Privacy Policy

Last Updated: March 5, 2026

1. Introduction

Welcome to Ark (अर्क), an AI-native School Operating System developed and operated by Bright Hustle Private Limited ("we," "us," "our," or "the Company"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform.

Important: Ark is a platform designed for schools, colleges, universities, individual educators, and coaching institutes ("Institutions"). The Institutions create accounts for their users (students, teachers, and staff). All user data is owned and controlled by the respective Institution, not by Bright Hustle Private Limited.

By accessing or using the Ark platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Information Provided by Institutions

Institutions that use Ark provide the following types of information:

  • User Account Information: Names, email addresses, phone numbers, student/staff IDs, roles, and authentication credentials
  • Academic Data: Attendance records, examination marks, report cards, timetables, homework, classwork, assignments, and academic performance metrics
  • Administrative Data: Admission records, fee collection data, salary information, leave management, ID card details, certificates, and documents
  • Communication Data: Messages, announcements, circulars, feedback, polls, and communication logs sent through the platform
  • Financial Data: Fee payment records, transaction details, receipts, vendor payments, and reconciliation data
  • Biometric and Attendance Data: Time-stamped attendance records, location data (if applicable), and related metadata

2.2 Information Collected Automatically

When you use the Ark platform, we automatically collect certain information:

  • Device Information: Device type, operating system, browser type, IP address, and device identifiers
  • Usage Data: Pages accessed, features used, time spent on platform, click patterns, and navigation paths
  • Log Data: Server logs, error reports, API calls, and system performance metrics
  • Cookies and Tracking Technologies: Session cookies, authentication tokens, and analytics cookies

2.3 Third-Party Integrations

If Institutions enable third-party integrations (payment gateways, SMS providers, email services, WhatsApp Business API), those services may collect additional information as governed by their respective privacy policies.

3. Data Ownership and Control

Critical Distinction: All user data, academic records, financial information, and communications stored on the Ark platform are owned and controlled by the Institution, not by Bright Hustle Private Limited. We act solely as a data processor on behalf of the Institution.

3.1 Institution's Responsibilities

  • Institutions are the data controllers and are responsible for complying with applicable data protection laws
  • Institutions determine what data is collected, how it is used, and who has access to it
  • Institutions are responsible for obtaining necessary consents from students, parents, teachers, and staff
  • Institutions must establish their own privacy policies for users

3.2 Our Role as Data Processor

  • We process data only on behalf of and as instructed by the Institution
  • We implement technical and organizational measures to protect data
  • We do not use Institution data for our own purposes (except as required to provide and improve the service)
  • We do not sell or share Institution data with third parties for marketing purposes

4. How We Use Information

4.1 Service Delivery

  • To provide, operate, and maintain the Ark platform
  • To process academic, administrative, and financial transactions
  • To enable communication between Institutions, students, parents, and staff
  • To generate reports, analytics, and insights for Institutions
  • To provide AI-powered features such as question paper generation, automated grading, and predictive analytics

4.2 Platform Improvement

  • To analyze usage patterns and improve platform functionality
  • To develop new features and services
  • To conduct research and development on AI and educational technologies
  • To perform aggregate analytics (using anonymized, non-identifiable data)

4.3 Security and Compliance

  • To detect, prevent, and address fraud, security incidents, and technical issues
  • To enforce our Terms of Service and other policies
  • To comply with legal obligations and respond to lawful requests

4.4 Communication

  • To send service-related notifications, updates, and security alerts
  • To provide customer support and respond to inquiries
  • To send administrative messages on behalf of Institutions

5. Data Sharing and Disclosure

5.1 Within the Institution

Data is shared within the Institution according to role-based access controls defined by the Institution's administrators.

5.2 Service Providers

We may share data with trusted third-party service providers who assist us in operating the platform:

  • Cloud infrastructure providers (AWS, Google Cloud, Microsoft Azure)
  • Payment processing services (for fee collection)
  • Communication services (SMS, email, WhatsApp Business API)
  • Analytics and monitoring tools
  • Customer support platforms

These service providers are contractually obligated to protect data and use it only for the purposes we specify.

5.3 Legal Requirements

We may disclose information if required to do so by law or in response to valid requests by public authorities, including:

  • Compliance with legal obligations (court orders, subpoenas, warrants)
  • Protection of our rights, property, or safety, or that of users
  • Investigation of fraud, security incidents, or policy violations
  • National security or law enforcement requirements

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, user data may be transferred to the successor entity, subject to this Privacy Policy.

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify individuals for research, analytics, or marketing purposes.

