Privacy Policy

    LAST UPDATED MAY 19, 2022
    Think and Learn Private Limited (BYJU’s) is the developer of LearnStation, an educational tablet personalized for your child, providing a physical to digital experience (what we call a “Phy-gital Experience”) aimed at keeping your child immersed and engaged in learning. As your child learns with LearnStation, BYJU’s (“we,” “our” or “us”) is committed to protecting the personal information of both you and your child through our compliance with this Privacy Policy.
    This Privacy Policy describes how we collect, use and share information about you and your child as well as your rights and choices about such collection, use and sharing. All references to “children” or “child” in this Privacy Policy shall mean children under 16 years of age, and all references to the term “parent” shall include legal guardians. This Privacy Policy applies to LearnStation, the LearnStation operating system (“LearnOS”), and the website via which you may order LearnStation (collectively, the “Services”).
    Please read this policy in its entirety, including our Children’s Privacy Policy section, before using our Services. The Children’s Privacy Policy will control over any conflicting provisions in our general Privacy Policy as it concerns children’s data. If you do not agree with our policies and practices, your choice is not to use the Services and to not permit your Child to use the Services. By accessing or using the Services, you agree to this Privacy Policy.
    Please note that apps that may be preinstalled on LearnStation (“Preinstalled Apps”) or that you can download to your LearnStation (collectively, the “Apps”) all relate to learning and play (the “BYJU’s Learning Experience”) and are intended for families and users of all ages. These Apps are covered by separate privacy policies, which you should read fully. Specifically, the Preinstalled Apps may be included with LearnStation, and are subject to their own terms of use and privacy policies:
    (a)
    BYJU’S Future School
    (b)
    Tynker
    (c)
    Epic
    (d)
    Disney BYJU’s Early Learn
    (e)
    OSMO Apps

    Information We Collect

    Information You Provide when Ordering LearnStation

    Your Child’s Information
    When you order the BYJU’s Learning Experience through the Services you may provide information about one or more children (“Child Information”), such as:
    • Nickname
    • IP address
    • Gender
    • Age
    This Child Information is the only information collected by the LearnStation and LearnOS about your child. This Child Information may be used by the LearnStation operating system to configure LearnStation, apply over the air updates and provide support and other services.
    We use the IP address only for activities necessary to provide, maintain or analyze the Services; perform network communications; protect the security or integrity of the user and the Services; or ensure legal or regulatory compliance. We do not combine the IP address with other information to personally identify your child, so it is considered non-identifying.
    Your Personal Information
    When ordering the BYJU’s Learning Experience you may be required to provide your personal information (“Personal Information”), such as:
    • Name
    • Contact information (e.g., phone number, address, email address)
    • Payment information
    • Electronic communication data (e.g., IP address)
    Upon ordering the BYJU’s Learning Experience, you will receive a default device passcode (“Pin”) for LearnStation via email. This Pin will be provided exclusively to you so you can set up LearnStation for your child. Your Pin should remain secret and not disclosed to your child. You may change the Pin in the LearnStation parent zone and a copy of the Pin may be communicated to us for storage with your Personal Information.
    Other information you may affirmatively provide to us is generally maintained along with Personal Information. You can choose not to provide any information that is affirmatively requested of you. However, this may limit your ability to use the Services.
    User-generated content that you create on the Services may include Personal Information.
    In addition to collecting information via the Services, with your consent we may collect information from you when you communicate with us over the phone, email, or other channels. This information may include Personal Information. This information may be matched with and stored in connection with Personal Information provided or collected in connection with the Services. You can choose not to provide any information with us when you communicate over these channels. However, this may limit your ability to use the Services and/or our ability to provide support.

