Skip to main content
EtheraGuruEtheraGuru
HomeFeaturesRoadmapFAQPricingBlogContact

Privacy Policy – EtheraGuru

Effective Date: January 1, 2025

Last Updated: February 10, 2026

EtheraGuru ("we", "our", "us") is a SaaS product owned and operated by EtheraEdge Limited (UK) and EtheraEdge Solutions Private Limited (India) (together, "EtheraEdge"). We are committed to protecting your privacy and handling your data responsibly.

This Privacy Policy explains how we collect, use, store, and protect information when you use EtheraGuru. This policy complies with the Digital Personal Data Protection Act, 2023 (DPDPA) (for users in India), the Information Technology Act, 2000 and its rules, the UK GDPR (for users in the United Kingdom), and other applicable data protection laws.

1. Entities Covered

  • EtheraEdge Limited (Company No. 15111901, UK) – responsible for services and customers outside India.
  • EtheraEdge Solutions Private Limited (CIN: U62012KL2024PTC088609, India) – responsible for services and customers within India.

Depending on your location, your contract will be with one of these entities. References to "Data Fiduciary" (DPDPA terminology) and "Data Controller" (GDPR terminology) are used interchangeably where applicable.

2. Our Role in Data Processing

EtheraEdge acts in two distinct roles:

  • As a Data Fiduciary / Controller: For data we collect directly from our customers (tutoring business owners) such as account, billing, and contact information. We determine the purposes and means of processing this data.
  • As a Data Processor: For data uploaded by our customers into EtheraGuru (such as student and parent details). In these cases, the tutoring business is the Data Fiduciary / Controller, and EtheraEdge acts only as their Processor, handling the data on their behalf and under their instructions as set out in our Data Processing Agreement (DPA).

3. Data We Collect

a. From Our Customers (Tutoring Business Owners)

  • Account information: Name, email address, phone number, business name, business address, business type.
  • Billing and payment details: Payment method information, invoice records, GST/tax identifiers (processed securely via our payment provider; we do not store full card or bank account details).
  • Account credentials: Login information managed through our authentication provider (WorkOS). We do not store passwords directly.
  • Usage data: Platform interactions, feature usage patterns, login timestamps, and IP addresses.
  • Communication records: Support requests, emails, and in-app communications.

Purpose: To set up and manage your EtheraGuru account, deliver services, process payments, provide support, improve our platform, and comply with legal obligations.

b. From Students and Parents (End-Users Added by Customers)

This data is uploaded and controlled by our customers (tutoring businesses). We process it solely as a Data Processor on their behalf:

  • Personal details: Names, phone numbers, email addresses, physical addresses (if provided).
  • Student details: Date of birth, age, gender, grade/level, school name, academic information.
  • Parent/Guardian details: Name, contact information, relationship to the student.
  • Enrolment records: Assigned courses, batches, attendance records, fee configurations.
  • Financial records: Invoices, payment history, fee schedules.
  • Communication logs: WhatsApp notifications sent, delivery status.

Purpose: Solely to provide the tutoring business with the functionality of EtheraGuru (e.g., managing enrolments, processing payments, sending notifications). We do not use this data for our own marketing or unrelated analytics purposes.

4. How We Use Data

  • Provide, maintain, and improve EtheraGuru's features and functionality.
  • Communicate with customers about service updates, invoices, and support.
  • Process payments and generate invoices.
  • Send transactional notifications (via WhatsApp, SMS, or email) as configured by the customer.
  • Monitor platform performance, diagnose errors, and improve reliability.
  • Secure our systems and prevent fraud or abuse.
  • Comply with financial, tax, and regulatory obligations.

We never sell personal data to third parties.

We process personal data only for the purposes specified above. Any processing beyond these purposes will require fresh consent or a valid legal basis.

5. Lawful Basis for Processing

For Indian Customers (under the DPDPA):

  • Consent – Obtained at the time of account creation for processing your business data, and where explicitly required (e.g., marketing communications).
  • Legitimate uses – As permitted under the DPDPA, including performance of the contract for service delivery, compliance with applicable Indian law, and responding to medical emergencies.

For UK/International Customers (under UK GDPR):

  • Contractual necessity – To provide services to our customers.
  • Legitimate interests – Improving services, preventing fraud, ensuring security.
  • Consent – Where explicitly required (e.g., marketing communications).
  • Legal obligation – Where required by tax or regulatory laws.

