Privacy Policy

Last updated: March 27, 2026

Effective Date: March 27, 2026

Introduction

Welcome to Studyix ("we," "our," or "us"). We operate the Studyix quiz platform and mobile application (collectively, the "Service"). We are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

This Privacy Policy complies with Google Play Store User Data & Privacy policies and applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and applicable Indian data protection regulations.

1. Information We Collect

1.1 Personal Information You Provide

When you register for an account or use our Service, we collect the following personal information:

  • Account Information: Name, email address, and password (stored in encrypted form using bcrypt hashing)
  • Contact Information: Phone number (optional), UPI ID for payment processing
  • Profile Information: Profile image, bio, date of birth, gender, location, website, and social media links (all optional)
  • Preferences: Language preferences (English or Hindi), account settings, and notification preferences

1.2 Authentication Information

We support multiple authentication methods:

  • Email/Password Authentication: Email address and encrypted password
  • Google OAuth: When you sign in with Google, we receive your name, email address, and profile picture from Google
  • OTP Verification: We send and verify one-time passwords (OTPs) via email for account verification and password reset
  • Two-Factor Authentication: If enabled, we store encrypted two-factor authentication secrets

1.3 Financial Information

For payment processing and wallet management:

  • Wallet Balance: Your wallet balance and transaction history
  • Payment Information: Payment method details are processed securely through Razorpay (our payment gateway provider). We do not store your full credit card or bank account numbers
  • Transaction Records: Payment transaction IDs, order IDs, payment status, amounts, and timestamps
  • Withdrawal Information: UPI ID for processing wallet withdrawals

1.4 Activity and Usage Data

We automatically collect information about your use of our Service:

  • Quiz Data: Quiz registrations, quiz answers, scores, rankings, time taken, completion status, and performance analytics
  • Course Data: Course enrollments, lesson progress, completion status, and access timestamps
  • Rewards Data: Rewards earned, vouchers claimed, and coin balance
  • Analytics Data: Performance trends, quiz completion statistics, streaks, and comparative analytics

1.5 Device and Technical Information

We collect technical information to provide and improve our Service:

  • IP Address: Your IP address is logged for security, fraud prevention, and analytics purposes
  • Device Information: Device type, operating system, browser type, and device identifiers
  • Log Data: Access logs, error logs, and system logs containing timestamps, request URLs, and error messages
  • Session Information: Session tokens, login timestamps, last login IP address, and session duration

1.6 Cookies and Local Storage

We use cookies and local storage technologies:

  • Session Cookies: HTTP-only session cookies (next-auth.session-token) for authentication, stored for up to 30 days
  • CSRF Tokens: CSRF protection tokens for secure state-changing operations
  • Local Storage: Client-side storage for user preferences, theme settings, and cached data
  • Redis Cache: Server-side temporary storage for quiz session data and performance optimization

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our quiz platform, course delivery, and educational services
  • Account Management: To create and manage your account, authenticate your identity, and process your registration
  • Payment Processing: To process payments, manage your wallet balance, handle withdrawals, and maintain transaction records
  • Quiz and Course Delivery: To register you for quizzes, deliver quiz questions, track your progress, calculate scores, and display leaderboards
  • Communication: To send you notifications about quizzes, contests, course updates, achievements, rewards, and important account information via email (using AWS SES)
  • Personalization: To personalize your experience, provide relevant content, and recommend quizzes and courses based on your activity
  • Analytics and Improvement: To analyze usage patterns, track performance metrics, identify trends, and improve our Service functionality and user experience
  • Security and Fraud Prevention: To detect, prevent, and address technical issues, security threats, fraud, unauthorized access, and other malicious activities
  • Legal Compliance: To comply with legal obligations, respond to legal requests, enforce our Terms of Service, and protect our rights and the rights of our users
  • Customer Support: To respond to your inquiries, provide customer support, and resolve technical issues

3. Data Storage and Security

3.1 Data Storage

Your data is stored in the following systems:

  • MySQL Database: Primary database for user accounts, quiz data, course enrollments, transactions, and all persistent application data
  • Redis Cache: Temporary storage for quiz session data, performance optimization, and caching
  • AWS S3: Cloud storage for study materials, course videos, profile images, and other media files
  • Local Storage: Client-side browser storage for user preferences and cached data

