Privacy Policy

Last Updated: 11th Feb, 2026

At Cognicampus, we are committed to protecting the privacy and security of the data entrusted to us by educational institutions, faculty, and students. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of your information when you access or use the Cognicampus platform.

This policy is designed to comply with applicable data protection laws in India, including the Digital Personal Data Protection Act (DPDP Act) where applicable, and respects the institutional governance model under which we operate.

1. Information We Collect

We collect information to provide and improve our services. This data is categorized as follows:

A. Institutional Data

Data provided by the subscribing institution to set up the academic environment:

  • Institution Profile: Name, address, accreditation details, and contact information.
  • Academic Structure: Programs offered, batches, curriculum details, and syllabus documents.
  • Operational Data: Academic calendar, exam schedules, and faculty assignments.

B. User Data

Personal information for individual account creation and management:

  • Identity Data: Full name, institutional ID number/roll number.
  • Contact Data: Institutional email address, and optionally phone number if required for MFA.
  • Role Data: Designation (Student, Faculty, Admin, Staff) and department affiliation.
  • Authentication Data: Encrypted passwords or Single Sign-On (SSO) tokens.

C. Academic Interaction Data

Data generated through regular use of the platform for learning purposes:

  • Learning Activity: Topics accessed, time spent on modules, and progress tracking.
  • Assessment Data: Quiz scores, assignment submissions, and performance analytics.
  • AI Interactions: Text queries sent to the AI Agent, doubts asked, and interaction logs. This is used strictly to provide academic support.
  • Feedback: Ratings or feedback provided on AI responses or course content.

D. Technical Data

Information automatically collected for system performance and security:

  • Device Information: IP address, browser type, operating system, and device identifiers.
  • Usage Logs: Login timestamps, page views, and navigation paths within the platform.
  • Cookies: Session cookies for authentication and preference settings. (See Cookies Policy).

2. Purpose of Data Collection

We process your data for specific, legitimate purposes:

  • Service Delivery: To provide the core functionality of the Cognicampus ERP and AI tutoring system.
  • Personalization: To tailor the AI Agent's responses to the specific syllabus and the student's learning pace.
  • Academic Analytics: To provide faculty and administrators with insights into student performance and syllabus coverage.
  • System Improvement: To analyze usage patterns to improve platform performance, fix bugs, and optimize AI models.
  • Security & Compliance: To detect and prevent fraud, unauthorized access, and ensure compliance with institutional policies and legal regulations.
  • Communication: To send important system notifications, updates, or academic alerts (e.g., assignment deadlines).

We strictly generally do not sell, rent, or trade your personal data to advertisers or third parties for marketing purposes.

3. AI Data Usage & Ethics

Our AI Agent is a core component of the platform. Here is how data interacts with our AI:

  • Contextual Processing: Student queries are processed in the context of the institution's uploaded syllabus to ensure accurate, curriculum-aligned answers.
  • Model Improvement: Anonymized interaction logs may be used to refine the quality and accuracy of our AI models.
  • Privacy by Design: Personal Identifiable Information (PII) is minimized when processing AI queries. We do not use sensitive personal data to train public foundation models ensuring your proprietary institutional knowledge remains secure.

4. Data Sharing & Disclosure

We may share data only under the following strict conditions:

  • With the Institution: Your data is visible to authorized faculty and administrators of your institution as per their governance roles.
  • Service Providers: We engage trusted third-party vendors for hosting (e.g., AWS, Google Cloud), database management, and email delivery. These vendors are contractually bound to protect your data and use it only for the agreed services.
  • Legal Requirements: We may disclose data if required by law, such as in response to a court order or government request within India.
  • Business Transfers: In the event of a merger or acquisition, user data typically is one of the transferred business assets but will remain subject to the promises made in any pre-existing Privacy Policy.

5. Data Storage & Security Measures

We employ industry-standard security practices to protect your data:

  • Encryption: Data is encrypted in transit using tls 1.2+ (HTTPS) and at rest using AES-256 encryption standards.
  • Access Control: Strict Role-Based Access Control (RBAC) ensures users only access data permitted by their role.
  • Database Security: We utilize Row-Level Security (RLS) policies to ensure data isolation between different institutions and users.
  • Regular Audits: We conduct periodic security assessments and vulnerability scans.

Despite these measures, no digital transmission is completely secure. We encourage users to maintain strong passwords and report any suspicious activity.

6. Data Retention Policy

We retain personal data only for as long as necessary:

  • Active Accounts: Data is retained for the duration of the institution's active subscription.
  • Account Termination: Upon termination of the agreement with the institution, we will delete or anonymize data within a specified period (typically 90 days), unless required to be retained by law.
  • BACKUPS: Data in backup archives may be retained for a slightly longer period for disaster recovery purposes but will remain encrypted and securely stored.

7. Student Privacy (Minors)

Cognicampus is an institution-first platform:

  • Authorization: Access for students under 18 is granted solely under the authority and consent of the educational institution.
  • Guardian Rights: Parents/Guardians should contact the institution directly to exercise any rights regarding their child's data.
  • No Direct Targeting: We do not directly market to students or minors.

8. User Rights

Subject to the policies of your institution, you have the following rights:

  • Right to Access: View the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data (subject to institutional records retention policies).
  • Right to Grievance Redressal: Report privacy concerns to our Grievance Officer.

Since Cognicampus acts as a Data Processor for the Institution (Data Fiduciary), most requests should be directed to your institution's administration.

9. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify institutions of material changes, and the "Last Updated" date at the top of this policy will be revised. Continued use of the platform after such changes constitutes acceptance of the new policy.

10. Contact Information

For any questions or concerns regarding this Privacy Policy or our data practices, please contact us:

Email: hello@cognicampus.com
Website: https://cognicampus.com