    Pre-stored Device Information

    Unique information about your LearnStation will be stored on your device, such as your device’s MAC addresses, operating system version information, unique system component identifiers, and so forth (collectively, “Device Information”). Examples include:
    • Cellular and internet service provider;
    • Internet browser information;
    • Operating system information;
    • Preferred language;
    • Software version numbers; and
    • Hardware model information.
    The Device Information may be unique to your LearnStation but cannot be used by us to determine the identity of your child based on the Child Information we collect. However, it can be considered your Personal Information.

    Information Collected upon Receiving Support

    At times you may require support with your LearnStation. Support is provided remotely, during which you will grant temporary remote access to and control of your device. Any remote session may only be initiated with your consent and any Personal Information collected during the support session will not be persisted upon conclusion of the session.

    Information Can Be Collected by the Apps

    It is important to note that, while LearnStation and LearnOS do not collect personal information about your child, the Apps may collect and process personal information about your child. For example, your child may input information into the Apps or the apps may use the sensors and software interfaces of the LearnStation and LearnOS to gather information about your child as they use the BYJU’s Learning Experience. This privacy policy does not cover the Apps so it is important that you review the privacy policies of those Apps so that you understand what personal information they may collect and process.

    Information Collected Automatically

    The LearnOS may log file information and other access and error-related information. These logs may include information that can be used to diagnose and address software bugs, performance, and hardware failure issues that may arise from time to time.
    We do not use cookies to collect personal information about you; however, we do use persistent and session cookies. A persistent cookie remains on your hard drive after you close your browser and may be used by your browser on subsequent visits to the Services. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Your browsing information constitutes Personal Information.

    How We Use Your Information

    Purposes

    We may use your Personal Information we collect for a variety of purposes, including:
    • To operate the Services, monitor the effectiveness of the Services, improve the content of the Services, and improve layout and design.
    • To allow BYJU’s and third-parties to provide Apps.
    • To help provide you with a smooth, efficient user experience.
    • To monitor, analyze, and describe usage patterns and performance of the Services.
    • To secure the Services.
    • To conduct system administration and system troubleshooting and to diagnose or fix technology problems.
    • To comply with legal requirements and processes (for example, in response to subpoenas, court orders, and law enforcement or governmental requests or investigations), and to protect our legal rights or the rights of others (for example, by working to reduce the risk of fraud or misuse of the Services).
    • To enforce our Terms of Use or other policies or agreements.
    • For marketing and advertising purposes, including, for example, custom audience creation, lookalike modeling, targeted advertising, and tracking the effectiveness of our marketing and advertising efforts.
    • In connection with an unusual business transaction, such as the bankruptcy or liquidation of, sale of, purchase of, or merger with our business or another business.

    Data Retention

    We will retain the Personal Information and Child Information for as long as is reasonably necessary in relation to the purposes for which this data was collected. In many instances, we will retain your data while it is necessary for the use of the Services, which may include maintaining this information beyond when you cease using the Services.
    For instance, BYJU’s may retain users’ data for the following purposes:
    • To develop new features and improve the Services;
    • To support subsequent customer service inquiries;
    • To improve the safety and security of the Services; or
    • Comply with our legal obligations.

    How We Share Your Information

    Personal and Child Information

    We may share the Personal Information or Child Information we receive with our affiliates for any of the purposes described in this Privacy Policy.
    We never rent, sell, or share your Child Information with independent third parties, and we do not rent, sell, or share your Personal Information with independent third parties for their direct marketing purposes unless we have your permission.
    We may share your Child Information and Personal Information with business affiliates and third parties (“Other Entities”) to provide Apps and features for the BYJU’s Learning Experience.
    We may also share your Personal Information with our vendors, service providers, agents, representatives, and contractors (“Service Providers”) so they can provide us with support services and other features, which include:
    • Google.   LearnOS is based on Google’s Android operating system which comes equipped with standard software such as Google’s Chrome browser.
    • Foxconn.   We use Foxconn to assist with the development of LearnStation hardware and firmware.
    • Memfault.   We use Memfault for device bug reports.
    • Redstone.   We use Redstone to help us with upgrades of LearnOS.
    • Scalefusion.   We use Scalefusion for mobile device management activities like restricting Play Store, apps and website access, and publishing applications to devices.
    Generally, we limit the information provided to these Service Providers to that which is reasonably necessary for them to perform their functions, and we require them to agree to maintain the confidentiality of such information. If you would like more information on any of these categories or specific recipients, please contact us at [email protected].

