Privacy Policy

PRIVACY POLICY

Digri.ai — Web & Mobile Application

Effective Date: 19 May 2026    |    Last Updated: 19 May 2026

This Privacy Policy explains how GyanMatrix Academy Private Limited (“GyanMatrix”, “we”, “our”, or “us”) collects, uses, stores, shares, and protects personal information when you use the Digri.ai web platform, mobile application, and related services (collectively, the “Platform” or “Services”).

Digri.ai is an AI-powered learning, practice, assessment, and placement intelligence platform used by students, educational institutions, faculty, mentors, placement officers, and recruiters. By accessing or using the Services, you agree to the practices described in this Privacy Policy.

This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Digital Personal Data Protection Act, 2023 (DPDP Act), and applicable provisions of the EU General Data Protection Regulation (GDPR) and Google Play Developer Policies.

1. Who We Are

Data Fiduciary / Controller: GyanMatrix Academy Private Limited

Registered Office: 1st Floor, Mapa Centre, Near Lakshmi Mills, Coimbatore – 641037, Tamil Nadu, India

Product: Digri.ai — web and mobile application

Website: www.digri.ai

Contact for Privacy: privacy@digri.ai

Grievance Officer: As designated under Section 5 of the IT Rules, 2011 and Section 8(9) of the DPDP Act, 2023 (see Section 14).

2. Scope of this Policy

This Privacy Policy applies to:

• The Digri.ai web platform accessed via www.digri.ai and partner institutional domains.
• The Digri.ai mobile application available on the Google Play Store and other distribution channels.
• Any APIs, dashboards, mobile features, and connected services operated by GyanMatrix Academy.

Note: Many institutional users access Digri.ai through their college, school, or employer (the “Institution”). In such cases, the Institution acts as the Data Fiduciary / Controller and Digri.ai operates as a Data Processor on the Institution’s behalf. The Institution’s own privacy notices may apply in addition to this Policy.

3. Information We Collect

We collect only the information necessary to deliver the Services and improve learning, assessment, and placement outcomes.

3.1 Information You or Your Institution Provide

• Identity & profile data: full name, gender, date of birth, profile photograph.
• Contact data: email address, phone number, mailing address.
• Academic data: institution name, department, batch, register number, semester, CGPA, marks, attendance, subjects.
• Account credentials: username, hashed password, role (Student / Mentor / HOD / Admin / Chairman / Placement Officer / Recruiter).
• Skill & assessment data: practice submissions, code, MCQ answers, descriptive answers, scores, time spent, attempt history, AI-generated feedback, digri points, leaderboard ranks.
• Placement data: resumes, projects, internships, certifications, achievements, job preferences, placement status.
• Communication: messages, support tickets, feedback, survey responses.

Mobile note: The mobile app currently allows you to view this information and to upload only a profile photo. Other profile fields are collected via the web platform or supplied by your Institution.

3.2 Information Collected Automatically

Web platform:

• Device data: device model, operating system and version, unique device identifiers, mobile network, language settings.
• Usage data: pages and screens viewed, features used, session duration, click events, crash logs, performance metrics.
• Log data: IP address, browser type, access timestamps, referring URLs.
• Cookies and similar technologies (web only): session cookies, authentication tokens, analytics cookies.

Mobile application:

• Device push notification token: registered when you grant notification permission, in order to deliver alerts.
• Standard HTTP request metadata: visible to our servers when the app calls our APIs (IP address, request timestamp, user-agent string).
• The mobile app does not currently include analytics, click tracking, session recording, or third-party crash reporting. If we add such instrumentation in future, this Policy and the Play Store Data Safety form will be updated first.

3.3 Proctoring Data (Assessments Only) — Web Platform Only

When you take a proctored assessment, and only during the active duration of that assessment, we may collect:

• Webcam photographs and short video clips of you taking the test.
• Screenshots of the active assessment window.
• Tab-switch, full-screen exit, and copy-paste events.
• Microphone audio, only if explicitly enabled by your Institution for that assessment.

Purpose: verify identity, prevent malpractice, and ensure academic integrity. Proctoring features are activated by your Institution and clearly disclosed before each assessment. You may decline, but you may then be unable to take that specific assessment.

