Legal

Privacy Policy

How Udesyo collects, uses, protects, and deletes data for students, library owners, and website visitors.

Last updated25 May 2026
Effective25 May 2026

1. Who We Are

Udesyo Technologies Pvt. Ltd. ("Udesyo", "we", "us") operates udesyo.com, the Udesyo Owner app, and the Udesyo Student app.

For India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), Udesyo is the Data Fiduciary for owner and student account data. Library owners are Data Fiduciaries for student data they collect through Udesyo, and Udesyo processes that data on their behalf.

2. Data We Collect

Library owners

  • Name, phone number, email address, and login information.
  • Library name, city, address, seat count, facilities, pricing, shifts, and operational records.
  • Payment records created in the app, including amounts, UPI references, and cash receipts.
  • Subscription and billing information processed through payment providers. Udesyo does not store card numbers.
  • Device tokens for push notifications and usage logs used to improve product reliability.

Students

  • Name, phone number, email, membership details, attendance, and study hours when collected by a library owner. Personal photographs are not collected by the owner app.
  • Exam target, subjects, study goals, timetable status, study sessions, resource usage, and progress signals when using the student app.

Website visitors

  • Standard server logs such as IP address, browser type, and pages visited.
  • We do not use advertising trackers or sell browsing data.

3. How We Use It

  • Provide and operate the Udesyo platform.
  • Run student timetable, library check-in, resource directory, attendance, payments, receipts, reminders, and reporting features.
  • Send OTP messages, push notifications, fee reminders, companion messages, and support responses.
  • Improve reliability and product quality using aggregate and anonymised analysis where possible.
  • Comply with legal obligations, prevent misuse, and resolve disputes.
We do not sell or rent personal data to third parties. We do not use student study data for advertising.

4. Who We Share It With

We share personal data only with the processors below, only to the extent necessary, and under written terms requiring them to protect it. We do not sell or rent personal data.

  • Firebase / Google (USA) — authentication, push notification delivery (FCM tokens), and reliability services.
  • Railway (Singapore region) — hosting and database operations for the Udesyo backend.
  • Cloudflare R2 (USA / EU edge) — storage of library logos and any future non-personal media. Personal photographs of students are not uploaded by the owner app.
  • Fast2SMS (India) — SMS delivery for one-time passwords. Only the recipient phone and the OTP code are transmitted.
  • OpenAI (USA) — limited text generation when AI features (flashcards, study planner, morning brief) are enabled. We minimise personal identifiers in AI requests.
  • Sentry (Germany / USA) — application error and crash diagnostics. We avoid sending request bodies that contain personal data.
  • Payment provider — when owner subscription billing is active, a licensed Indian payment aggregator processes payments. Udesyo does not store card numbers.
  • Law enforcement — only when required by valid legal process or Indian law.

Cross-border transfer notice (DPDP §17): some processors above are located outside India. We rely on these providers under written data-processing terms and will re-route processing to comply with any restrictions notified by the Central Government under the DPDP Act.

5. How Long We Keep It

  • Active account: data is retained while the account remains active.
  • Deleted account: records are soft-deleted on request and hard-erased from active databases within 30 days, except where Indian tax, accounting, or other applicable law requires longer retention.
  • Financial records: retained for the period required by Indian tax and accounting laws (currently up to 8 years under the Income-tax Act).
  • Audit logs: retained for up to 12 months for security and compliance purposes.
  • Device tokens (FCM): deleted or invalidated after logout, account deletion, or token expiry.
  • Server / security logs: retained for at least 180 days as required by the CERT-In Direction dated 28 April 2022.

6. Your Rights Under DPDP Act 2023

You may request access, correction, deletion, grievance redressal, and nomination as provided under applicable law.

  • Owners can update account and library details in the app or contact support.
  • Students whose data is held by a library should first contact the library owner. If the owner does not respond, contact Udesyo and we will help route the request.
  • Data requests can be sent to privacy@udesyo.com.

7. Security

  • Data in transit is protected with TLS.
  • OTP-based login is used instead of stored passwords.
  • Database credentials and API keys are kept as environment secrets.
  • Payment data is processed by payment providers and not stored as raw card data by Udesyo.

8. Children's Privacy (DPDP Act §9)

The DPDP Act, 2023 defines a child as a person under the age of 18 years. For users under 18, Udesyo and library owners must obtain verifiable consent of a parent or lawful guardian before processing their personal data.

  • At admission, the library owner is required to record the student's date of birth. If the student is under 18, the owner must capture the parent or guardian's name and phone number and confirm parental consent before the record is created.
  • We do not profile, track behaviour for advertising, or compute risk scores for users under 18. Engagement-based features (streaks, churn risk, study analytics) are excluded for minors.
  • If you believe a child's data has been collected without appropriate parental consent, contact privacy@udesyo.com and we will take reasonable steps to delete it within 30 days.

9. Grievance Officer & Contact

In accordance with the Digital Personal Data Protection Act, 2023 (§10) and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the following officer is appointed to receive and resolve grievances from users:

Grievance OfficerSapna Kumari
DesignationFounder, Udesyo
AcknowledgementWithin 24 hours
Resolution targetWithin 15 days

Other contacts

Privacy / data requestsprivacy@udesyo.com
General supportudesyo@gmail.com

If you are not satisfied with the resolution provided by our Grievance Officer, you may approach the Data Protection Board of India as established under the DPDP Act, 2023.

This policy may be updated periodically. Registered owners will be notified of material changes through email, app notification, or other reasonable channels.