Privacy Policy

Owner: Vidhvantri Technologies LLP, a Limited Liability Partnership registered under the Limited Liability Partnership Act, 2008, with its registered office at Semmancherry, Chennai – 600 130, Tamil Nadu, India (hereinafter referred to as “Vidhvantri”, “we”, “us”, or “our”)

Jurisdiction: Chennai, Tamil Nadu, India

1. Introduction

This Privacy Policy (“Policy”) governs the collection, processing, storage, disclosure, and protection of Personal Data and Institutional Data by FluxLMS, a cloud-based Software-as-a-Service Learning Management System (“Platform”) owned and operated by Vidhvantri. By accessing or using the Platform, registering an account, or continuing to use the services, the User expressly consents to the practices described herein. This Policy is incorporated into and forms an integral part of the FluxLMS Terms and Conditions. Vidhvantri reserves the right to amend this Policy at any time, with material changes notified at least fifteen (15) days in advance. Continued use post-amendment constitutes acceptance.

2. Stakeholders

• Users: Any natural or juristic person including students, educators, academic institutions, corporate clients, administrators, or guests who interact with the Platform.
• Platform Owner: Vidhvantri Technologies LLP, responsible for operating and maintaining FluxLMS.
• Third-Party Providers: Entities such as Amazon Web Services India Private Limited (“AWS”), analytics partners and payment gateways, engaged under legally binding Data Processing Agreements (“DPAs”) and subject to confidentiality and data protection obligations.

3. Data Collection

Vidhvantri collects data strictly necessary for the provision of services, including:

• Personal Identifiers: Full name, email address, phone number, profile picture, and government-issued identification where required for Know Your Customer (KYC) or legal compliance.
• Institutional Metadata: Organization name, department, designation, employee/student ID, and enrollment records.
• Educational Content and Usage Logs: Course materials, quiz responses, certificates, forum posts, timestamps, session duration, and progress metrics.
• Technical Data: IP address, browser type/version, operating system, device identifiers, cookies, web beacons, log files, and geolocation (city-level).
• Communication Data: Support tickets, feedback forms, and chat transcripts.
• Aggregated & Anonymised Data: Dashboard anonymized for personally identifiable information.
• All data is collected in accordance with the principles of data minimization, purpose limitation, and lawful processing under applicable laws.

4. Data Ownership & Processing

• Users retain full and exclusive ownership, including intellectual property rights, over all content and data uploaded or generated on the Platform.
• Vidhvantri acts as a Data Processor (where Users are Data Controllers) or joint Controller for technical logs.
• Processing is limited to: a) Delivering Platform functionality b) Providing technical support c) Performing analytics for service improvement d) Complying with legal obligations
• No sale, rental, or unauthorized disclosure of data to unaffiliated third parties occurs.
• All processing activities are documented and subject to internal audits and external compliance reviews.

5. Data Retention & Deletion

• Data is retained for the duration of the active subscription plus ninety (90) days post-termination for restoration purposes.
• Upon termination or deletion request: a) Soft deletion occurs within 24 hours b) Permanent erasure from production servers within 30 days c) Backups are anonymized or destroyed within 180 days unless retention is mandated by law (e.g., tax audits)
• Users may exercise rights via the self-service portal or by emailing dpo@fluxlms.com.
• Vidhvantri maintains a data retention schedule and purges expired data in accordance with ISO/IEC 27001 and SPDI Rules.

6. Third-party Services

• Hosting is provided by AWS Mumbai region (ap-south-1) with data residency commitments.
• Analytics are performed using pseudonymized data under GDPR Article 28-compliant DPAs.
• Payment processing is handled by PCI-DSS compliant gateways.
• A full list of sub-processors is maintained at fluxlms.com/legal/subprocessors and updated annually.
• Vidhvantri conducts due diligence and contractual vetting of all third-party vendors.

7. Data Security

Vidhvantri implements a multi-layered security framework including:

• Access Controls:
  • Role-Based Access Control (RBAC)
  • Multi-Factor Authentication (MFA) for administrative accounts
  • OAuth 2.0 / OpenID Connect for SSO integrations
  • Breach notification within 72 hours to affected Users and authorities
• Backups:
  • Daily encrypted snapshots with 30-day retention
  • Quarterly disaster recovery testing
• Compliance:
  • GDPR, DPDP

8. User Rights (Data Subject Rights)

In accordance with global data protection laws, Users may:

• Access: Request a copy of their data in machine-readable format (JSON/CSV) within 15 days
• Rectification: Correct inaccurate or outdated data via the portal
• Erasure: Request deletion unless retention is legally required
• Restriction: Limit processing during disputes or investigations
• Portability: Export data to another service provider
• Objection: Opt-out of analytics or marketing communications
• Withdraw Consent: Revoke consent via account settings; does not affect prior lawful processing

9. Communications

• Users consent to receive transactional and service-related communications.
• Marketing messages require explicit opt-in and may be opted out at any time.
• Vidhvantri maintains unsubscribe mechanisms and honors Do Not Disturb (DND) preferences.

10. International Data Transfers

• Data may be transferred to AWS regions outside India solely for disaster recovery.
• Transfers are governed by Standard Contractual Clauses (SCCs 2021/914) and Binding Corporate Rules.
• Vidhvantri ensures adequate safeguards and maintains records of cross-border transfers.

11. Policy Updates

• This Policy may be updated periodically to reflect legal, technical, or operational changes.
• Material changes will be communicated via email or Platform notification at least fifteen (15) days prior to enforcement.
• Continued use of the Platform constitutes acceptance of the revised Policy.

12. Global Scope

• This Policy applies to all Users globally, regardless of jurisdiction.
• Users are responsible for ensuring their own compliance with local, national, and international laws.
• Vidhvantri disclaims liability for content uploaded by Users or jurisdictional compliance failures.

13. Force Majeure

Vidhvantri shall not be liable for any failure or delay in performance due to circumstances beyond reasonable control, including but not limited to acts of God, natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, pandemics, cyberattacks, denial-of-service attacks, or governmental actions. Upon cessation of such events, services shall resume with reasonable diligence.

14. Jurisdiction & Governing Law

This Policy shall be governed by and construed in accordance with the laws of India, without regard to conflict of law principles. Exclusive jurisdiction and venue for any dispute arising hereunder shall lie with the competent courts in Chennai, Tamil Nadu.

15. Disclaimer

Vidhvantri is not responsible for User-uploaded content or failure to comply with laws outside India. Users warrant that their use of the Platform complies with applicable local regulations. No attorney-client, physician-patient, or fiduciary relationship is created by use of the Platform.

16. Contact

For inquiries, complaints, or data rights requests:

• Email: marketing@vidhvantri.in
• Phone: +91-(0)44-42624172
• Address: Vidhvantri Technologies LLP, Chennai, Tamil Nadu, India