For students, parents & guardians

Your child's data, explained simply

We wrote this page for parents โ€” not lawyers. No 40-page legalese. Just clear answers to the questions you actually have.

๐Ÿšซ

We never sell student data โ€” not to advertisers, not to anyone

๐Ÿ”

Data encrypted in transit and at rest (TLS + AES-256)

๐Ÿ”’

DPDPA 2023 compliant โ€” India's student data protection law

What information do we collect?

We collect the minimum needed to make the platform work.

First nameUsed to personalise results and display on the teacher's class roster.
Email addressUsed for login and to send score reports. Students under 13 can skip this โ€” a teacher-issued code works instead.
Class / schoolSo teachers can assign the right tests and see class-level results.
Test answers & scoresThe core of the product. Stored to show performance trends, reports, and achievements.

We do not collect: home address, phone number, Aadhaar, payment details of students, or any biometric data.

Who can see your child's data?

Their teacher

Can see / do

  • See test scores and topic-wise performance
  • See name on class roster
  • See if the test was submitted or pending

Cannot see / do

  • ร—See the student's email address
  • ร—See scores from other teachers' tests
  • ร—Export a full data dump

Other students

Can see / do

  • See a first-name-only leaderboard (optional, can be hidden)

Cannot see / do

  • ร—See scores, answers, or any personal details of other students

Platform admins (us)

Can see / do

  • Access data only to fix bugs or investigate abuse reports

Cannot see / do

  • ร—Share data with third parties
  • ร—Use student data for advertising

Parents / guardians

Can see / do

  • View their child's score history, weak topics, and streak via the Parent Portal

Cannot see / do

  • ร—See other students' data

Parental consent โ€” under-13 students

For self-registering students in Class 7 or below (typically under 13), we require parental consent before the account is activated.

This is determined automatically by the class the student selects at signup โ€” no self-declaration or date of birth needed. We send a one-click approval link to the parent email provided. The account stays inactive until the parent approves โ€” no personal data is processed until consent is confirmed.

Teachers who create emailless accounts for whole-class use on behalf of students take institutional responsibility for consent, in the same way a school does when purchasing any edtech tool.

Students without email accounts

Many students โ€” especially in Classes 5โ€“8 โ€” don't have personal email addresses. Teachers can create accounts for their whole class without requiring any email from students. Here's how it works:

  1. 1Teacher adds student names to their class on The Crisp.
  2. 2The system generates a placeholder internal address (never used for emails) and a one-time printable login code.
  3. 3Teacher prints the credential card and hands it to the student.
  4. 4Student logs in with their first name + code. No email required.
  5. 5If the student later wants to add a real email (to receive score reports), they can do so in their profile.

Deleting an account

Students can request account deletion at any time from their Profile โ†’ Delete my account page. We process deletion requests within 30 days.

What gets deleted: name, email, answers, scores, and all personally identifiable information. What gets kept (anonymised): aggregate class-level statistics that teachers rely on for curriculum planning โ€” these have no link to any individual student.

Parents can request deletion on behalf of a minor by emailing us at privacy@thecrisp.in.

How we protect data

Encrypted in transit

All data travels over HTTPS/TLS. No plain-text connections.

Encrypted at rest

Database-level encryption on all stored records.

Row-level security

Database rules enforce that teachers can only read their own classes.

No password storage

We never store raw passwords โ€” only salted hashes via Supabase Auth.

Secure cloud infrastructure

Hosted on Supabase with SOC 2 certification. We are working towards India-region storage as DPDPA guidance is finalised.

No third-party ad tracking

We do not embed Google Ads, Meta Pixel, or any behavioural tracker.

We never sell student data.

Not to advertisers. Not to data brokers. Not to universities. Not to anyone. Student data is used for one purpose: making The Crisp better for students. That's it. This is a promise, not a policy โ€” it's baked into how we make money (subscriptions, not ads).

Third-party tools we use

A short, honest list of the services the platform relies on.

Supabase

Database and authentication. SOC 2 certified. Data encrypted at rest and in transit. ยท Data shared: User accounts and test data.

Razorpay

Payment processing (teacher/school subscriptions only). ยท Data shared: Name and email of payer โ€” no student data.

Resend

Sending transactional emails (score reports, confirmations). ยท Data shared: Email address and first name only.

We do not use Google Analytics, Facebook Pixel, Hotjar, or any other behavioural analytics tool on student-facing pages.

Questions or concerns?

You can reach our privacy team at any time:

Email: privacy@thecrisp.in

Response time: We aim to respond within 48 hours, and resolve all deletion or access requests within 30 days as required by DPDPA 2023.

Grievance Officer (DPDPA): Owner, The Crisp, Pune, Maharashtra.

Last updated: May 2026. Compliant with the Digital Personal Data Protection Act 2023 (India).

This page is the plain-language summary. The full Privacy Policy and Terms of Service are also available.

Still have questions? Our FAQ covers the most common parent concerns.