Mobile application: the Digri.ai mobile app does **not** perform proctoring. It does not record video, take screenshots, capture audio for proctoring, or monitor application focus events. If proctoring is added to the mobile app, this Policy and the app’s runtime permissions will be updated before the feature ships.

3.4 Data from Connected Third-Party Platforms

If you choose to link your accounts, we receive public profile and activity metadata from:

• GitHub (repositories, commits, languages, contributions)
• LeetCode (problems solved, ranking, submission stats)
• HackerRank (badges, ratings, certifications)
• HackerEarth (challenges, scores)
• SonarCloud (code quality metrics)
• Stack Overflow (reputation, public answers)

We only read data you explicitly authorise via OAuth or by providing a public username. We never post on your behalf.

Mobile application: The mobile app displays the results of these integrations read-only; it does not perform OAuth linking or request additional access to third-party accounts.

3.5 Mobile App Permissions

The Digri.ai mobile app may request the following Android permissions:

We do not collect: precise GPS location, contacts, SMS messages, call logs, or installed applications lists, microphone audio, or screen-capture data. Permissions can be revoked at any time in your device settings.

3.6 Locally Stored Data on Your Device (Mobile)

• Encrypted account credentials (email, password, tenant identifier) stored in platform-secure storage (`expo-secure-store` → Android Keystore / iOS Keychain) to support silent re-authentication when your session token expires. You can clear this by signing out, disabling biometric login, or uninstalling the app.
• Session JWT and biometric/session-lock preferences.
• Cached PDF files and related metadata, to support faster access. You can clear the PDF cache from in-app settings.
• Profile picture (base64 cached for offline display).
• FCM device token registered for push notification delivery.

4. How We Use Your Information

We use personal information for the following purposes:

• Provide and operate the Digri.ai learning, practice, assessment, and placement modules.
• Authenticate users, manage accounts, and enforce role-based access.
• Generate digital profiles, dynamic resumes, dashboards, and reports.
• Deliver AI-powered code evaluation, hints, and feedback using Google Vertex AI (Gemini).
• Conduct secure, proctored assessments and detect malpractice.
• Track skill development, generate analytics, and produce institutional insights.
• Facilitate placement automation — share verified profiles with recruiters where authorised.
• Send transactional notifications (timetable, attendance, assessment alerts).
• Provide customer support and respond to grievances.
• Detect, prevent, and respond to fraud, abuse, security incidents, and policy violations.
• Comply with legal obligations and lawful requests from authorities.
• Improve, debug, and develop new features (using aggregated or de-identified data wherever possible).

4.1 Use of Artificial Intelligence

We use Google Vertex AI (Gemini models) to generate hints, evaluate code, compare submissions to sample solutions, and produce feedback. Inputs sent to Vertex AI are processed under Google Cloud’s data processing terms and are not used to train Google’s foundation models. We never sell user data to third parties for training purposes.

5. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

• Consent: for optional features such as third-party platform linking, biometric login, audio proctoring, and marketing communications.
• Contractual necessity: to deliver the Services agreed between the Institution and GyanMatrix Academy.
• Legitimate interests: for security, fraud prevention, analytics, and product improvement, balanced against your rights.
• Legal obligation: to comply with applicable laws and regulatory requirements.

6. How We Share Information

We do not sell personal data. We share information only as described below.

6.1 With Your Institution

Students’ academic, skill, assessment, attendance, and placement data is visible to the relevant authorised personnel at their Institution — Chairman, Principal/Admin, HODs, Mentors, Faculty, and Placement Officers — based on configured role permissions.

6.2 With Recruiters (Placement Module)

Verified digital profiles may be shared with corporate recruiters and hiring partners when a student opts in to a specific drive or placement opportunity through the Institution’s placement workflow.

6.3 With Service Providers (Sub-Processors)

We rely on carefully selected vendors who process data on our behalf under contractual data-protection commitments:

All sub-processors are bound by contractual data-protection commitments.

6.4 Legal & Safety Disclosures

We may disclose information when required by law, court order, or government request, or to protect the rights, safety, and property of GyanMatrix Academy, our users, or the public.

6.5 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the successor entity, subject to the protections in this Policy.

7. Authentication and Biometric Login

If you enable biometric login on the mobile app, your device’s operating system handles fingerprint / face matching locally. Digri does not receive or store your raw biometric template.