    Links To Third Parties or Third-party Content

    The Services may contain features or links to websites and services provided by third parties. Any information you provide on third-party websites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Services. We are not responsible for the content or privacy and security practices and policies of third-party websites or services to which links or access are provided through the Services. We encourage you to learn about third parties’ privacy and security policies before providing them with information.

    Anonymized Information

    We may use and share anonymized information (such as anonymous usage data, device information, logs, etc.) with interested third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Services.
    Without limiting the foregoing, in our sole discretion, we may use or share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use or share your Personal Information, please see Your Rights and Choices below.

    Instances Where We are Required to Share Your Personal Information

    BYJU’s will disclose your Child Information and Personal Information where required to do so by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Use or to protect the security or integrity of our Services; and/or (c) to exercise or protect the rights, property, or personal safety of BYJU’s, our users or others. It is our policy to provide notice to our users before producing their Personal Information in response to law enforcement requests unless (i) we are prohibited by law or court order from doing so, (ii) we have reason to believe the user’s account has been compromised such that the notice would go to the wrong person, or notice would otherwise be counterproductive or would create a risk to safety, or (iii) it is an emergency request and prior notice would be impractical (in which case we may provide notice after the fact).

    What happens in the event of a change of control

    We may buy or sell/divest/transfer the company (including any shares in the company), or any combination of our products, services, assets and/or businesses. Your Child Information and Personal Information may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such Child Information and Personal Information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company.

    Important Information for California Users

    California law grants additional privacy rights to California residents. In particular, the California Consumer Privacy Act (“CCPA”) requires businesses to disclose, for the past 12 months, (i) the categories of personal information collected, (ii) the sources of the collected personal information, (iii) the purposes for which the collected personal information is used, (iv) the categories of personal information disclosed for a business purpose, and (v) the categories of any personal information sold. BYJU’s provides these disclosures in the following table. (Note that BYJU’s does not sell any personal information, even under the broad CCPA definition of a “sale.”)
    CategorySources of CollectionPurposes of CollectionDisclosures for a Business Purpose
    IdentifiersWebsite visits, creation of accounts and registration for BYJU’s products and servicesFor customer registration, to enable BYJU’s to provide and improve its products and services and to allow BYJU’s to communicate with youTo BYJU’s service providers to assist in providing the Services
    Personal information categories listed in the California Customer Records statuteRegistration to receive BYJU’s products and servicesTo enable BYJU’s to provide its products and services and to allow BYJU’s to communicate with youTo BYJU’s service providers to assist in providing the Services
    Commercial informationPurchase of BYJU’s products and servicesTo provide BYJU’s products and services to customers and maintain purchase historyTo BYJU’s service providers to assist in providing the Services
    Internet or other electronic network activityYour browsing and search history on our website and other interaction with our websiteTo improve the visitor experience on our website, diagnose server problems and administer our websiteTo third-party analytics services providers for the purpose of enhancing, supporting, promoting, and improving the Services
    Geolocation dataYour IP addressTo provide support and updates, secure the Services, determine approximate location, and other similar usesTo BYJU’s service providers to assist in providing the Services
    California residents also have the rights described below. We will not discriminate against any California resident who exercises these rights.
    Right to access/know your information. You may request from us a list of (i) the personal information that we have collected about you, and (ii) the categories of third parties to whom we have disclosed your personal information. You have the right to up to two (2) access requests each twelve (12) months.
    Right to delete your information. You may request, at any time, that we delete your information and direct our service providers to delete your information from their records.
    If you are aged 16 years or younger, please refer to Section II of this Privacy Policy.
    If you would like to make a request regarding your rights under the CCPA, you can contact us by email at [email protected] or by sending us a letter at
    Think and Learn Private Limited
    4/1, Tower D, 2nd Floor, IBC Knowledge Park, Bannerghatta Main Road, Bangalore – 560029, Karnataka, India
    To ensure the privacy and protection of individuals, we are required to verify your identity (or that of your authorized agent) or otherwise authenticate your request(s), which we will do in accordance with the CCPA regulations. Please note that, under the CCPA, we are not required to grant a request to access/know or a request to delete with respect to personal information obtained from you in your role as an employee, owner, director, officer or contractor of a company and within the context of BYJU’s providing its services to such company.
    Additionally, we comply with the California Student Online Personal Information Protection Act (Cal. Bus. & Prof. Code § 22584) and do not:
    • Engage in targeted advertising towards K-12 students based upon any information that we have acquired because of such student’s use of the Services.
    • Use information gathered by our Services to amass a profile of any K-12 students.
    • Sell K-12 students’ information.
    • Disclose information about a K-12 student, except as required by law or as described in this Privacy Policy.

