This Privacy Policy describes how Kalvy AI collects, uses, stores, and discloses personal information when you use our website, browser application, and related learning services (collectively, the “Service”).
This policy applies globally and is intended to align with applicable laws including the Digital Personal Data Protection Act, 2023 (India), the General Data Protection Regulation (EU/EEA), the California Consumer Privacy Act as amended by CPRA (California, USA), and the Children's Online Privacy Protection Act (USA).
1. Scope and Applicability
Kalvy AI provides AI-assisted learning and exam preparation features, including topic learning, Socrative mode, Notes, and Subject Workspace. This policy applies to all users globally. Kalvy AI acts as a Data Fiduciary (India), Data Controller (EU), and Business (California) as those terms are defined under applicable law.
2. Information We Collect
We collect information in the following categories:
- Account information: name, email address, login details, role, and profile preferences.
- Service and learning inputs: prompts, chat messages, selected subjects, session history, and generated outputs.
- Upload content: notes images, screenshots, handwritten notes, PDF files, extracted text, and related metadata.
- Billing and transaction information: subscription status, plan, and payment transaction details shared by our payment processors.
- Technical and usage data: device type, browser type, IP address, pages visited, session telemetry, and error logs.
- Information from third parties: single sign-on providers, institutions, and user referrals where applicable.
Please do not upload unnecessary sensitive personal data (for example, government ID numbers, account passwords, or health records) unless explicitly required for a product workflow.
3. How We Use Information
- Deliver core product functionality and account management.
- Process Notes and Workspace uploads for OCR and study features.
- Generate AI responses, summaries, quizzes, and guided learning.
- Manage subscriptions, billing, and service communications.
- Detect abuse, unauthorized access, and policy violations.
- Comply with legal obligations and respond to lawful requests.
- Improve product quality, reliability, and safety analytics.
We may use aggregated or de-identified datasets for service development, reporting, and performance analysis.
4. Cookies and Tracking Technologies
We use cookies and similar technologies for authentication, security, preference storage, and usage analytics. You may control cookies through browser settings. Disabling essential cookies may affect functionality.
Our services may not respond to browser do-not-track signals in all environments.
5. AI and OCR Processing
Our services process user content using internal systems and approved third-party AI and OCR service providers. This may include transmission, temporary storage, parsing, classification, and generation of outputs.
AI-generated content may be inaccurate, incomplete, or outdated. You are responsible for reviewing outputs before relying on them for exams, assignments, or professional decisions.
6. Notes and Workspace Files
Notes images, screenshots, handwritten uploads, and Workspace PDFs are treated as private to your account by default. We do not intentionally publish or expose your private study files to other users.
We do not share your uploaded notes or subject PDFs with other users unless you explicitly initiate sharing functionality, or where disclosure is required for legal compliance, safety, or core service operations.
You must upload only content you own or are authorized to use. You are solely responsible for ensuring that uploaded PDFs, screenshots, and notes comply with copyright, institutional policy, and applicable law.
7. Retention and Deletion
We retain personal data for as long as necessary for service delivery, compliance, dispute handling, fraud prevention, and security. You may request deletion, subject to legal and operational retention duties.
8. Disclosure of Information
We do not sell personal information for monetary consideration.
We may disclose data to:
- Cloud, hosting, analytics, and infrastructure providers.
- AI and OCR subprocessors required to provide requested features.
- Payment processors and billing service providers.
- Affiliates, advisors, auditors, and legal consultants.
- Regulators, law enforcement, or courts when legally required.
- A successor entity in a merger, acquisition, restructuring, or sale.
Where vendors process personal data for us, we require contractual safeguards appropriate to the nature of the processing.
9. Data Security
We use reasonable technical and organizational controls including encryption in transit, access controls, monitoring, and audit logging. No internet transmission or storage environment is fully risk-free.
10. Children's Privacy
Kalvy AI is designed for students, including minors. We do not knowingly allow children under 13 to register without parental consent. Our registration flow enforces a minimum age of 13.