6. Data Security

We implement industry-standard security measures to protect data from unauthorized access, alteration, disclosure, or destruction:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
  • Infrastructure Security: Secure cloud hosting with regular security audits and vulnerability assessments
  • Data Backups: Regular automated backups with secure storage and disaster recovery procedures
  • Monitoring: Continuous monitoring for security incidents and anomalous activities
  • Employee Training: Regular security awareness training for all personnel
  • Incident Response: Documented incident response procedures and breach notification protocols

Note: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet or stored on our systems.

7. Data Retention

Data retention periods are determined by the Institution's policies and applicable legal requirements:

  • Active User Data: Retained for the duration of the user's enrollment or employment with the Institution
  • Academic Records: Retained according to the Institution's record retention policies and regulatory requirements
  • Financial Records: Retained for periods required by tax and accounting regulations (typically 7-10 years)
  • Communication Logs: Retained for periods specified by the Institution
  • System Logs: Retained for 90 days for security and troubleshooting purposes

Upon termination of an Institution's account, we will delete or anonymize all data within 90 days, unless longer retention is required by law or for legitimate business purposes (e.g., dispute resolution, fraud prevention).

8. User Rights

Important: Because Institutions own and control user data, requests for data access, correction, or deletion must be directed to your Institution, not to Bright Hustle Private Limited.

8.1 Rights You May Have

Depending on your jurisdiction, you may have the following rights:

  • Access: Request access to your personal data
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal and contractual obligations)
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to certain types of data processing
  • Restriction: Request restriction of processing in certain circumstances
  • Withdrawal of Consent: Withdraw previously given consent (where processing is based on consent)

8.2 How to Exercise Your Rights

Contact Your Institution: For any requests related to your personal data, please contact your school, college, university, or coaching institute's administration. They are the data controller and can assist you with your requests.

Account Deletion: To delete your user account, you must submit a request to your Institution's administration. We cannot delete individual user accounts without authorization from the Institution.

9. Children's Privacy

Ark is used by educational institutions to manage data for students of all ages, including children under 13 years (or the applicable age in your jurisdiction).

  • We do not knowingly collect personal information directly from children without parental consent
  • Institutions are responsible for obtaining necessary parental consents before creating accounts for minor students
  • Parents/guardians should contact their Institution to review, modify, or delete their child's information
  • We comply with applicable children's privacy laws, including COPPA (USA) and similar regulations

10. International Data Transfers

Ark is operated from India. If you access the platform from outside India, your data may be transferred to, stored, and processed in India or other countries where our service providers operate.

These countries may have data protection laws that differ from those in your jurisdiction. By using Ark, you consent to the transfer of your information to countries outside your country of residence.

We implement appropriate safeguards (such as standard contractual clauses, data processing agreements, and encryption) to protect data transferred internationally.

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

  • Essential Cookies: Required for platform functionality, authentication, and security
  • Performance Cookies: Collect information about how users interact with the platform
  • Functional Cookies: Remember user preferences and settings
  • Analytics Cookies: Help us understand usage patterns and improve the platform

11.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the platform.

12. Third-Party Links and Services

The Ark platform may contain links to third-party websites, applications, or services (e.g., payment gateways, video conferencing tools). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

13. AI and Automated Decision-Making

Ark uses AI-powered features such as:

  • Question paper generation and content recommendations
  • Automated grading and evaluation assistance
  • Predictive analytics for student performance
  • Communication drafting and smart notifications

These AI features are designed to assist educators and administrators, not replace human judgment. Institutions retain full control over final decisions affecting students, staff, and academic outcomes.

14. Our Responsibilities and Limitations

14.1 Platform Maintenance

Bright Hustle Private Limited is responsible for:

  • Maintaining the Ark platform and ensuring it operates without critical bugs
  • Implementing security measures to protect data
  • Providing technical support to Institutions
  • Regular updates and improvements to the platform

14.2 Limitations of Liability

We are NOT responsible for:

  • How Institutions use the platform or manage user data
  • Accuracy or completeness of data entered by Institutions
  • Compliance with local laws by Institutions
  • Disputes between Institutions and their users
  • Data breaches resulting from Institution's negligence or unauthorized access by Institution users

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. We will notify Institutions of material changes via:

  • Email notification to registered administrators
  • Prominent notice on the platform
  • Updated "Last Updated" date at the top of this policy

Continued use of the platform after changes become effective constitutes acceptance of the updated Privacy Policy.

16. Compliance with Indian Laws

Ark complies with applicable Indian data protection and privacy laws, including:

  • Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Digital Personal Data Protection Act, 2023 (when applicable)
  • Other applicable regulations governing educational institutions and data privacy

Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Bright Hustle Private Limited

Email: privacy@brighthustle.in

Phone: +91 88274 70170

Address: India

For data access, correction, or deletion requests, please contact your Institution's administration directly.