Privacy Policy

This Privacy Policy describes how FuturePath Labs (operating as DishaDarshi) collects, uses, stores, shares, and protects personal data from students, parents, guardians, and schools who use the DishaDarshi platform.

By accessing or using DishaDarshi, you agree to the practices described in this policy. If you do not agree, please discontinue use.

DishaDarshi handles data belonging to minors (persons under 18 years of age). This requires — and we take — additional care and responsibility. We comply with applicable Indian data protection law, including the Digital Personal Data Protection Act, 2023 (DPDPA).

1. Who We Are

Legal Entity: FuturePath Labs

Consumer Brand: DishaDarshi

Registered Address: [To be inserted]

Grievance Officer / Contact: privacy@dishadarshi.in

2. What Data We Collect

2.1 Data Provided by Users

We collect data that users provide directly when creating an account, purchasing a service, or using the platform:

• Student name, age, class, school name, city/state

• Parent or guardian name, email address, phone number

• Assessment responses and scores

• Session notes and counsellor interaction records (where applicable)

• Payment-related information (processed through third-party gateway; we do not store card details)

• School or institutional contact details for B2B accounts

2.2 Data Collected Automatically

We automatically collect limited technical data when you use the platform:

• Device type, browser, and operating system

• IP address and approximate location

• Session duration, pages visited, and interaction patterns

• Cookies and session tokens (see Section 10 for Cookie Policy)

2.3 Sensitive Data

Assessment data about personality, aptitude, and interests may constitute sensitive personal data under Indian law. We treat all psychometric and guidance-related data with heightened care and do not use it for advertising, profiling, or any commercial purpose beyond the direct delivery of our service.

3. Why We Collect Data (Purpose Limitation)

Data Category

Purpose of Collection

Identity & contact data

Account creation, service delivery, communication

Assessment responses

Generate reports, provide counselling recommendations

Payment data

Process transactions via payment gateway

Usage data

Platform performance, debugging, service improvement

School/institution data

B2B contract delivery, reporting, program management

Counsellor session data

Record-keeping, quality review, follow-up

We collect only what is necessary for the purposes stated above. We do not collect data speculatively or build behavioural profiles for purposes unrelated to career guidance.

4. Legal Basis for Processing (DPDPA 2023)

Under the Digital Personal Data Protection Act, 2023, our legal basis for processing personal data is:

• Consent: Freely given, specific, informed, and unambiguous consent obtained from parents or guardians on behalf of minors, or from adult users directly.

• Contractual necessity: Processing needed to fulfil our service obligations under the Terms of Use.

• Legitimate interests: Limited technical processing for platform security and fraud prevention.

5. Data Related to Minors

DishaDarshi serves students primarily between 13–18 years of age. We treat data belonging to any person under 18 as minor data and apply the following additional protections:

• Parental or guardian consent is mandatory before any assessment or counselling service is accessed by a minor under 18.

• For B2B (school) deployments, the school institution acts as the consenting data fiduciary on behalf of students, and must obtain parental consent as part of their institutional onboarding process.

• We do not use minor data for advertising, marketing, or commercial profiling.

• Minor data is stored separately and subject to stricter access controls.

• Minors or their parents/guardians may request erasure of data at any time (see Section 8).

6. How We Share Data

We do not sell, rent, or trade personal data. We share data only in the following limited circumstances:

6.1 Service Delivery Partners

We may share data with carefully selected technology and service providers who assist us in delivering the platform — including cloud hosting providers, payment gateways, and assessment engine operators. These parties are bound by data processing agreements and are not permitted to use data for their own purposes.

6.2 Counsellors

Assessment reports and relevant student data are shared with the counsellor assigned to a session, strictly for the purpose of delivering the guidance session. Counsellors are bound by confidentiality obligations.

6.3 Schools (B2B)

For school programs, aggregate and individual student reports are shared with the school's designated administrator. The school is responsible for managing access and parent communication per the B2B agreement.

6.4 Legal Obligations

We may disclose data if required to do so by law, court order, or regulatory authority.

6.5 No Third-Party Advertising

We do not share data with advertisers, ad networks, or data brokers under any circumstances.

7. Data Storage and Security

• All data is stored on servers located in India, or in jurisdictions that provide equivalent protection, subject to applicable law.

• We use encryption in transit (TLS/HTTPS) and encryption at rest for sensitive data fields.

• Access to personal data is restricted to authorised personnel with a documented need.

• We conduct periodic access reviews and maintain audit logs.

• In the event of a data breach, we will notify affected users and relevant authorities within the timelines required by applicable law.

8. Retention and Deletion

Data Type

Retention Period

Account and identity data

Duration of account + 3 years after account closure

Assessment reports

Lifetime access for the user; archived after 5 years of inactivity

Payment records

7 years (statutory requirement)

Session and counsellor notes

3 years from session date

Usage and technical logs

12 months rolling

Deleted account data

Erased within 30 days of deletion request, except where legally required to retain

Users may request deletion of their data at any time by writing to privacy@dishadarshi.in. We will confirm deletion within 30 days, except where retention is required by law.

9. Your Rights

Under applicable Indian data protection law, users have the following rights:

• Right to Access: Request a copy of personal data we hold about you.

• Right to Correction: Request correction of inaccurate or incomplete data.

• Right to Erasure: Request deletion of personal data, subject to legal retention requirements.

• Right to Withdraw Consent: Withdraw consent at any time; this does not affect processing already carried out.

• Right to Nominate: Nominate another person to exercise these rights on your behalf.

To exercise any right, contact: privacy@dishadarshi.in. We respond within 30 days.

10. Cookies

DishaDarshi uses cookies and similar technologies for:

• Session management (keeping you logged in)

• Security and fraud prevention

• Platform performance and analytics (aggregated, non-identifiable)

We do not use third-party advertising cookies. Users may manage or disable cookies through their browser settings; doing so may affect platform functionality.

11. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will notify users of material changes via email or a prominent platform notice at least 15 days before the change takes effect. Continued use after notification constitutes acceptance.

12. Grievance and Contact

Grievance Officer: Anant Kulkarni

Email: anant.kulkarni@dishadarshi.com

Response Timeline: Acknowledgement within 48 hours; resolution within 30 days

Registered Address: FuturePath Labs, Nanded, Maharashtra