need-to-know basis and subject to appropriate confidentiality and data protection obligations:

a. Service Providers and Sub-Processors

This includes payment gateways and IT support contractors who assist in operating our platform and delivering our Services.

b. Academies and their Authorised Personnel

Where a student joins or interacts with an academy via the platform, relevant personal data (e.g., name, academic details, chat logs) is shared with that academy's Principal, Teachers or Mentors as necessary to enable the provision of educational services.

c. Natural Programmer Personnel

Authorised employees, contractors, and administrative staff may access Personal Data solely to the extent required to ensure service functionality, respond to support requests, and maintain compliance.

d. Third-Party Integrations

Including but not limited to Google Workspace services (e.g., Calendar, Gmail) as expressly authorised by the user for scheduling or communication purposes.

e. Legal, Regulatory, or Compliance Authorities

Where disclosure is required under applicable law, pursuant to a legal obligation, or in good faith to protect the rights, property, or safety of users or the public.

6. SALE OF PERSONAL DATA

We do not sell personal data to third parties without explicit user consent. Under the CCPA and CPRA, "sale" includes exchange of personal information for monetary or other valuable consideration. If personal data is ever sold, we will clearly specify the categories of personal data involved and the purpose of such sale. Additionally, you have the right to know what categories of personal data have been shared with each third party.

7. SECURITY

We deploy industry-standard technical and organisational safeguards, including encryption, to protect your personal data against unauthorised access, alteration, use, disclosure, or destruction. This includes storing sensitive credentials such as Google account access and refresh tokens in an encrypted format, ensuring they remain inaccessible even to our technical personnel. Nevertheless, no internet-based system can guarantee absolute security. Consequently, we disclaim liability for any unauthorised or unintended access that occurs beyond our reasonable control. In the event of a data breach involving your personal information, we will promptly notify you and relevant regulatory authorities in accordance with applicable legal requirements.

Employees and contractors involved in handling personal data shall undergo adequate training to ensure compliance with data protection principles, maintain confidentiality, and uphold security standards. Training shall be conducted periodically to align with evolving regulatory requirements and industry best practices.

8. THIRD-PARTY LINKS

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of such sites. We encourage you to read the privacy policies of any linked websites you visit.

9. YOUR RIGHTS

Depending on your location, you may have the following rights regarding your personal data:

a. Access

The right to receive copies of your personal data.

b. Rectification

The right to correction of any information you believe is inaccurate or incomplete.

c. Erasure

The right that we erase or delete your personal data. Except where the processing is necessary for fulfilling ongoing contractual obligations or for the purposes of delivering our services, and compliance with applicable laws.

d. Restriction of Processing

The right to request that we restrict the processing of your personal data under certain conditions.

e. Objection to Processing

The right to object to our processing of your personal data, which may be rejected if our lawful purposes override your rights and interests.

f. Data Portability

The right to request that we transfer the data that we have collected to another organisation or directly to you under certain conditions, in a structured, commonly used, and machine-readable format.

g. Withdraw Consent

i. You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of our website may become inaccessible or not function properly.

ii. You can opt out of communications and processing for the purpose of marketing and promotions.

iii. Personal data retained for any purpose or processing that you have withdrawn your consent to shall be deleted or cease to be processed, except if required for compliance with any applicable law.

iv. The legality of processing that happened prior to the withdrawal of consent is not going to change based on the new absence of consent.

h. Grievance Redressal

If you are unsatisfied with our resolution or answer provided to any complaint or query you have, you have the right to lodge a complaint with the Data Protection Board of India or any other authority applicable to your jurisdiction.

i. Nomination

You have the right to nominate any other person who can, in the event of your demise or incapacity (unsoundness of mind or infirmity of body), exercise the above rights on your behalf.

j. Accounting of Disclosures

We maintain records of personal data shared with any third-parties and provide it to you upon request.