For Student/Parent Data (Processor Role):

We process student/parent data strictly under the instructions of the tutoring business (Data Fiduciary / Controller) and as set out in the DPA. The tutoring business is responsible for establishing the lawful basis for processing.

6. Children's Data

EtheraGuru is a platform used by tutoring businesses, many of which serve students below 18 years of age. We take the protection of children's data seriously.

As a Data Processor:

  • Student/child data is entered and controlled by the tutoring business (our customer). The tutoring business is responsible for obtaining verifiable parental or guardian consent before uploading a child's personal data to EtheraGuru, as required under the DPDPA (Section 9) and other applicable laws.
  • We process children's data strictly on the instructions of the tutoring business and solely for the purpose of providing the Services.
  • We do not engage in tracking, behavioural monitoring, profiling, or targeted advertising directed at children.
  • We do not process children's data in any manner that is likely to cause detrimental effect to the well-being of a child.

As a Data Fiduciary / Controller:

  • Our platform accounts are restricted to individuals aged 18 and above. We do not knowingly collect personal data from children for our own account or marketing purposes.

7. Sharing of Data

We may share data only with the following categories of recipients:

Sub-Processors / Service Providers

We use the following third-party service providers who may process personal data on our behalf:

ProviderPurposeData ProcessedLocation
WorkOSAuthentication and identity managementAccount credentials, organisation infoUSA
Cashfree PaymentsPayment processing (PCI-DSS compliant)Payment details, invoice dataIndia
PostHogProduct analytics, error tracking, session replayUsage data, interaction data, error logsEU/USA
Meta (WhatsApp Business API)WhatsApp notificationsPhone numbers, message contentUSA/India
Azure Communication ServicesWhatsApp notifications (alternate provider)Phone numbers, message contentGlobal
Cloud hosting providerData storage and computeAll platform dataAs disclosed

All sub-processors are contractually required to process data only on our instructions and to maintain appropriate technical and organisational security measures. A full list of sub-processors is maintained and updated in our DPA.

Other Disclosures

  • Legal authorities – When required by law, court order, or direction from a government authority.
  • Within our group companies – EtheraEdge UK and EtheraEdge India, for operational purposes related to service delivery.
  • We do not sell, rent, or trade personal data to any third party.

8. International Data Transfers

Data may be processed or stored in data centres outside your country as part of our cloud infrastructure and through our sub-processors.

  • For Indian customers: Any cross-border transfer of personal data will be carried out in compliance with the DPDPA and any restrictions notified by the Central Government regarding transfer of personal data to specific jurisdictions.
  • For UK/EU customers: We implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent legal protections as required under UK GDPR.

9. Data Retention

  • Customer account and billing data: Retained as long as the account is active, and up to 7 years after account closure as required by applicable tax and financial regulations (Income Tax Act, 1961; Companies Act, 2013).
  • Student/parent data: Retained only for as long as the customer maintains it in EtheraGuru. Deleted or anonymised promptly upon customer request or within 30 days of account termination, except where retention is required by law.
  • Usage and analytics data: Retained for up to 2 years for product improvement purposes, after which it is anonymised or deleted.
  • Communication logs (WhatsApp/notification records): Retained for up to 1 year for service quality and dispute resolution purposes.

Upon expiry of the applicable retention period, personal data will be securely deleted or irreversibly anonymised.

10. Data Security

We use industry-standard security measures including:

  • Encrypted data transmission (HTTPS/TLS).
  • Encryption of data at rest.
  • Secure server infrastructure with restricted access controls.
  • Authentication via trusted identity provider (WorkOS) with encrypted session cookies.
  • Regular backups and system monitoring.
  • Access logging and audit trails.

However, no system is 100% secure. Customers are responsible for securing their own login credentials and reporting any suspected unauthorised access promptly.

11. Cookies and Tracking Technologies

Cookies We Use

Cookie / TechnologyPurposeTypeDuration
eg-user-sessionMaintains your login sessionEssential (HTTP-only, secure)7 days
PostHog analyticsProduct analytics, feature usage tracking, error monitoringAnalyticsSession / persistent
PostHog session replayRecords user interactions (clicks, scrolls, page views) for debugging and product improvement. Console logs may be captured in replay.AnalyticsSession

Important Notes on Session Replay

  • PostHog session replay captures user interactions on the platform, including clicks, scrolls, and page navigation. Console logs may also be captured for debugging purposes.
  • Session replay data is processed by PostHog and is used solely for product improvement and error diagnosis.
  • Session replay does not capture passwords, payment card details, or other sensitive form inputs (these are masked by default).
  • Session replay is not used for student/parent-facing pages and does not track or profile students or children.

