2 / 6
Kriyon Group Private Limited ("Kriyon", "we", "us", "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your personal data across all our platforms and ventures — Kriyon Group, RepixelX Studio, OneLink, and Edova — and explains your rights under Indian law.
This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDPA 2023").
01Information We Collect
1.1 — Identity & Contact Data
When you engage our services, register on any of our platforms, or contact us, we collect: full name; business or company name; email address; phone number; postal address; GSTIN (for B2B invoicing purposes); job title or designation; and any other information you voluntarily provide through forms, emails, or project briefs.
1.2 — Financial & Transaction Data
For billing and invoicing purposes, we collect: payment transaction records and invoice history; bank transfer references; GST-related billing information. Kriyon Group Private Limited does not store, process, or have access to full debit/credit card numbers, CVV codes, or banking passwords. All card-based payments are processed exclusively through PCI-DSS-compliant third-party payment gateways, and the financial data resides solely with those gateways.
1.3 — Technical & Usage Data
When you visit our websites or use our platforms (particularly OneLink and Edova), we automatically collect: IP address; browser type and version; device type and operating system; pages visited and time spent; referring URL; session data and interaction logs; and performance analytics data. This data is collected through cookies, log files, and analytics tools such as Google Analytics.
1.4 — Platform-Specific Data (Edova)
On the Edova platform specifically, we collect: academic preferences and exam selections; quiz attempts, scores, and performance metrics; AI-interaction data including questions generated and answered; personalised learning path data; and session activity within the platform. This data is used to power personalised learning and improve our AI models, and is processed in anonymised or pseudonymised form wherever possible.
1.5 — Communication Data
We retain records of all written communications with you — emails, project briefs, feedback messages, and support tickets — for operational, legal, and dispute-resolution purposes.
02How & Why We Use Your Data
| Purpose | Legal Basis | Details |
|---|---|---|
| Service Delivery | Contractual necessity | To execute projects, deliver platforms, and fulfil our contractual obligations |
| Invoicing & Tax Compliance | Legal obligation | GST invoicing requires name, address, and GSTIN; retained for 8 years per tax law |
| Platform Operation | Legitimate interest | To operate, maintain, and improve OneLink and Edova platforms |
| AI Model Improvement (Edova) | Consent / Legitimate interest | Anonymised usage data improves question quality and learning path recommendations |
| Communications | Contractual necessity | Project updates, approvals, invoices, and support communications |
| Legal Protection | Legal obligation / Legitimate interest | To preserve records for dispute resolution, legal proceedings, or regulatory compliance |
| Marketing (if opted in) | Consent | Updates about new services — only to users who have explicitly opted in |
| Analytics & Performance | Legitimate interest | Understanding website usage to improve user experience |
We do not use your personal data for any purpose not listed above without your explicit prior consent.
03Data Sharing & Third Parties
We share your data only with the following categories of trusted service providers, strictly on a need-to-know basis and subject to data processing agreements:
- Cloud Infrastructure Providers: Our platforms are hosted on reputable cloud providers (such as AWS or equivalent). These providers process data only as directed by us and have no independent right to use your data.
- Payment Gateways: Third-party payment processors (such as Razorpay, PayU, or equivalent) process transaction data. They operate under their own privacy policies and are independently compliant with financial data regulations.
- AI API Providers: For Edova's AI functionality, anonymised content is processed through AI APIs. No personally identifiable information is shared with AI providers.
- Legal & Professional Advisors: Our lawyers, chartered accountants, and compliance advisors may access relevant data strictly for professional services delivery and are bound by professional confidentiality obligations.
- Analytics Tools: Aggregated, non-personally identifiable analytics data may be processed by tools such as Google Analytics to understand website usage.
- Government & Regulatory Authorities: We may disclose personal data to law enforcement agencies, courts, or government bodies when required by law, court order, or to protect our legal rights.
Any third-party service provider that receives personal data from us is contractually required to maintain confidentiality, process data only as instructed, and implement appropriate security measures.
04Data Security
Kriyon Group Private Limited implements industry-standard security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. Our security practices include: encrypted data transmission (HTTPS/TLS); access control and role-based permissions for internal systems; regular security assessments of our platforms; and secure, access-restricted data storage on cloud infrastructure.
Notwithstanding these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to implementing all reasonable and proportionate measures. In the event of a data breach that is likely to adversely affect your rights, we will notify you as required by applicable law.
05Your Rights as a Data Principal
Under the Digital Personal Data Protection Act, 2023 and applicable Indian law, you have the following rights with respect to your personal data held by Kriyon:
- Right to Access: You may request a summary of the personal data we hold about you and how it is being processed.
- Right to Correction: You may request correction of any inaccurate or incomplete personal data we hold about you.
- Right to Erasure: You may request deletion of your personal data, subject to limitations arising from legal, contractual, financial, or regulatory obligations. Data required for active legal proceedings, pending invoices, or statutory retention periods cannot be deleted until those obligations are fulfilled.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before the withdrawal.
- Right to Grievance Redressal: You may raise any privacy-related complaint or concern with our Grievance Officer.
- Right to Nominate: Under DPDPA 2023, you may nominate another individual to exercise your rights in the event of your death or incapacity.
To exercise any of the above rights, please send a written request to kriyon@repixelx.techwith the subject line "Privacy Rights Request — [Your Name]". We will acknowledge your request within 48 hours and fulfil it within 30 calendar days, provided there are no pending legal or financial matters that require retention of the relevant data.
06Data Retention
We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our general retention schedule is:
| Data Type | Retention Period | Basis |
|---|---|---|
| GST invoices & financial records | 8 years from the end of financial year | GST Act, Income Tax Act |
| Project files & deliverables | 3 years post-project completion | Limitation Act (potential disputes) |
| Email communications | 3 years post-project | Legal protection |
| Platform usage data (Edova/OneLink) | Duration of active subscription + 1 year | Service delivery & improvement |
| Marketing contact data (opted in) | Until opt-out or 2 years inactivity | Consent |
| Legal dispute records | Until final resolution + 5 years | Legal protection |
07Children's Privacy
Our services are not directed at children under the age of 18. Kriyon Group Private Limited does not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a person under 18, we will take immediate steps to delete such data from our systems. If you believe we may have collected data from a minor, please contact us immediately at kriyon@repixelx.tech.
For Edova's educational platform: where the platform is used by educational institutions for students below 18, it is the responsibility of the institution to ensure appropriate parental or guardian consent has been obtained before granting access.
08Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The updated policy will be published at kriyongroup.com/legalwith a revised "Last Updated" date. We encourage you to review this policy periodically. For material changes, we will endeavour to provide notice via email to registered users or through a prominent notice on our website.
09Contact — Privacy Grievances
For any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact our Grievance Officer:
| Grievance Officer | Krishang Sharma Dhar, Director & Founder |
| kriyon@repixelx.tech (Subject: "Privacy Concern — [Your Name]") | |
| Phone | +91 9622121100 |
| Address | Room No. 2, First Floor, Tawi Enclave, Vill Nandini, Jammu, J&K – 180002 |
| Response Time | Within 48 hours acknowledgement; 30 days resolution |