Updated: 17-Mar-2026

Chimple (“Chimple”, “we”, “our”, or “us”) is committed to protecting the privacy and safety of
children, parents, educators, and schools using our platform. This Privacy Policy explains how
we collect, use, store, share, and protect personal data in connection with the Chimple
application and related services.
Chimple is an educational platform designed exclusively for foundational literacy and
numeracy learning for children in kindergarten and primary school.

1. Scope and Purpose
This Privacy Policy applies to all users of Chimple, including:
● Children (students)
● Parents/Caregivers
● Teachers
● Schools/Institutions
● Administrators

Chimple processes personal data solely for educational purposes and does not use
children’s data for advertising, profiling, or unrelated commercial activities.

2. Roles and Responsibilities
User Roles
● Child (Student): Uses the app for learning.
● Parent/Caregiver: Provides consent, monitors child usage.
● Teacher: Facilitates classroom use and monitors progress.
● School/Institution: Acts as the data controller for student data in school deployments.
● Chimple: Acts as a data processor/service provider for schools and a data controller
     for direct consumer use.

Data Ownership
● Users and/or schools retain full ownership of their data.
● Chimple processes data only to deliver and improve educational services.

3. Lawful Basis for Processing
We process personal data under the following lawful bases:
● Consent:
    ○ Explicit parental/caregiver consent is obtained before collecting personal data
        from children.
    ○ Consent may be obtained via:
        ■ Parent registration workflows through the app 
        ■ School-mediated consent processes
        ■ Verifiable email or digital consent mechanisms
● Contractual Necessity:
    ○ To provide educational services requested by schools or users.
● Legitimate Interests:
    ○ To improve platform performance, ensure safety, and prevent misuse (balanced
        against user rights).

4. Parental Consent Management
● Parents/caregivers must provide consent before a child account is activated.
● Schools may collect consent on behalf of Chimple where legally permitted.
● Parents can:
    ○ Review their child’s data
    ○ Withdraw consent at any time
● Withdrawal of consent may result in account suspension or deletion.

5. Information We Collect
Child Data
● First name or pseudonym
● Age/grade level
● Gender
● Learning progress and performance data
 

Parent/Teacher Data
● Name
● Email address or Phone number
● Account credentials
 

School Data
● Institution name
● Class/group information
 

Technical Data
● Device information
● Usage logs
● IP address (for security and functionality)

6. Purpose of Data Use
We use data only to:
● Deliver educational content and track learning progress
● Personalize learning experiences
● Enable teacher and parent dashboards
● Maintain platform security and integrity
● Provide customer support
 

We do NOT:
● Sell personal data
● Use children’s data for advertising
● Profile children for commercial purposes

7. Data Storage and International Transfers
Storage Locations
Data may be stored and processed in secure servers operated by major cloud providers as
listed below:
● Supabase (Amazon Web Services (AWS))
● Google Cloud Platform (GCP)
 

International Transfers
If data is transferred outside the user’s country:
 ● We implement safeguards such as:
    ○ Standard Contractual Clauses (SCCs)
    ○ Encryption in transit and at rest
    ○ Data minimization practices

8. Data Retention and Deletion
We retain data only as long as necessary:
Retention Periods
● Active accounts: retained while in use
● Inactive accounts: deleted after 12–24 months of inactivity
● School data: retained for the duration of the school contract
 

Deletion Triggers
● User or parent request
● Account inactivity
● Termination of school contract
 

Deletion Process
● Data is securely deleted or anonymized
● Backup systems are purged within a reasonable timeframe

9. Termination and Data Deletion
When a user or school terminates use of Chimple:
● Data will be:
    ○ Returned (if requested), or
    ○ Deleted within a defined period (typically 30–90 days)
● Chimple will not retain identifiable data beyond this period unless legally required

10. Third Parties and Subprocessors
We may use trusted third-party service providers for:
● Cloud hosting (AWS)
● Analytics (Google Analytics) (privacy-compliant, minimal data)
● Customer support tools
● Security monitoring
 

All subprocessors:
● Are bound by strict data protection agreements
● Process data only on our instructions
● Must meet industry-standard security requirements

11. Security Measures
We implement strong technical and organizational safeguards:
Technical Measures
● Encryption (TLS in transit, encryption at rest)
● Secure authentication and access controls
● Regular security audits and monitoring
 

Organizational Measures
● Restricted employee access (need-to-know basis)
● Staff training on data protection
● Incident response procedures

12. Data Breach Notification
In the event of a data breach:
● We will notify affected users and/or schools within 72 hours (or sooner if required by
     law)
● Notifications will include:
    ○ Nature of the breach
    ○ Data affected
    ○ Steps taken to mitigate impact
    ○ Recommended user actions

13. User Rights
Depending on applicable laws, users (or parents/schools on behalf of children) have the right to:
● Access personal data
● Correct inaccurate data
● Delete (erase) data
● Restrict or object to processing
● Withdraw consent
● Data portability
● Lodge complaints with a data protection authority
 

How to Exercise Rights
Requests can be made via:
● Email: help@chimple.org
We will respond within applicable legal timelines.

14. Educational Purpose Limitation
Chimple strictly limits data use to educational purposes only.
We explicitly prohibit:
● Advertising to children
● Behavioral profiling for commercial gain
● Use of data unrelated to learning outcomes

15. Changes to This Policy
We do not make material changes to this Privacy Policy without notice.
● Users will be notified of significant changes via:
    ○ In-app notifications
● Continued use after notification constitutes acceptance

16. Contact Information
For questions or requests:
Email: help@chimple.org
Address: 68 4th Cross Panduranganagar Bannerghatta Road Bangalore 560076 India

17. Compliance
Chimple aims to comply with applicable data protection laws, including:
● GDPR (EU)
● COPPA (USA, where applicable)
● Indian data protection regulations