Legal

Privacy Policy

Last updated: May 29, 2026

This Privacy Policy describes how Wivme ("Wivme", "we", "us") collects, uses, and protects information when you or your child uses our mobile applications, websites, and related services (collectively, the "Service"). It is written to be readable by students, parents, and teachers — not just lawyers.

1. Who we are

Wivme is a Bengaluru-based education technology company building a post-class retention layer for K-12 students. The full legal entity name will be confirmed before public launch; for questions or grievances during the pilot, please contact us at hello@wivmeai.com.

2. What information we collect

We collect only what we need to operate Wivme and report on student progress.

From students (school-onboarded)

  • Name, login ID (system-assigned), grade, section, board
  • Password (stored as a one-way bcrypt hash; never visible to us in plaintext)
  • School affiliation (the school that onboarded the student)
  • Learning activity inside Wivme — episodes listened, quiz answers, completion timestamps, retention state
  • Device information for support — device model, operating system version, app version
  • Basic diagnostic data — crash reports, error logs (no message content)

From direct (B2C) students and parents

  • Parent name, email, phone number (for messaging)
  • Child name, grade, board, school name
  • Verification token sent during sign-up
  • Same in-app activity data as listed above

From teachers (school-onboarded)

  • Name, email, password hash
  • Class assignments (which sections / standards they teach)
  • Dashboard activity logs

From website visitors (pilot, waitlist & school-enquiry forms)

  • Parents: the parent's name, email, and phone number, plus the child's name, grade, and board, submitted through our pilot or waitlist forms — used only to contact you about the Wivme pilot and launch.
  • Schools: the school name, the contact person's name and role, email, phone, board, and approximate student count, submitted through our school-enquiry form — used only to discuss bringing Wivme to your school.
  • We do not store your IP address or browser fingerprint alongside these submissions, and we never use them for advertising.

What we do NOT collect

  • We do not collect location data
  • We do not access photos, contacts, microphone, or camera unless you explicitly grant a permission for a specific feature in a future release (none today)
  • We do not share data with third-party advertisers
  • We do not profile students for behavioural advertising

3. Why we collect it

The data above is collected to:

  • Operate the Wivme platform (let students log in, play episodes, take quizzes)
  • Compute retention state (whether a concept is "strong", "decaying", etc.) and surface it to the teacher dashboard + parent app
  • Send parent-facing summaries (e.g., weekly retention reports) over WhatsApp once DLT registration is approved
  • Debug crashes and improve content based on aggregate retention patterns
  • Verify direct (B2C) parent sign-ups

4. How we share data

We do not sell data. We do not share data with advertisers. We share data only with the following categories of subprocessors, strictly for operating the Service:

  • Hosting (Render): our backend application servers run on Render.
  • Database (Neon): our primary Postgres database.
  • Audio storage (AWS S3, Mumbai region): hosts the episode audio files served to the app.
  • Email (Resend): sends transactional confirmation emails for pilot, waitlist, and school-enquiry submissions.
  • WhatsApp messaging (via WATI): sends parent-facing notifications and weekly retention summaries once WhatsApp updates are enabled for your account.
  • Crash reporting (Sentry): aggregated, anonymised error reports that help us fix bugs.

Each of these subprocessors is bound by their own privacy and data protection terms. We use them strictly to deliver the Service and not for any purpose unrelated to Wivme.

5. Children's data (users under 18)

Wivme is built primarily for K-12 students, the majority of whom are under 18. We treat children's data with the additional care required by India's Digital Personal Data Protection Act (DPDP Act 2023).

  • Parental or guardian consent: for students under 18, we rely on the consenting parent or legal guardian (or, for school-onboarded students, on the school's parental-consent framework) before processing the child's personal data.
  • No behavioural advertising or third-party profiling: we never use a child's data for advertising, and we do not allow third-party advertising networks inside the Service.
  • No public profile: a student's learning data is visible only to that student, their linked parent/guardian, their assigned teacher, and Wivme staff for support/operations.
  • Opt-out: the parent or guardian may at any time request that we stop processing the child's data and delete the account — see Section 8.

6. Data retention

We retain personal data for as long as the account is active. When an account is deleted (by the user, parent, or school), we retain a minimal audit copy for up to 6 months to handle billing disputes, support escalations, and statutory record-keeping. After that window, the personal data is permanently deleted from our primary systems. (Note: final retention windows will be confirmed during legal review.)

Anonymised, aggregated data (e.g., "the average Grade 8 Science retention rate across all schools was X%") may be retained indefinitely for research and product-improvement purposes.

7. Where we store data

Wivme's primary infrastructure is being configured to run in India (Render and Neon both offer India regions). Until that configuration is complete, data may transit through servers in other regions. We do not sell or rent personal data across borders, and we do not engage in cross-border profiling.

8. Your rights

Under the DPDP Act 2023 and the Information Technology Act, 2000 (IT Act), you (or the consenting parent/guardian for a minor) have the following rights regarding personal data:

  • Right to access — request a summary of what personal data we hold about you or your child. On request to our Data Protection contact (Section 12), we can provide a machine-readable export of your child's account, progress, goals, and consent record.
  • Right to correction — ask us to correct factual mistakes
  • Right to erasure — request deletion of the account and associated personal data
  • Right to grievance redressal — file a complaint with our Grievance Officer (Section 12)
  • Right to withdraw consent — withdraw consent for data processing; we will then stop processing and delete data, subject to legitimate retention obligations

To exercise any of these rights, write to hello@wivmeai.com from the email address registered to the account (or from the consenting parent's registered address for a minor's account). We will respond within 7 days and resolve the request within 30 days.

9. Security measures

We use industry-standard safeguards to protect your data:

  • All traffic is encrypted in transit via HTTPS (TLS 1.2+)
  • Passwords are hashed with bcrypt — never stored in plaintext
  • Authenticated sessions use signed JSON Web Tokens (JWT) with limited lifetimes
  • Admin access to the production database is role-gated and audit-logged
  • Daily database backups are retained with a 7-day rolling window (planned pre-pilot)

No system is perfectly secure. If you become aware of a security issue with the Service, please notify us at hello@wivmeai.com — we treat responsible disclosure with priority.

10. Cookies and tracking

Our marketing website uses only the minimum cookies necessary to operate the site. We do not use third-party advertising cookies. We may add a privacy-respecting analytics tool (such as Plausible Analytics, which does not use cookies and does not track individual users) in a future release — if we do, this section will be updated.

11. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you via the app or by email if you have an active Wivme account. Continued use of the Service after a material change indicates acceptance of the updated Policy.

12. Contact and grievance redressal

For any privacy-related question, concern, or grievance, please contact:

General contact: hello@wivmeai.com
Data Protection / DPDP requests (access, export, deletion, consent withdrawal): bhargav@wivmeai.com
Subject line: "Privacy / DPDP request"
Response time: within 7 working days; full resolution within 30 days where reasonably possible

A named Grievance Officer (per DPDP Act 2023 Section 13 / IT Act Rule 5) will be designated before public pilot launch. Until then, bhargav@wivmeai.com is the interim point of contact for all data-protection matters.