Your child's data, explained simply
We wrote this page for parents โ not lawyers. No 40-page legalese. Just clear answers to the questions you actually have.
We never sell student data โ not to advertisers, not to anyone
Data encrypted in transit and at rest (TLS + AES-256)
DPDPA 2023 compliant โ India's student data protection law
What information do we collect?
We collect the minimum needed to make the platform work.
We do not collect: home address, phone number, Aadhaar, payment details of students, or any biometric data.
Who can see your child's data?
Their teacher
Can see / do
- See test scores and topic-wise performance
- See name on class roster
- See if the test was submitted or pending
Cannot see / do
- รSee the student's email address
- รSee scores from other teachers' tests
- รExport a full data dump
Other students
Can see / do
- See a first-name-only leaderboard (optional, can be hidden)
Cannot see / do
- รSee scores, answers, or any personal details of other students
Platform admins (us)
Can see / do
- Access data only to fix bugs or investigate abuse reports
Cannot see / do
- รShare data with third parties
- รUse student data for advertising
Parents / guardians
Can see / do
- View their child's score history, weak topics, and streak via the Parent Portal
Cannot see / do
- รSee other students' data
Parental consent โ under-13 students
For self-registering students in Class 7 or below (typically under 13), we require parental consent before the account is activated.
This is determined automatically by the class the student selects at signup โ no self-declaration or date of birth needed. We send a one-click approval link to the parent email provided. The account stays inactive until the parent approves โ no personal data is processed until consent is confirmed.
Teachers who create emailless accounts for whole-class use on behalf of students take institutional responsibility for consent, in the same way a school does when purchasing any edtech tool.
Students without email accounts
Many students โ especially in Classes 5โ8 โ don't have personal email addresses. Teachers can create accounts for their whole class without requiring any email from students. Here's how it works:
- 1Teacher adds student names to their class on The Crisp.
- 2The system generates a placeholder internal address (never used for emails) and a one-time printable login code.
- 3Teacher prints the credential card and hands it to the student.
- 4Student logs in with their first name + code. No email required.
- 5If the student later wants to add a real email (to receive score reports), they can do so in their profile.
Deleting an account
Students can request account deletion at any time from their Profile โ Delete my account page. We process deletion requests within 30 days.
What gets deleted: name, email, answers, scores, and all personally identifiable information. What gets kept (anonymised): aggregate class-level statistics that teachers rely on for curriculum planning โ these have no link to any individual student.
Parents can request deletion on behalf of a minor by emailing us at privacy@thecrisp.in.
How we protect data
Encrypted in transit
All data travels over HTTPS/TLS. No plain-text connections.
Encrypted at rest
Database-level encryption on all stored records.
Row-level security
Database rules enforce that teachers can only read their own classes.
No password storage
We never store raw passwords โ only salted hashes via Supabase Auth.
Secure cloud infrastructure
Hosted on Supabase with SOC 2 certification. We are working towards India-region storage as DPDPA guidance is finalised.
No third-party ad tracking
We do not embed Google Ads, Meta Pixel, or any behavioural tracker.
We never sell student data.
Not to advertisers. Not to data brokers. Not to universities. Not to anyone. Student data is used for one purpose: making The Crisp better for students. That's it. This is a promise, not a policy โ it's baked into how we make money (subscriptions, not ads).
Third-party tools we use
A short, honest list of the services the platform relies on.
Supabase
Database and authentication. SOC 2 certified. Data encrypted at rest and in transit. ยท Data shared: User accounts and test data.
Razorpay
Payment processing (teacher/school subscriptions only). ยท Data shared: Name and email of payer โ no student data.
Resend
Sending transactional emails (score reports, confirmations). ยท Data shared: Email address and first name only.
We do not use Google Analytics, Facebook Pixel, Hotjar, or any other behavioural analytics tool on student-facing pages.
Questions or concerns?
You can reach our privacy team at any time:
Email: privacy@thecrisp.in
Response time: We aim to respond within 48 hours, and resolve all deletion or access requests within 30 days as required by DPDPA 2023.
Grievance Officer (DPDPA): Owner, The Crisp, Pune, Maharashtra.
Last updated: May 2026. Compliant with the Digital Personal Data Protection Act 2023 (India).
This page is the plain-language summary. The full Privacy Policy and Terms of Service are also available.
Still have questions? Our FAQ covers the most common parent concerns.