    Important Information For European, United Kingdom, or Brazilian Users

    The Services are not intended for use in the European Union (EU), the United Kingdom (UK), or Brazil (BR). If you are located in the EU, UK, or BR, please discontinue using our Services immediately.

    Individual Rights

    BYJU’s makes certain choices available to you when it comes to your personal data. Please review the below information outlining your choices and how to exercise them. We will respond to all requests within a reasonable timeframe.

    Your Choices About Your Information

    You may, of course, decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Services. You may update, correct, or delete your profile information and preferences at any time by accessing your account preferences page in the Services or contacting us at [email protected]. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. To update, correct, or delete any other Personal Information, please see the Individual Rights section below for more information.
    Please be aware that if you opt-out of receiving communications from us or otherwise modify the nature or frequency of communications you receive from us, it may take up to ten business days for us to process your request, and you may receive communications from us that you have opted-out from during that period. Additionally, even after you opt-out from receiving messages from us, you will continue to receive administrative communications from us regarding the Services.

    Review and Update Your Data

    You have the right to access and update any personal data that we have collected. Some personal data, such as the account holder’s name and email address can be found and updated using the account management tools provided by the Services. For any personal data beyond this, please submit a request using the contact information at the end of this section. We may request more information to confirm your identity before modifying any personal data.

    Delete Your Data

    You also have the right to have your personal data deleted. This is sometimes known as the ‘right to be forgotten’. To request that we delete all personal data about you, please submit a request using the contact information at the end of this section. We may request more information to confirm your identity before deleting any personal data.
    You must submit a request using the below information if you wish to delete all personal data from our system.
    After you delete your personal data from our services, we may not immediately delete residual copies from our active servers and may not immediately remove data from our backup systems, for archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. We may also decline to honor this request in certain specific situations, such as if the data is necessary to comply with a legal obligation or to exercise/defend a legal claim.

    Restrict Processing

    You have the right to restrict how we process your personal data in certain circumstances. In some ways, this is an alternative to requesting the erasure of your data. Rather than requesting we erase all of your personal data, you may request that we limit our uses of your personal data to specific purposes. You may wish to request we restrict our processing if you contest the accuracy of your personal data and we are working to verify this information, or if you want us to retain your personal data in connection to a legal claim but cease processing it.

    Data Portability

    You have the right to obtain copies of your information in a structured, commonly used format that permits you to move your data between our Services and the services of others. We may request more information to confirm your identity before providing any personal data.