To enable silent re-authentication when your session token expires, the mobile app stores your account credentials in platform-secure encrypted storage on your device (Android Keystore / iOS Keychain). These credentials never leave your device except as a normal sign-in request to our authentication endpoint, over TLS. You can remove them by signing out, disabling biometric login, or uninstalling the app. We are actively working to replace this mechanism with a refresh-token flow in a future release.

8. Data Retention

We retain personal data only as long as necessary for the purposes set out in this Policy:

• Active accounts: data is retained throughout the engagement with the Institution.
• Proctoring media (web only): retained for up to 180 days after the assessment, unless extended by the Institution for academic-integrity review or required by law.
• Practice and assessment history: retained for the duration of the student’s programme plus up to 3 years, to support placement and alumni reporting.
• Account closure: on verified request, we delete or anonymise personal data within 90 days, subject to legal, accounting, and audit retention requirements.
• Aggregated and de-identified data may be retained indefinitely for research, benchmarking, and product improvement.

9. Data Security

We implement reasonable security practices aligned with ISO/IEC 27001 principles and the IT Rules, 2011, including:

• Encryption in transit (TLS 1.2+) and at rest for sensitive data.
• Role-based access control and the principle of least privilege.
• Hashed and salted passwords; MFA available for administrative accounts.
• Network firewalls, intrusion detection, and continuous monitoring on Google Cloud.
• Regular vulnerability scans, security reviews, and dependency patching.
• Employee training, NDAs, and background-checked vendor access.
• Documented incident response and breach notification procedures.

No method of transmission or storage is 100% secure. In the event of a data breach affecting your personal data, we will notify you and the appropriate regulator as required by applicable law.

10. International Data Transfers

Personal data is primarily stored on Google Cloud servers in the Asia region. Where data is transferred outside India (e.g., for AI inference, analytics, or backup), such transfers are governed by:

• Google Cloud Data Processing Addendum and Standard Contractual Clauses;
• Restrictions under the DPDP Act, 2023 regarding cross-border transfers; and
• Equivalent contractual safeguards with all sub-processors.

11. Your Rights

Subject to applicable law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete information.
• Request erasure of your personal data, subject to legal and contractual retention requirements.
• Withdraw consent for optional processing at any time.
• Restrict or object to certain processing activities.
• Receive a copy of your data in a portable format, where technically feasible.
• Nominate another person to exercise these rights in the event of your death or incapacity (DPDP Act, 2023).
• Lodge a complaint with the Data Protection Board of India or another competent supervisory authority.
• Disable notifications and biometric login from your device or in-app settings.
• Clear locally cached app content from in-app settings or by uninstalling the app.

To exercise these rights, email privacy@digri.ai. We will respond within the time period required by applicable law (typically 30 days). If you registered through an Institution, certain requests may need to be routed through the Institution as the primary Data Fiduciary.

12. Children’s Privacy

Digri.ai is primarily designed for users aged 18 and above. For users below 18 (e.g., school students), the Platform is provided only through the Institution, which is responsible for obtaining verifiable parental or guardian consent in accordance with the DPDP Act, 2023 and other applicable laws.

We do not knowingly collect personal data directly from a child without such consent. We do not perform targeted advertising, behavioural tracking, or profiling of minors. If you believe we have inadvertently collected information from a child without proper consent, contact privacy@digri.ai and we will delete it promptly.

13. Cookies and Tracking (Web)

Our web platform uses:

• Strictly necessary cookies for login sessions, security, and core functionality.
• Analytics cookies (e.g., Google Analytics, Firebase) to understand usage patterns. These can be disabled in your browser settings.
• Preference cookies to remember UI choices.

We do not use cookies for advertising or for selling data to third parties.

The mobile app does not use cookies or web analytics.

14. Third-Party Links and Services

The Platform may contain links to third-party websites (e.g., GitHub, LeetCode, HackerRank). Their privacy practices are governed by their own policies. We encourage you to review them before sharing personal data.

15. Grievance Officer & Contact

For questions, complaints, or to exercise your rights under this Policy or applicable laws, contact:

16. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or product features. The “Last Updated” date at the top of this document indicates the latest revision. Material changes will be notified through the Platform, by email, or via in-app notification. Continued use of the Services after such notice constitutes acceptance of the updated Policy.

17. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts in Coimbatore, Tamil Nadu, India.