You shall not be discriminated against in any manner regarding the handling of your personal data. This includes, but is not limited to, any denial of services, pricing disparities, or deviations from standard business practices based on the exercise of their data protection rights. You shall not be subject to unfair treatment or adverse consequences for asserting your rights under applicable data protection laws.

To exercise any of these rights, please contact us, as given below. We shall address your requests within a maximum time of sixty (60) days. If your request is declined or needs more time to be processed, you shall be notified of the valid reasons for doing so.

10. DATA MINIMISATION AND RETENTION

We adhere to the principle of data minimisation by collecting and processing only such personal data as is necessary, relevant, and proportionate to the specific purposes for which it is collected. Wherever feasible, we shall make reasonable efforts to de-identify data.

We retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. Records may be retained for a period of up to six (6) years from the date of last interaction unless a longer retention period is required or permitted by law.

11. YOUR DUTIES REGARDING THE DATA YOU PROVIDE

a. You shall not impersonate any other person.

b. You shall not suppress material information, such as when providing any unique identifier documentation or proof of address that is issued by your State or Government authorities.

c. You shall not register any false or frivolous complaints with us or the Data Protection Board of India or the applicable authority having jurisdiction over your region.

d. You shall provide only such information that is verifiably authentic, while exercising your rights to rectification and erasure of your personal data.

e. You shall be responsible for compliance with other such laws that are applicable to you or your region .

12. CHILDREN'S PRIVACY

Our platform is forbidden to be used by persons who do not have the legal capacity to enter into binding agreements. Consequently, if you are underage (e.g., below the age of 18 in India) or have a disability that prevents you from entering into binding agreements, you may request your parent or legal guardian to use the platform on your behalf.

We do not knowingly process personal data of persons who do not have legal capacity to enter into binging agreements. If you are a parent or guardian and believe that such personal data of your ward has been provided or is being, please contact us immediately. Upon verification, we will take prompt steps to rectify the issue.

We shall not undertake any processing that is likely to cause any detrimental effect on the well-being of a child, including targeted advertising and tracking usage or behavioural data.

13. REGIONAL CLARIFICATIONS

a. If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, your personal data is processed in accordance with the General Data Protection Regulation (GDPR) and applicable local laws. You have some special rights, such as the right to data portability, or object to the processing of your personal data, and to lodge a complaint with your local supervisory authority. Our Privacy Policy is designed to reflect and accommodate these rights wherever applicable.

Furthermore, any International Data Transfers are conducted pursuant to adequacy decisions, implementation of standard contractual clauses, or other legally recognised safeguards to ensure the continued protection of your personal data. This Privacy Policy, together with the accompanying Terms of Service, constitutes the binding contractual framework governing such data processing activities.

b. If you are a resident of California, you are entitled to specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), such as the right to opt out of the sale or sharing of your personal information, as applicable. Our Privacy Policy is designed to reflect and accommodate these rights wherever applicable.

14. UPDATES

a. This privacy policy will be reviewed at least once annually, and updates may be made to maintain compliance with applicable laws. Continued use of our website and services shall signify your consent to this Privacy Policy and our practices. You may be notified of significant changes to this Privacy Policy via email.

b. If any category of data is processed other than those stated above and for any purpose or from any source not already stated above, we shall expressly notify you of the same and obtain your consent before such processing unless such processing is authorised by law for the purpose of prevention or detection, or investigation of offences or cyber incidents or for the punishment of offences.

15. CONTACT US

Email:[email protected]
Address: Natural Programmer, 13AA Mani Tribhuvan, Kalarahanga, Bhubaneswar, Odisha, India, PIN – 751024

By browsing our website, using our mobile application (to be launched soon) or engaging with our Services, you confirm that you have read, understood, and agreed to this Privacy Policy. You consent to the processing of your Personal Data as described herein.
You also confirm that you have the legal capacity to provide consent to this Privacy Policy. Specifically, this means that in the case of an underage person (e.g., below the age of 18 in India) or a person with a disability, the parent or legal guardian has reviewed and is consenting to this Privacy Policy.