    Right to Object

    You have the right to object to the processing of your personal data for direct marketing purposes or when our processing of your data is based on legitimate interests. You may request that we stop processing your personal data for direct marketing purposes. This is an absolute right and we cannot refuse this request. Beyond direct marketing, if you wish to exercise this right, you must give specific reasons why you object to our processing of your data, based on your particular situation. Even after receiving such a request, we may continue processing if it is necessary for the exercise/defense of a legal claim or if we can demonstrate a compelling legitimate ground for the processing.
    If any request made under this section is manifestly unfounded or excessive, we may reject the request or require a reasonable fee to honor the request. If we decide to reject your request, we will inform you of the reasons for not taking action and provide information on other possible remedies. If we decide that a reasonable fee is necessary, we will promptly inform you and will comply with the request upon receipt of this fee.

    Contact for Individual Rights Requests

    Please use the below information when submitting a request to exercise any of the above rights. Please do not submit requests across multiple communications channels. We will make all efforts to respond to your request within a reasonable timeframe.

    Email

    [email protected]

    Physical Mail

    4/1, Tower D, 2nd Floor, IBC Knowledge Park, Bannerghatta Main Road, Bangalore – 560029, Karnataka, India
    You can contact BYJU’s Data Protection Officer at [email protected] with any privacy-related requests or questions.

    Toll-Free Telephone

    1866-545-7011

    How We Protect Your Information - Security and Passwords

    BYJU’s takes what it believes to be commercially reasonable physical, electronic, and procedural safeguards to protect Personal Information. However, since no security system is impenetrable and “perfect security” does not exist on the Internet, we cannot guarantee the security of Personal Information or Browsing Information.
    You are responsible for maintaining the confidentiality of your Pin and account, and we will attribute activities that occur using your account information (e.g., through the use of your password or Pin) to you. If you suspect that your Pin, password, or other information has been compromised, contact us immediately at [email protected].

    Email and Recommendation Communications That We May Send

    We may send you, or you may elect to sign up to receive emails or other communications from us. To help us understand whether we are providing information of interest to you, we may include software code or other tracking technologies in our emails to monitor whether you opened a particular email, whether you have clicked on the images and/or links in the email, the date and time the message was opened, and whether your computer is capable of receiving HTML-based email. We endeavor to allow you to unsubscribe at any time from our email programs by clicking on the unsubscribe link at the bottom of any email message. We reserve the right to send you service announcements or similar administrative messages, without offering you the opportunity to opt out of receiving them.

    Compromise of Personal Information

    In the event that Personal Information is compromised as a result of a breach of security, BYJU’s will promptly notify those persons whose Personal Information has been compromised, in accordance with the notification procedures set forth in this Privacy Policy, or as otherwise required by applicable law. In the event that we or our Services suffers a data security breach that requires us to provide you with notice, such as under applicable law, you consent to allow us to provide you with such notice by sending an email to the primary email address that is associated with your account.

    Notification Procedures

    It is our policy to provide notifications, whether such notifications are required by law or are for marketing or other business-related purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on the Services, as determined by BYJU’s in its sole discretion. We reserve the right to determine the form and means of providing notifications to you, provided that you may opt out of certain means of notification as described in this Privacy Policy.

Children’s Privacy Policy

    Protecting the privacy of children is especially important. All references to “children” or “child” in this Children’s Privacy Policy shall mean children under 16 years of age, and all references to the term “parent” shall include legal guardians.
    BYJU’s makes commercially reasonable efforts to ensure its Services comply with the Children’s Online Privacy Protection Act (“COPPA”).
    We require your verifiable parental consent in order for your children to use and access the Services. When you purchase the Services, you certify that you are the parent or guardian of the children and are providing your consent for those children to use the Services. To provide the Services, we may collect personal information from you and your child as outlined in this policy. We encourage parents and teachers to supervise their child or student’s use of the Services.
    As your child uses the Services, we may collect the following Information, as outlined above:
    • Your child’s nickname.
    • An IP address, which permits providing support and updates, and uniquely identifying your LearnStation.
    • Gender
    • Your Device Information, such as device ID and information about your version of LearnOS.
    Additionally, Apps may be provided with or installed via the Services, as noted elsewhere in this policy, to provide the BYJU’s Learning Experience. The Apps may collect, process, and store personal information locally and/or transmit that information to cloud infrastructure. LearnStation includes device information, sensors, and software interfaces that the Apps may use to collect personal information from you or your child. The Apps are governed by separate privacy policies and terms of use, which must be consented to by you prior to their use.

