This Privacy Policy explains how Veridian AI India Private Limited (“ Veridian,” “we,” “us”) collects, uses, stores, and shares personal data in connection with TeachPilot and related websites and services. It is written to reflect how the product actually works today, including authentication, multi-tenant school workspaces, learning content, analytics, and AI-assisted authoring tools.
If you use TeachPilot through a school, college, or other institution, that institution typically decides why and how educational data is processed in its workspace. Section 2 explains those roles.
1. Scope
This Policy applies to:
- The marketing site at https://teachpilot.in (including demo requests)
- The application at https://lms.teachpilot.in
- APIs, AI services, notifications, and infrastructure under the teachpilot.in domain family that power the Service
It does not cover third-party sites linked from the Service (for example, an institution’s own website or an external terms URL configured by an organization), except for subprocessors we engage to run the Service.
2. Who is responsible for your data
2.1 Veridian as service operator
Veridian AI India Private Limited, headquartered in Vijayawada, Andhra Pradesh, India, operates TeachPilot. For account infrastructure, product security, platform analytics we control, marketing site inquiries, and our own business records, Veridian determines the purposes and means of processing and acts as a data fiduciary / controller as applicable under law.
2.2 Institutions as primary decision-makers for classroom data
When a school or college creates an organization workspace, invites staff and students, runs courses, grades work, and configures retention-related administrative choices, that organization typically acts as the primary data fiduciary / controller for personal data it places in its workspace. Veridian processes that Customer Content to provide the Service on the organization’s instructions (as a data processor / service provider), subject to these Terms, this Policy, and any commercial agreement.
2.3 Your relationship
If you are a student or teacher, many day-to-day requests (access, correction of grades, classroom content removal) should start with your institution. You may always contact Veridian at privacy@teachpilot.in; we will guide or coordinate with the organization when required.
3. Personal data we collect
Depending on how you use the Service, we process categories such as the following.
3.1 Identity and account data
- Name and email address
- Email verification status and last login method
- Password credentials stored as secure password hashes (we do not store plaintext passwords)
- Optional profile fields such as profile image, headline, bio, and links
- OAuth account identifiers when you connect Google or Microsoft sign-in
- Passkey credentials and two-factor authentication secrets and backup codes (stored for authentication only)
- Platform or organization role indicators and ban status if applied
3.2 Organization and membership data
- Organization name, slug, branding (logo/banner), and configuration metadata
- Membership, department, status, roles, custom roles, and permissions
- Invitations (including invitee email, names, role, and invitation metadata)
- Terms acceptance timestamps when an organization requires them
- Optional organization support email and external terms URL
3.3 Education and learning data (Customer Content)
- Courses, modules/units, lessons, content blocks (articles, PDFs, presentations, video references, embeds, downloads, quizzes, assignments)
- Enrollments, roles within courses, progress, scores, and completion
- Assignment submissions and assessment responses; activity and live-quiz participation (including display names, answers, and scores)
- Collaborative activity data (for example whiteboard/jamboard state in live sessions)
- Discussion/chat messages, attachments metadata, calendar events, RSVPs, and reminders
- Organization analytics aggregates (such as active days and course view activity used in admin insights)
3.4 Communications and notifications
- Notification preferences (for example email and web push; other channels may appear in settings as they become available)
- Web push subscription endpoints stored for delivery
- Transactional email content we send (password reset, invitations, digests, and similar)
- Notification logs and in-app notification records needed to deliver and troubleshoot messages
3.5 Technical, security, and usage data
- Session records including token digests, approximate IP address, user agent, and expiry
- Security rate-limit and challenge data for login, password reset, passkey, and two-factor flows
- Audit events (actor identity, action, resource, IP/user agent, change metadata) for organization accountability
- Product analytics events and diagnostics (see Section 7 and the Cookie Policy)
- Server error diagnostics (configured to avoid capturing secrets)
3.6 Marketing and demo inquiries
- When you request a demo on the marketing site: name, email, designation, and university/institution name, sent to our sales team
3.7 Local device data
The apps may store non-essential preferences on your device (for example theme, accessibility, last login method hint, video resume position, or calendar UI state) using browser storage. See the Cookie Policy.