COPPA (USA): We do not knowingly collect personal information from children under 13 in the United States without verifiable parental consent. If you are a parent or guardian and believe your child under 13 has created an account without your consent, please contact us at support@kalvy.ai and we will delete the account and associated data promptly.
GDPR (EU): For users in the EU/EEA, we require consent from the holder of parental responsibility for children under 16 (or such lower age as permitted by the applicable member state).
DPDP (India): For child users in India (under 18), we rely on verifiable parental consent before processing their personal data and do not conduct behavioural monitoring or targeted advertising directed at children.
Uploaded study materials belonging to children are processed only for the stated purpose of AI-assisted learning and are not shared with other users or used for commercial profiling.
11. Privacy Rights — India (DPDP Act 2023)
If you are located in India, subject to applicable law you may:
- Access and obtain a summary of personal data processed about you.
- Correct, update, or erase inaccurate or outdated information.
- Withdraw consent where consent is the legal basis.
- Raise grievances and seek redressal with our Grievance Officer.
- Nominate another person to exercise rights where permitted.
- Request a portable copy of your data via Settings → Download My Data or by contacting us.
12. Privacy Rights — European Union (GDPR)
If you are located in the EU or EEA, you have the following rights under the General Data Protection Regulation. We process your personal data on the lawful bases of contract performance (account and service delivery), legitimate interests (security, fraud prevention, analytics), and consent (cookies, marketing).
- Right of access: Obtain confirmation that we process your data and a copy of that data.
- Right to rectification: Correct inaccurate or incomplete personal data.
- Right to erasure (“right to be forgotten”): Request deletion of your personal data where no overriding legal ground applies.
- Right to restriction: Ask us to restrict processing in certain circumstances.
- Right to data portability: Receive your data in a structured, machine-readable format. Use Settings → Download My Data.
- Right to object: Object to processing based on legitimate interests, including profiling.
- Right to withdraw consent: Where processing is based on consent, you may withdraw at any time without affecting prior lawful processing.
- Right to lodge a complaint: You may file a complaint with your local EU data protection authority.
To exercise any right, email support@kalvy.ai with subject line “GDPR Request”. We will respond within 30 days.
13. Privacy Rights — California (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you the following rights.
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to delete: Request deletion of personal information we hold about you, subject to legal exceptions.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt out of sale or sharing: We do not sell or share personal information for cross-context behavioural advertising as those terms are defined under CCPA/CPRA. No opt-out is needed for current practices, but you may contact us to confirm.
- Right to non-discrimination: We will not discriminate against you for exercising any CCPA right.
- Right to limit use of sensitive personal information: We do not use sensitive personal information beyond what is necessary to provide the service.
To submit a California privacy request, email support@kalvy.ai with subject line “California Privacy Request”. We will respond within 45 days.
14. Cross-Border Transfers
Data may be stored or processed outside your country of residence where necessary for service operations (for example, on Google Cloud infrastructure). We apply appropriate transfer safeguards, including Standard Contractual Clauses where required under GDPR, and act in line with applicable legal requirements.
15. Third-Party Services and Links
Our services may include links or integrations with third-party services. Their privacy practices are governed by their own policies, not this Privacy Policy.
15a. Policy Changes
We may update this policy from time to time. Material changes will be communicated through the platform or by other appropriate means. Your continued use after a material update constitutes acceptance of the revised policy.
16. Contact and Grievance Redressal
For privacy requests, grievances, or data protection concerns, contact:
- Kalvy AI Support Team
- Email: support@kalvy.ai
Use the following subject lines for faster routing:
- India / DPDP requests: “Grievance - Privacy”
- EU / GDPR requests: “GDPR Request”
- California / CCPA requests: “California Privacy Request”
- Children's data / COPPA: “COPPA - Minor Data”
We aim to acknowledge all valid requests promptly and resolve them within the timelines required by applicable law. Additional details such as registered office address and designated Grievance Officer will be published in this section as required by law.