    Accessing and Correcting Your Child’s Personal Information

    At any time, you may review your child’s personal information maintained by us, require us to correct or delete the personal information, and/or refuse to permit us from further collecting or using the child’s information.
    You can review, change, or delete your child’s personal information by:
    • Logging into your child’s account and visiting the account profile page.
    • Sending us an email at [email protected]
    To protect your privacy and security, we may require you to take certain steps or provide additional information to verify your identity before we provide any information or make corrections.

    Educational Institutions

    If the Services are being used by a school and/or teacher (the “Educational Institution”) with students that are under 16 years of age, such Educational Institution agrees that it has reviewed our Terms of Use and our Privacy Policy, and must provide verifiable consent to the collection, use, and disclosure as described in the Privacy Policy. BYJU’s may request personal information about your child from your child, parents, guardians, and/or teachers. We collect only the minimum amount of information needed about students from teachers, and any such information is used only in connection with the Educational Institution’s use of the BYJU’s Learning Experience.

    Verifiable Consent is Required

    If you are under 16 years of age, then please do not use or access the Services at any time or in any manner unless we have received verifiable parental consent from your parent or guardian. If you are a parent or guardian and discover that your child under 16 years of age has obtained an account on the Services without your consent, then you may alert us at [email protected] and request that we delete that child’s information from our systems. A parent, guardian, or teacher can visit his or her account online at any time to delete any information and/or the account.

    kidSAFE

    LearnStation is certified by the kidSAFE Seal Program. The kidSAFE Seal Program is an independent safety certification service and seal-of-approval program designed exclusively for children-friendly websites and technologies, including kid-targeted game sites, educational services, virtual worlds, social networks, mobile apps, tablet devices, and other similar interactive services and technologies. Click on the seal or go to www.kidsafeseal.com for more information.

    FERPA

    The Family Educational Rights and Privacy Act (“FERPA”) protects personally identifiable information contained in students’ education records from unauthorized use or disclosure. We are committed to complying with FERPA. If you are an educational institution, or a teacher or school official at an educational institution, that is required to comply with FERPA, we will only use any education records (as defined under FERPA) that you may make available to us for the purpose of providing the Services to you and your students. We will never share or sell FERPA-protected information, or use it for any other purpose, commercial or otherwise, except as otherwise directed or permitted by you.
    If a parent or eligible student requests access to or deletion of any education records that are hosted on our servers, we will help facilitate such access or deletion. We will not retain student data beyond the time period required to support the authorized educational/school purpose, or as otherwise authorized by the parent or eligible student.
    In addition, we comply with the California Student Online Personal Information Protection Act and similar state laws aimed at protecting student data. In particular, we do not:
    • Engage in targeted advertising towards K-12 students based upon any information that we have acquired because of such student’s use of the Services.
    • Use information gathered by our Services to amass a profile of any K-12 students.
    • Sell K-12 students’ information.
    • Disclose information about a K-12 student, except as required by law or as described in this Privacy Policy.

    General

    Updates to Our Privacy Policy

    We reserve the right to update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” at the top of this Privacy Policy. We encourage you to check this page periodically for any updates. If you continue to use the Services following the posting of an updated version of this Privacy Policy, we will treat your continued use as acceptance of the updated version.
    If we make material changes to this Privacy Policy, we may notify you more prominently. If we affect the way we handle personal information collected from children users (if applicable), we will first notify and obtain verifiable consent of a parent or legal guardian.