4. Sources of data
- You, when you register, update a profile, submit work, message others, or contact us
- Your organization, when it invites you, assigns roles, enrolls you in courses, or imports content
- Identity providers you choose (Google, Microsoft) for sign-in profile basics
- Automated systems, such as security logs, analytics, and infrastructure telemetry
- Integrations you or teachers trigger, such as fetching a URL into an editor, searching stock covers, or exporting Google Slides for caching in course content storage
5. How we use personal data
| Purpose | Examples |
|---|---|
| Provide the Service | Authentication, course delivery, progress tracking, live activities, chat, calendar, notifications, file storage |
| Secure the Service | Session management, rate limiting, captcha, compromised-password checks, abuse investigation, audit logging |
| Operate organizations | Multi-tenant isolation, roles/permissions, invitations, admin tools |
| Communicate | Transactional email, optional digests, product notices, respond to demo and support requests |
| Improve the product | Aggregated usage analysis, reliability monitoring, feature development (including privacy-preserving analytics practices) |
| AI assistance | Curriculum extraction/outline generation from content you submit to those features |
| Legal and business | Enforce Terms, comply with law, protect rights, corporate transactions |
Where India’s Digital Personal Data Protection Act, 2023 applies, we rely on lawful grounds available under that Act and other applicable law—including providing a requested service, compliance with law, employment/education contexts mediated by institutions, and legitimate uses consistent with the purpose for which data was provided—while requiring free, specific, informed, unconditional, and clear consent where consent is the appropriate basis.
6. AI processing
When authorized users invoke AI features (for example uploading a course document to extract prerequisites, objectives, and a syllabus structure, or generating a unit/lesson outline), relevant content is processed through our controlled AI pipeline and supporting providers for document understanding and model inference.
Do not submit content to AI features that you are not permitted to process. Institutions should avoid including unnecessary sensitive personal data in prompts or source documents. AI outputs should be reviewed by educators before instructional use.
8. International processing
TeachPilot is operated from India and delivered on global cloud infrastructure. Personal data may be processed in India and in other countries where our subprocessors operate (for example analytics or model providers). Where cross-border transfers are restricted by law, we use appropriate contractual and organizational measures and process data only as needed to provide the Service.
9. Retention
We retain personal data only as long as needed for the purposes above:
- Account and organization data — for the life of the account/organization relationship and a reasonable period thereafter for backups, disputes, and legal compliance
- Sessions and security logs — for session lifetime and limited security retention windows
- Customer Content — until deleted by authorized users or the organization, or as required under a commercial agreement after offboarding
- Demo inquiries — for sales follow-up and related business records
- Backups and disaster recovery — for limited rolling periods inherent to infrastructure
Self-serve full account deletion and portable data export are not yet exposed as end-user product features in all cases. Contact privacy@teachpilot.in (and your institution, where applicable) to request deletion or export; we will respond in accordance with applicable law and technical feasibility.
10. Security
We implement technical and organizational measures appropriate to the risk, including encryption in transit (HTTPS), access-controlled cloud storage, hashed passwords, HttpOnly session cookies, CSRF protections, role-based access control, optional two-factor authentication and passkeys, rate limiting, and security-focused HTTP headers. Details are described on our Security page. No method of transmission or storage is 100% secure; please use strong authentication and report suspected incidents promptly.
11. Your rights
Subject to applicable law (including the DPDP Act, 2023 where it applies) and the role of your institution, you may have rights to:
- Access personal data we hold about you
- Correct inaccurate personal data
- Request erasure or restriction in certain circumstances
- Withdraw consent where processing is consent-based
- Nominate a contact for certain rights exercises, where required by law
- Grievance redressal for privacy concerns
In-product controls available today include updating profile information, changing password or email (with verification), managing passkeys and two-factor authentication, reviewing/revoking sessions, adjusting notification preferences, and signing out.
To exercise rights that are not available in-product, email privacy@teachpilot.in. We may need to verify your identity and, for workspace data, coordinate with your organization.
12. Children and students
TeachPilot is built for educational institutions that may enroll minors. Institutions are responsible for using the Service in line with applicable rules for student data, parental consent, and school policies. We do not condition a child’s participation on providing more personal data than needed for the educational Service. Parents or guardians should contact the school first for classroom data issues, and may contact us at privacy@teachpilot.in for platform privacy concerns.
14. Changes to this Policy
We may update this Policy to reflect product, legal, or operational changes. We will revise the effective date and, for material changes, provide additional notice where appropriate. Continued use of the Service after an update means you acknowledge the revised Policy.
15. Contact and grievance
Privacy contact / grievance officer (platform)
Veridian AI India Private Limited
Vijayawada, Andhra Pradesh, India
Email: privacy@teachpilot.in
Legal: legal@teachpilot.in
Please include enough detail for us to identify your account or organization workspace. We aim to acknowledge privacy requests promptly and resolve them within timelines required by applicable law.
Effective 1 May 2026.
Last updated 1 May 2026.