Privacy Policy
Privacy Policy
Last Updated: February 28, 2026
Version: 2.0
1. Introduction and Scope
1.1. This Privacy Policy ("Policy") explains how Param Innovations Private Limited ("Company", "we", "us", "our"), operating the Param AI™ platform ("Service"), collects, uses, processes, stores, shares, and protects your Personal Data when you use the Service.
1.2. This Policy applies to all users of the Service, including students (aged 13 and above), parents and guardians, schools and educational institutions, counselors, and authorized administrators.
1.3. By using the Service, you consent to the practices described in this Policy. If you do not agree with this Policy, you must not use the Service.
1.4. This Policy is compliant with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 and rules thereunder, and other applicable Indian laws.
2. Data Fiduciary Identity
2.1. Under the DPDP Act, 2023, the Data Fiduciary responsible for your Personal Data is:
2.2. The Company acts as a Data Fiduciary for all Personal Data collected directly from users. Where an Institutional User administers assessments, the institution acts as an independent Data Fiduciary for the student data it causes to be collected.
3. Key Principles
We process your Personal Data in accordance with the following principles:
4. Information We Collect
4.1. Information You Provide
4.2. Information Collected Automatically
4.3. Behavioral Assessment Telemetry
To improve assessment accuracy and detect response manipulation, we collect:
Purpose: This telemetry is used exclusively for (a) improving the psychometric accuracy of your Report, (b) detecting and preventing assessment manipulation or fraud, and (c) enhancing assessment quality. This data is never shared with third parties, employers, schools, or used for advertising.
4.4. Institution-Provided Data
If your school or institution uses Param AI™, they may provide:
5. Purposes of Processing
We process your Personal Data for the following specific, lawful purposes:
| Purpose | Lawful Basis (DPDP Act) |
|---------|------------------------|
| Delivering assessments and generating Reports | Performance of contract; Consent |
| Creating and managing your account | Performance of contract |
| Authenticating users and maintaining security | Legitimate use; Legal obligation |
| Improving assessment models and platform reliability | Legitimate use (anonymized/aggregated data) |
| Detecting and preventing fraud, manipulation, and abuse | Legitimate use; Legal obligation |
| Providing customer support | Performance of contract |
| Complying with legal obligations (tax, audit, law enforcement) | Legal obligation |
| Communicating service updates, changes, and notices | Legitimate use; Performance of contract |
| Generating aggregated, anonymized research and analytics | Legitimate use |
We do NOT:
6. Consent Mechanism
6.1. We obtain your consent through clear, affirmative action (e.g., checking a consent box, clicking "I Agree") before collecting or processing your Personal Data.
6.2. Consent is:
6.3. Consequences of withdrawal: Withdrawing consent for essential processing (e.g., assessment delivery) may result in inability to use certain features. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
6.4. We maintain records of all consents obtained, including the version of Terms and Privacy Policy accepted, the timestamp, and the manner of consent.
7. Children's Data (DPDP Act Section 9)
7.1. The DPDP Act, 2023 defines a "child" as an individual under 18 years of age. We treat all users under 18 as children for data protection purposes.
7.2. Verifiable Guardian Consent: Before processing Personal Data of any user under 18, we require verifiable consent from a parent or legal guardian, obtained through:
7.3. Prohibited practices for children's data:
7.4. Guardian rights: Parents and guardians may at any time:
Such requests should be directed to dpo@paramai.in and will be processed within 30 days.
8. Data Sharing
We share your Personal Data only in the following circumstances:
8.1. Service Providers (Data Processors)
We engage trusted service providers who process data on our behalf under strict contractual obligations:
| Provider Type | Purpose | Data Shared |
|--------------|---------|-------------|
| Cloud hosting provider | Infrastructure and storage | All data (encrypted at rest and in transit) |
| Email delivery service | Transactional emails, notifications | Email address, name |
| Analytics provider | Platform performance and usage analytics | Anonymized/pseudonymized usage data only |
| Payment gateway | Payment processing | Payment information (we do not store card details) |
All service providers are bound by data processing agreements requiring them to process data only on our instructions and implement appropriate security measures.