3.2 Security Measures

We implement industry-standard security measures to protect your personal information:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS 1.2+ protocols
  • Password Security: Passwords are hashed using bcrypt with salt rounds before storage. We never store passwords in plain text
  • Session Security: Authentication sessions use JWT tokens stored in HTTP-only cookies with SameSite protection to prevent CSRF attacks
  • CSRF Protection: All state-changing operations require CSRF tokens to prevent cross-site request forgery
  • Access Controls: Strict access controls, authentication requirements, and role-based permissions for sensitive operations
  • Rate Limiting: API rate limiting to prevent abuse and unauthorized access attempts
  • Input Validation: Comprehensive input validation and sanitization to prevent injection attacks
  • Security Monitoring: Continuous security monitoring, logging of security events, and automated threat detection
  • Regular Updates: Regular security audits, dependency updates, and security patches

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

4. Third-Party Services and Data Sharing

We do not sell your personal information. We may share your information with the following third-party service providers to operate our Service:

4.1 Payment Processing

  • Razorpay: We use Razorpay as our payment gateway to process payments, manage payment orders, and handle payment verification. Razorpay receives payment information (amount, order details, payment method) but does not receive your full credit card or bank account numbers. Razorpay's privacy policy applies to their processing of payment data. You can review Razorpay's privacy policy at https://razorpay.com/privacy

4.2 Cloud Infrastructure

  • AWS (Amazon Web Services): We use AWS services including:
    • AWS S3: For storing study materials, course videos, and media files
    • AWS SES: For sending transactional and notification emails
    • AWS SQS: For processing background jobs and email queues
    AWS processes data on our behalf and is bound by their data processing agreements.

4.3 Authentication Services

  • Google OAuth: When you sign in with Google, Google receives authentication requests and provides us with your name, email, and profile picture. Google's privacy policy applies to their processing. You can review Google's privacy policy at https://policies.google.com/privacy

4.4 Other Disclosures

We may also disclose your information in the following circumstances:

  • Legal Requirements: If required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity
  • With Your Consent: When you explicitly consent to such sharing

5. Cookies and Local Storage

We use cookies and similar tracking technologies to:

  • Session Management: Maintain your authentication session using HTTP-only cookies (next-auth.session-token) with a 30-day expiration
  • Security: Store CSRF tokens to protect against cross-site request forgery attacks
  • Preferences: Remember your language preferences, theme settings, and other user preferences
  • Performance: Cache data locally to improve application performance and reduce server load
  • Analytics: Track usage patterns and improve our Service (we do not use third-party analytics cookies like Google Analytics)

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our platform, including authentication and session management.

Note: Our authentication cookies are essential for the Service to function. Disabling cookies will prevent you from logging in or maintaining your session.

6. Your Privacy Rights

You have the following rights regarding your personal information:

  • Right to Access: Request access to your personal data and receive a copy of the data we hold about you
  • Right to Rectification: Update or correct inaccurate or incomplete information through your account settings or by contacting us
  • Right to Erasure: Request deletion of your account or specific data types. See Section 7 for details
  • Right to Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format
  • Right to Object: Object to processing of your personal data for certain purposes
  • Right to Withdraw Consent: Withdraw consent for data processing where processing is based on consent
  • Right to Restrict Processing: Request restriction of processing of your personal data in certain circumstances

To exercise these rights: You can update your profile information through your account settings, or contact us at contact@studyix.com. For account deletion requests, visit our Account Deletion page.

7. Account Deletion and Data Retention

You can request deletion of your account or specific data types at any time:

  • Full Account Deletion: Delete your entire account and all associated data, including profile information, quiz data, course enrollments, transaction history, and analytics data
  • Partial Data Deletion: Delete specific data types (e.g., profile information, quiz answers, course progress) while keeping your account active

Data Retention: For legal and compliance purposes, some data may be retained for up to 30 days after a deletion request. This includes transaction records required for financial compliance. After this period, all data will be permanently removed from our systems, except where we are required to retain data by law.

Request Account or Data Deletion

8. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13 years of age. If you are a parent or guardian and believe that your child under 13 has provided us with personal information, please contact us immediately at contact@studyix.com. If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete such information from our servers promptly.

If you are between 13 and 18 years of age (or the age of majority in your jurisdiction), you represent that you have your parent's or guardian's permission to use our Service and to provide us with your personal information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We use third-party cloud services (AWS) that may process data in various locations. By using our Service, you consent to the transfer of your information to these countries. We take appropriate measures to ensure that your data receives an adequate level of protection, including through contractual safeguards and compliance with applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top of this page
  • Sending you an email notification (if you have provided an email address)
  • Displaying a prominent notice on our Service

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of our Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: contact@studyix.com

Website: https://studyix.com

Privacy Policy URL: https://studyix.com/privacy

Account Deletion: https://studyix.com/account-delete

Response Time: We aim to respond to all privacy inquiries within 30 days. For urgent matters, please include "URGENT" in your email subject line.

© 2026 Studyix. All rights reserved.

This Privacy Policy is compliant with Google Play Store User Data & Privacy policies.

Privacy Policy | Studyix