Your Choices

  • Essential cookies (eg-user-session) are necessary for the platform to function and cannot be disabled.
  • Analytics cookies (PostHog) help us understand how the platform is used and improve the experience. You may opt out of analytics tracking by contacting us at the addresses listed below or through your browser's cookie settings.

12. Rights of Data Principals / Data Subjects

a. For Customers (Tutoring Businesses) – Fiduciary/Controller Relationship

Under the DPDPA (Indian customers), you have the right to:

  • Access – Obtain a summary of your personal data being processed and the processing activities undertaken.
  • Correction – Request correction of inaccurate or incomplete personal data.
  • Erasure – Request deletion of your personal data where it is no longer necessary for the purpose for which it was collected (subject to legal retention requirements).
  • Grievance redressal – Have your data-related complaints acknowledged and addressed in a timely manner.
  • Nominate – Nominate another individual to exercise your data rights in the event of your death or incapacity.
  • Withdraw consent – Withdraw your consent for data processing at any time. Withdrawal will not affect the lawfulness of processing carried out prior to withdrawal, but may result in the inability to continue providing certain services.

Under UK GDPR (UK/international customers), you additionally have the right to:

  • Object to processing based on legitimate interests.
  • Request restriction of processing.
  • Data portability – receive your data in a structured, machine-readable format.
  • Lodge a complaint with a supervisory authority (e.g., the UK ICO).

b. For Students and Parents – Processor Relationship

Requests to access, update, or delete student/parent data should be directed to the tutoring business (the Data Fiduciary / Controller). We will support our customer in fulfilling such requests as required under the DPA.

How to Exercise Your Rights

To exercise any of these rights, please contact our Grievance Officer (for Indian customers) or our Data Protection contact (for UK/international customers) using the details in Section 16 below.

13. Data Breach Notification

In the event of a personal data breach:

  • For Indian customers: We will notify the Data Protection Board of India and affected Data Principals as required under the DPDPA, without unreasonable delay.
  • For UK/international customers: We will notify the relevant supervisory authority (e.g., the UK ICO) within 72 hours of becoming aware of the breach, and affected individuals where required under UK GDPR.
  • We will also notify affected customers (tutoring businesses) promptly so they can fulfil their own notification obligations as Data Fiduciaries / Controllers.
  • Breach notifications will include: the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach.

14. Consent Withdrawal

You may withdraw your consent for data processing at any time by:

  • Contacting us at the email addresses listed below.
  • Using any in-app consent management features (where available).

Upon receiving a valid withdrawal request, we will cease processing your data for the purposes to which consent was withdrawn, except where continued processing is required by law or under another lawful basis. Please note that withdrawal of consent may affect our ability to provide certain services.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our data practices, or platform functionality. Material changes will be communicated to customers via email or in-app notification at least 15 days before they take effect. The updated policy will be posted on this page with a revised "Last Updated" date.

16. Grievance Officer (India)

In compliance with the Digital Personal Data Protection Act, 2023, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, EtheraEdge Solutions Private Limited has appointed a Grievance Officer:

  • Name: [To be appointed]
  • Email: grievance@etheraedge.in
  • Address: Kanjirakkattu House, Kalampoor, Enanalloor P.O, Muvattupuzha, Kerala, India – 686673

Complaints will be acknowledged within 48 hours and resolved within 30 days of receipt.

If you are not satisfied with the resolution, you may approach the Data Protection Board of India under the DPDPA, or the appropriate Consumer Disputes Redressal Commission under the Consumer Protection Act, 2019.

17. Contact Us

Global/UK (Data Protection Contact):

contact@etheraedge.com

EtheraEdge Limited, 128 City Road, London, EC1V 2NX, United Kingdom

India (Grievance Officer):

grievance@etheraedge.in

EtheraEdge Solutions Private Limited, Kanjirakkattu House, Kalampoor, Enanalloor P.O, Muvattupuzha, Kerala, India – 686673

General Support:

support@etheraedge.in

EtheraGuru

A product by EtheraEdge. Built for tutors who want to focus on teaching, not admin.

HomeBlogTermsPrivacyContactAbout EtheraEdge
FacebookYouTubeInstagramXThreadsWhatsApp

© 2026 EtheraEdge Limited. All rights reserved.

E

Chat with us

EtheraGuru Support

Hey there! How can we help you today? Tap below to start a WhatsApp conversation.

Start Chat