8.2. Institutional Administrators
For institution-managed accounts, authorized administrators at the student's school or institution may access:
8.3. Legal Obligations
We may disclose Personal Data when required by:
8.4. Corporate Transactions
In the event of a merger, acquisition, restructuring, or sale of assets, your Personal Data may be transferred to the successor entity, subject to the same protections described in this Policy. We will provide notice of any such transfer.
9. Cross-Border Data Transfers
9.1. Your Personal Data is primarily stored and processed in India.
9.2. Certain service providers (cloud hosting, email delivery) may process data in jurisdictions outside India.
9.3. Where Personal Data is transferred outside India, we ensure compliance with Section 16 of the DPDP Act, 2023, including:
9.4. We do not transfer Personal Data to jurisdictions that the Central Government has restricted under the DPDP Act.
10. Data Retention
We retain your Personal Data for the following periods:
| Data Type | Retention Period | Reason |
|-----------|-----------------|--------|
| Account information | Duration of account + 30 days after deletion request | Service delivery; dispute resolution |
| Assessment responses and Reports | 7 years from generation | Educational record retention; legal compliance; audit |
| Behavioral telemetry data | 2 years from collection | Assessment quality improvement |
| Audit and integrity logs | Permanent (hash chain only; no Personal Data) | Data integrity verification |
| Consent records | 10 years from collection | Legal compliance; evidentiary purposes |
| Payment records | 8 years from transaction | Tax and financial compliance |
| Support communications | 3 years from last interaction | Service improvement; dispute resolution |
| Anonymized/aggregated analytics | Indefinite | Research; platform improvement |
10.2. After the retention period expires, Personal Data is securely deleted or irreversibly anonymized.
10.3. Certain data may be retained beyond the stated periods if required by law, court order, or ongoing legal proceedings.
11. Your Rights as a Data Principal
Under the DPDP Act, 2023 and other applicable laws, you have the following rights:
11.1. Right to Access
You may request confirmation of whether we process your Personal Data and obtain a summary of the data we hold about you.
11.2. Right to Correction
You may request correction of inaccurate or misleading Personal Data. We will update the data within 15 days of receiving a valid request.
11.3. Right to Erasure
You may request deletion of your Personal Data. Upon receiving a valid request:
11.4. Right to Grievance Redressal
You may file a complaint with our Grievance Officer (see Section 15) or escalate to the Data Protection Board of India.
11.5. Right to Nominate
Under Section 14 of the DPDP Act, you may nominate another individual to exercise your rights in the event of your death or incapacity.
11.6. How to Exercise Your Rights
Submit requests to: dpo@paramai.in
12. Cookies and Local Storage
12.1. We use cookies and local storage for the following purposes:
| Type | Purpose | Duration |
|------|---------|----------|
| Essential/Session | Authentication, session management, CSRF protection | Session |
| Functional | Language preferences, theme settings, assessment progress | Persistent (up to 1 year) |
| Performance | Page load times, error monitoring | Persistent (up to 1 year) |
| Analytics | Aggregated usage statistics (anonymized) | Persistent (up to 2 years) |
12.2. We do not use advertising or tracking cookies.
12.3. You can manage cookies through your browser settings. Disabling essential cookies may prevent core features from functioning.
13. Data Security
13.1. We implement technical and organizational measures to protect your Personal Data, including:
13.2. No absolute guarantee. Despite our best efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
13.3. Your responsibility. You are responsible for maintaining the security of your account credentials and the devices you use to access the Service.
14. Data Breach Notification
14.1. In the event of a confirmed Personal Data breach, we will:
14.2. We maintain a breach register documenting all incidents, their impact, and remedial actions.
15. Grievance Officer
In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDP Act, 2023:
Grievance Officer:
If you are unsatisfied with the resolution, you may escalate your complaint to the Data Protection Board of India under the DPDP Act, 2023.
16. Policy Updates
16.1. We may update this Policy from time to time. Material changes will be communicated through:
16.2. The "Last Updated" date at the top of this Policy reflects the most recent revision.
16.3. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.
17. Contact Us
For privacy-related requests, questions, or concerns:
---
By using Param AI™, you acknowledge that you have read, understood, and consent to the collection, processing, and use of your Personal Data as described in this Privacy Policy, in accordance with the Digital Personal Data Protection Act, 2023.