Privacy and Data Protection Policy

Purpose, Scope, and Compliance

This Privacy and Data Protection Policy ("Policy") sets out how Kwickprep Education Services LLP ("Kwickprep" or "the Company" or "ThinkwithAI" - the brand of Kwickprep Education Services) collects, uses, stores, and protects personal data across all its operations.

It applies to all personal data processed by ThinkwithAI (brand of Kwickprep), whether relating to external users of our platforms, customers, business partners, or internal personnel (including employees and contractors).

The Policy is designed to comply with applicable Indian laws, including:

• Digital Personal Data Protection Act, 2023 ("DPDP Act")
• Information Technology Act, 2000 (together with relevant rules)
• Globally accepted privacy principles

All ThinkwithAI staff and any third parties handling personal data on our behalf are required to adhere to this Policy.

Relationship with Other Agreements

Wherever ThinkwithAI is party to a Master Service Agreement (MSA) or similar contract with a client, partner, or service recipient, the terms of that MSA regarding personal data processing shall govern in the event of any conflict with this Policy.

In particular, if an MSA allocates specific responsibilities or liabilities for data protection between ThinkwithAI and the other party, or provides additional safeguards, those MSA terms will take precedence. This Policy will otherwise apply to all data processing activities, unless expressly overridden by the MSA.

Data Protection Principles

ThinkwithAI handles personal data in accordance with core data protection principles:

Collection of Personal Data

ThinkwithAI collects personal data only by lawful and fair means and only to the extent necessary for its operational and business purposes.

Types of Personal Data Collected:

• Contact information (name, email, phone number)
• Identification details
• Professional or business information
• Usage data from our website or platform
• Education-specific data (coursework, assessments, attendance, guardian contacts)
• Any other data you voluntarily provide to us

Whenever feasible, personal data will be collected directly from the individual (data principal) concerned. Sensitive personal data (such as financial information, health information, etc.) is collected only when absolutely necessary and with appropriate safeguards and consents.

Use of Personal Data

Personal data collected by ThinkwithAI will be used solely for the purposes communicated at the time of collection or for closely related purposes. Such purposes may include:

• Providing and personalizing our services or platform features
• Performing our contractual obligations to clients and partners
• Communicating with individuals about our services and updates
• Improving and developing our products, including AI tools
• Marketing and promotional activities (only with consent)
• Compliance with legal obligations or regulatory requirements
• Protection of ThinkwithAI's legal rights or the safety of others

We will not use personal data for any new purpose that is incompatible with the original purposes unless we obtain fresh consent from the individual.

Lawful Bases for Processing and Consent

ThinkwithAI ensures that all processing of personal data is justified by a lawful basis. In most cases, the primary basis will be the informed consent of the data principal.

Consent Requirements:

• Obtained through clear affirmative action
• Free, specific, informed, and unambiguous
• Covering specific purposes of processing
• Right to withdraw consent at any time

In certain situations, ThinkwithAI may process personal data without explicit consent if an alternative lawful basis applies under applicable law (e.g., contract performance, legal obligation, legitimate interests).

Cookies and Tracking Technologies

To enhance user experience and analyze usage patterns, ThinkwithAI utilizes cookies and similar tracking technologies.

Types of Cookies Used:

• Essential Cookies: Required for core platform operations
• Analytical/Performance Cookies: Collect data to understand user interactions
• Functional Cookies: Store user preferences and settings
• Marketing Cookies: Track browsing to deliver relevant ads (with explicit consent)
• AI Interaction Logs: Store anonymized prompts to enhance AI accuracy

Student Tracking Controls:

For learner accounts, Marketing Cookies and third-party advertising pixels are disabled. Session-recording tools are anonymized and disabled for minors unless expressly authorized.

Disclosure of Personal Data to Third Parties

ThinkwithAI will not disclose or share personal data with any third party except as permitted by this Policy and applicable law.

Third-party disclosures may occur:

• To service providers who process data on our behalf under strict confidentiality
• To business partners as needed for providing services
• Where the data principal has explicitly consented
• If required by law or court order
• In connection with corporate transactions (merger, acquisition)

We will never sell personal data to third parties for their own marketing without explicit consent.

Cross-Border Data Transfers

ThinkwithAI may transfer personal data to jurisdictions outside of India. Any such cross-border transfer will be carried out in compliance with applicable laws and regulations.

We ensure that appropriate safeguards are in place (such as standard data protection clauses or adequacy decisions by authorities). We remain responsible for the protection of personal data during international transit and at the overseas destination.

Data Security Measures

ThinkwithAI implements appropriate technical and organizational security measures to protect personal data:

• Access control mechanisms for authorized personnel only
• Encryption of personal data in transit and at rest
• Secure development practices and regular security testing
• Firewalls, intrusion detection systems, and monitoring
• Periodic risk assessments and security audits
• Employee training on confidentiality and data protection

All security measures are periodically reviewed and updated to respond to evolving threats.

Data Retention and Deletion

ThinkwithAI retains personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with applicable legal requirements.

Once the applicable retention period expires, or if data becomes irrelevant, we will securely delete or anonymize the data. Data deletion includes removal from active systems and, where practicable, from backups and archives.

Data Subject Rights and Choices

Under this Policy and applicable law, individuals have the following rights:

To exercise your rights, please contact us using the information in the Grievance Redressal section.

AI, Automated Decision-Making, and Profiling

ThinkwithAI may use artificial intelligence (AI) or automated systems as part of its services. We ensure appropriate safeguards are in place:

Transparency of AI Usage:

We inform individuals when they are interacting with or subject to decisions significantly influenced by an AI system. AI-generated outputs are identified as such where relevant.

Limitations of AI Outputs:

AI-driven features may occasionally produce incorrect, incomplete, or biased results. These outputs are assistive in nature, and users should not rely on them as infallible. We advise discretion and human verification for important decisions.

Consent for Profiling:

We obtain user consent before using personal data for algorithmic profiling or fully automated decision-making that produces significant effects, except where legally permissible without consent.

High-stakes Academic Decisions:

AI-supported evaluations are advisory. Where outputs could materially affect a learner's academic standing, a human review will be available on request.

Data Breach Notification and Response

In the event of a personal data breach, ThinkwithAI will promptly activate its breach response procedures:

• Contain and investigate the incident
• Notify affected individuals if the breach is likely to result in significant harm
• Report to the Data Protection Board of India as required by law
• Take immediate steps to mitigate effects and prevent future occurrences
• Document all breaches and conduct root cause analysis

We are committed to full cooperation with regulatory agencies and transparent communication with users and clients.

Children's Data (Education Use)

Where the Service is used by learners under 18, ThinkwithAI will process personal data only:

• Under a valid contract with the educational institution acting as the data fiduciary/administrator, OR
• With verifiable parental/guardian consent captured and logged by ThinkwithAI or the institution

ThinkwithAI does not engage in behavioral advertising to minors, and non-essential cookies/trackers are disabled by default for accounts flagged as under 18.

Grievance Redressal

If you have any questions, concerns, or complaints about your personal data or this Policy, please contact us:

Grievance Officer / DPO

We will respond to your requests within the timeframes prescribed by law. If you are not satisfied with our response, you may escalate the complaint to the Data Protection Board of India or other appropriate authority.

Policy Updates

ThinkwithAI reserves the right to update this Privacy and Data Protection Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons.

Any material changes will be communicated through our website or other appropriate means. Your continued use of our services after such changes constitutes acceptance of the updated Policy.

We encourage you to review this Policy periodically to stay informed about how we protect your personal data.