Legal

Privacy Policy

Effective date: 21 June 2026  ·  Last updated: 2 July 2026

Your privacy matters to us. This policy explains what data we collect, why we collect it, and how we protect it — in plain language.

Contents

  1. Who We Are
  2. What Data We Collect
  3. Biometric & Face Data
  4. How We Use Your Data
  5. Legal Basis for Processing
  6. Data Sharing & Third Parties
  7. Data Retention
  8. Data Security
  9. Your Rights
  10. Grievance Officer
  11. Children's Privacy
  12. Cookies & Analytics
  13. International Data Transfers
  14. Changes to This Policy
  15. Contact Us

1. Who We Are

mydrivingschool ("we", "us", "our") is a driving school management platform operated in India. We operate the mydrivingschool mobile application (Android & iOS) and the website at mydrivingschool.in.

This platform is operated by Naveen Nayak.

For the purposes of the Digital Personal Data Protection Act, 2023 (DPDPA), we act as a Data Fiduciary with respect to School Owner and platform user data. School Owners act as Data Fiduciaries with respect to their students' and instructors' personal data entered into the platform.

Privacy contact: privacy@mydrivingschool.in

2. What Data We Collect

2.1 School Owner data

DataWhy we collect it
School name, address, phone, emailAccount creation and communication
Google Maps / review / website linksDisplay in school profile within the app
Payment transaction recordsSubscription billing via RevenueCat / Razorpay
App usage logsService improvement and support

2.2 Instructor data (entered by School Owner)

DataWhy we collect it
Name, phone number, emailAccount access and identification
Class and attendance recordsPerformance tracking for School Owner

2.3 Student / Learner data (entered by School Owner)

DataWhy we collect it
Name, phone number, emailAccount creation, credential delivery
Date of birth, licence numberEnrolment records
Fee payment recordsFee tracking and receipt generation
Attendance recordsClass progress tracking
Face photograph & facial embeddingFace-scan attendance (if enabled by School Owner)

2.4 Website registration data

When you register a driving school via mydrivingschool.in/register, we collect your school name, owner name, phone number, email address, and selected subscription plan. Your phone number is verified by one-time password (OTP) using Firebase Phone Authentication — this confirms you own the number. Payment is processed through Razorpay. Your registration data (school details, hashed password, and subscription record) is stored directly in our Firebase database. No third-party email gateway is used for the registration flow.

2.5 Website enquiry data

When you submit an enquiry via mydrivingschool.in/enquiry, we collect your name, school name (optional), phone number, email address (optional), and message. This data is stored in our Firebase database and used solely to respond to your enquiry. We do not share enquiry data with third parties.

2.6 Automatically collected data

Device type, OS version, app version, crash reports, and anonymised usage analytics. No personally identifiable information is included in analytics.

3. Biometric & Face Data

Sensitive Personal Data Face photographs and facial embeddings are biometric data — sensitive personal data under the DPDPA 2023. We handle this data with the highest level of care.

What we collect

When a School Owner enables the face-scan attendance feature, a student's face photograph is captured and a mathematical facial embedding (a numerical representation of facial features) is generated and stored. Face photographs are stored securely in access-controlled storage and deleted when face data is removed or the account is deleted.

Consent requirement

School Owners are required by our Terms & Conditions to obtain explicit, informed consent from each student (or parent/guardian for minors) before capturing face data. Responsibility for obtaining consent lies entirely with the School Owner.

How it is used

Facial embeddings are used solely to verify a student's identity during attendance marking within their enrolled school. They are never shared with third parties, used for advertising, or used for any purpose beyond attendance verification.

Deletion

School Owners can delete a student's face data at any time from within the app. Upon account deletion or after the 90-day post-expiry grace period, all biometric data is permanently deleted from our servers.

4. How We Use Your Data

We use the data we collect to:

We do not use your data for advertising, sell your data to third parties, or use student data for any purpose beyond providing the services requested by the School Owner.

6. Data Sharing & Third Parties

We share data only as necessary to operate the Platform:

ServicePurposeData shared
Google FirebaseDatabase, authentication, storageAll app data (encrypted at rest)
RevenueCatSubscription management & in-app purchase trackingSchool Owner ID, subscription status, purchase events
RazorpayPayment processing (UPI & cards)Payment amount, School Owner identity
EmailJSSending credential emails to studentsStudent email, login credentials
WhatsApp (Meta)Fee reminders, credential deliveryStudent phone number, message content

All third-party services are bound by their own privacy policies. We do not share personal data with any other third parties except when required by law or court order.

7. Data Retention

We will send at least one email notification to the registered School Owner before any permanent deletion.

8. Data Security

We implement appropriate technical and organisational measures to protect your data:

No system is 100% secure. In the event of a data breach that affects your personal data, we will notify affected users as required by applicable Indian law.

9. Your Rights

Under the Digital Personal Data Protection Act, 2023 and applicable Indian law, you have the following rights:

📋

Right to Access

Request a summary of the personal data we hold about you.

✏️

Right to Correction

Request correction of inaccurate or incomplete personal data.

🗑️

Right to Erasure

Request deletion of your personal data, subject to legal retention obligations, or use our account deletion page.

🚫

Withdraw Consent

Withdraw consent for biometric data collection at any time.

📦

Right to Portability

School Owners may export data via PDF reports from the app.

⚠️

Right to Grieve

Lodge a grievance with our Grievance Officer (see Section 10).

To exercise any of these rights, email privacy@mydrivingschool.in. We will respond within 30 days.

Note for Students: Your data is managed by the School Owner. Contact your School Owner first. If unresolved within a reasonable time, contact us directly.

10. Grievance Officer

As required under the Digital Personal Data Protection Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have designated a Grievance Officer to address privacy concerns and data-related complaints.

Grievance Officer
mydrivingschool — Privacy & Compliance
Email
Website
Response time
Acknowledgement within 48 hours. Resolution within 30 days.

If your grievance is not resolved within 30 days, you may escalate to the Data Protection Board of India, once constituted under the DPDPA 2023.

11. Children's Privacy

The Platform is not directed at children under 16. Students enrolled on the Platform may be 16 or older (consistent with the minimum age for a learner's licence under the Motor Vehicles Act).

For students aged 16–17, School Owners are required to obtain parental or guardian consent before enrolment and before collecting any biometric data. We do not independently collect information from children under 16.

If you believe that a child under 16 has been enrolled without proper consent, contact us at privacy@mydrivingschool.in immediately.

12. Cookies & Analytics

The mydrivingschool website uses minimal cookies necessary for the site to function (e.g., session state for the registration form). We do not use advertising or tracking cookies.

The mobile app does not use cookies. We collect anonymised, aggregated crash reports and usage statistics via Firebase Crashlytics and Firebase Analytics to improve the app. This data cannot be used to identify individual users.

You may opt out of Firebase Analytics data collection by adjusting your device's advertising settings or by contacting us.

RevenueCat may use anonymised device identifiers for subscription validation. No personally identifiable information is shared with RevenueCat for advertising purposes.

13. International Data Transfers

We are an India-based service and store data primarily in India via Google Firebase. However, some of our third-party service providers (listed in Section 6) operate global infrastructure and may process data outside of India, including in the United States and the European Union.

Where such transfers occur, they are governed by:

We only use service providers that maintain adequate data protection standards. For details on how specific providers handle cross-border transfers, refer to their respective privacy policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated to School Owners via their registered email address at least 14 days before they take effect.

The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the Platform after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, requests, or grievances: