Privacy Policy

1. Introduction and Scope

Welcome to beGalileo! Your privacy is important to us, and we are committed to protecting your personal data. This Privacy Policy describes how CarveNiche Technologies Private Limited ("Company," "we," "our," or "us"), operating under the brand name beGalileo, collects, uses, and discloses your personal information when you use our website, mobile applications, live class platform, and other services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including parents, students, teachers, school administrators, and other stakeholders. It governs data collected through our website (www.begalileo.com), mobile applications (iOS and Android), live class platform, self-learning platform, and any related services.

This Privacy Policy is designed to comply with applicable global privacy standards, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Children's Online Privacy Protection Act (COPPA), India's Information Technology Act and SPI Rules, and other applicable data protection regulations. By accessing or using our Services, you agree to this Privacy Policy. If you do not agree, please do not use our Services.

2. Data We Collect

2.1 Parent / Guardian Account Data

When a parent or guardian registers on beGalileo, we collect: name, email address, phone number, password, country, time zone, and preferred communication channel. If you make a purchase, we also collect billing details such as your name, billing address, and payment instrument identifiers (we do not store full credit or debit card numbers — these are processed by our payment service providers).

2.2 Student Data

Students cannot create accounts independently. All student accounts are created by and linked to a parent or guardian account. For each student, we collect: name, age, grade level, school name (optional), curriculum (e.g., Common Core, Cambridge, IB, CBSE), and a profile photo (optional). We also collect educational performance data, including diagnostic assessment results, learning path progress, question-level accuracy and speed, homework completion, practice activity, and engagement metrics within the platform.

2.3 Teacher / Instructor Data

If you register as a teacher or instructor, we collect: name, email address, phone number, qualifications, professional background, subject and grade expertise, availability schedule, bank account or payment details for remuneration, tax identification numbers (as required by applicable law), and location and residency details. Teacher performance data — including class quality metrics, attendance records, and student feedback — is also collected and stored.

2.4 School Administrator Data

For schools using beGalileo's school edition, we collect: school name, administrator name and contact details, and any configuration preferences related to the school's usage of the platform.

2.5 Usage Data

We automatically collect data about how you interact with our Services, including: pages visited, features used, time spent on the platform, courses and content accessed, device information (IP address, browser type, operating system, device type, unique device identifiers), click data, search queries, and approximate geographic location (based on IP address). On our mobile applications, we may additionally collect: device model, operating system version, app version, crash logs, push notification tokens, and usage analytics.

2.6 Live Class Data

During live one-on-one classes conducted through our platform, we collect and store audio-video recordings, whiteboard interaction logs, chat messages, session duration, and participation metrics including talk-time data. These recordings are made using our custom browser-based recording system. Please refer to Section 8 (Live Classes and Recordings) for details on consent, storage, and retention of this data.

2.7 Third-Party Data

We may receive limited information from external sources, including social media platforms (when you use social login), payment processors, analytics services, advertising platforms, and educational technology integrations such as Google Classroom. The specific data received depends on your settings with those third-party services.

2.8 Communications Data

If you contact us for support, provide feedback, or communicate with us through any channel (including email, phone, chat, or messaging platforms), we collect and store the content of those communications along with associated metadata such as date, time, and communication channel.

3. How We Collect Data

We gather data through the following channels:

Direct interactions: When you register, subscribe, purchase services, enrol a child, book a trial class, participate in events or promotions, complete surveys, or communicate with our team.

Automated collection: Through cookies, log files, web beacons, pixels, and similar tracking technologies when you use our website or applications. See Section 10 (Cookies and Tracking Technologies) for details.

Third-party sources: From social login providers (e.g., Google Sign-In), payment processors, analytics services, advertising networks, and educational technology integrations when you connect these services to your beGalileo account.

Mobile applications: Our iOS and Android apps may request permissions for camera and microphone access (required for live classes), push notifications, and device storage. You can manage these permissions through your device settings.

4. How We Use Your Data

We use the data we collect for the following purposes:

Service delivery: To provide and administer our learning platform, including account setup, course delivery, adaptive learning path generation, diagnostic assessments, live class scheduling, and homework and practice management.

Payment processing: To process purchases, subscriptions, renewals, and refunds through our payment service providers.

Communication: To send account-related notifications, learning progress updates, class reminders, promotional offers (which you may opt out of), and customer support responses. We may communicate through email, push notifications, SMS, or messaging platforms.

Quality assurance: To audit and improve teacher performance by reviewing class recordings, analysing student feedback, and monitoring engagement metrics.

Product improvement: To analyse usage patterns, identify bugs, develop new features, improve our adaptive learning algorithms, and enhance the overall user experience.

Personalisation: To customise content, recommendations, and learning paths based on student performance and preferences.

Safety and security: To detect and prevent fraud, abuse, and unauthorised access, and to ensure the safety of our users, particularly children.

Legal compliance: To comply with applicable laws, regulations, legal processes, and enforceable governmental requests.

Marketing and advertising: To serve relevant advertisements through third-party advertising networks using de-identified data. We do not use children's personal data for advertising purposes.

5. Sharing Your Data

We may share your data under the following circumstances. We do not sell or rent personal information under any circumstances.

With teachers and instructors: Teachers assigned to your child receive necessary information for course management, including student name, grade, curriculum, learning progress, and performance data.

With school administrators: For the school edition of beGalileo, we share student performance reports and usage data with authorised school administrators.

With payment service providers: We share billing data with our payment processing partners to facilitate transactions. These providers are contractually required to use your data solely for processing payments on our behalf.

With service providers: We engage third-party companies that perform services on our behalf, including cloud hosting providers, communication service providers (for live classes and messaging), analytics firms, email delivery services, and customer support tools. These providers access your data only as needed to perform their functions and are bound by confidentiality obligations.

With advertising partners: We may share de-identified or aggregated data with advertising networks to improve marketing effectiveness. We never share children's personal data with advertising partners.

For legal compliance: We may disclose data to law enforcement or regulatory bodies when required by law, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

During business transitions: In the event of a merger, acquisition, corporate restructuring, or sale of assets, your data may be transferred to the successor organisation. We will notify you of any such change.

Google Classroom data is subject to additional restrictions as described in Section 6 and is not shared with advertising partners or any third parties beyond what is necessary to deliver our Services.

6. Google Classroom Integration

beGalileo integrates with Google Classroom to help teachers set up and manage their classes efficiently. When a teacher chooses to connect their Google Classroom account, we access the following data through Google's APIs:

Profile information: Name and email address of the authenticated teacher.

Course data: List of classes and courses the teacher has created in Google Classroom.

Roster data: Names and email addresses of students enrolled in those classes.

Purpose of access: We use this data solely to allow teachers to import their existing Google Classroom rosters into the beGalileo platform, eliminating the need for manual class setup. This data is used exclusively to deliver and improve our educational services.

Storage and retention: Google Classroom data is stored on our secure servers (encrypted at rest and in transit) and is retained only as long as the teacher's beGalileo account is active and the integration remains connected. Upon disconnection or account deletion, imported Classroom data is deleted within 30 days.

Revoking access: Teachers can disconnect Google Classroom from their beGalileo account at any time through their account settings. Additionally, access can be revoked directly from Google Account Permissions. Upon revocation, we stop accessing any new data and delete previously imported Classroom data within 30 days.

Compliance: beGalileo's use of Google Classroom data complies with the Google API Services User Data Policy, including the Limited Use requirements.

7. Children's Data Protection

beGalileo is an educational platform designed for children from Kindergarten through Grade 10. We take children's privacy extremely seriously and strictly adhere to the Children's Online Privacy Protection Act (COPPA), GDPR provisions for children's data (GDPR-K), and other applicable child data protection regulations.

7.1 Parental Consent and Account Structure

Children cannot create accounts independently on beGalileo. All student accounts must be created by a parent or legal guardian. The parent's account serves as the primary account, and all student accounts are linked to and supervised through the parent's account. By creating a student account for their child, the parent provides verifiable consent for us to collect and use the child's data as described in this policy.

7.2 Data We Collect from Children

We collect only the data necessary to provide our educational services. For children, this includes: first name, age, grade level, school name (optional), curriculum, learning performance data (assessment scores, practice activity, question-level accuracy), and audio-video recordings during live classes (with parental consent).

7.3 How We Use Children's Data

Children's data is used exclusively for educational purposes: to deliver personalised learning paths, generate progress reports for parents and teachers, facilitate live classes, and improve our educational content and platform. We do not use children's personal data for advertising, marketing, or any non-educational purpose.

7.4 Parental Rights

Parents and guardians have the right to: review the personal information we have collected about their child; request correction of inaccurate data; request deletion of their child's data; refuse to permit further collection or use of their child's data; and withdraw consent at any time. To exercise any of these rights, contact us at contact@begalileo.com. We will respond within 30 days.

7.5 Third-Party Access to Children's Data

We do not share children's personal data with third parties except as strictly necessary to deliver our Services (e.g., with assigned teachers, cloud hosting providers for data storage, and communication service providers for live classes). We never share children's data with advertising networks or data brokers.

8. Live Classes and Recordings

8.1 Recording and Consent

All live one-on-one classes conducted on the beGalileo platform are recorded. Recording is performed using our custom browser-based recording system and stored securely with our cloud hosting provider. By enrolling in live classes, parents consent to the recording of their child's sessions. A visual indicator is displayed during class to confirm that recording is in progress.

8.2 What We Record

We record: audio and video streams of both the teacher and student, whiteboard interactions and annotations, chat messages exchanged during the session, and session metadata including duration, timestamps, and participation metrics (including talk-time data collected via real-time audio stream analysis).

8.3 Purpose of Recording

Class recordings are used for: quality assurance and teacher performance evaluation, resolving disputes or complaints about class quality, training and improvement of teaching methods, and compliance auditing. Recordings are not used for advertising or shared with any third party not directly involved in service delivery.

8.4 Retention

Class recordings are securely stored and automatically deleted after three (3) months from the date of the class. Metadata and performance summaries derived from recordings may be retained longer for reporting and product improvement purposes, but in de-identified form only.

8.5 Compliance with Two-Party Consent Laws

Certain jurisdictions (including California, Illinois, and other US states) require all-party consent to record conversations. By enrolling in and participating in live classes, all participants (parent on behalf of the student, and the teacher) consent to recording. This consent is obtained at the time of account creation and class enrollment.

9. AI-Powered Features

beGalileo uses artificial intelligence and machine learning technologies to enhance our educational services. These include:

Adaptive learning: Our platform uses algorithms to analyse student performance and dynamically adjust learning paths, question difficulty, and content recommendations to match each student's level and pace.

AI-powered hints: When students encounter difficulty, our system may generate contextual hints using AI. The AI provides guidance to support problem-solving but does not provide direct answers.

Automated quality analysis: We use AI to analyse class recordings and transcriptions for the purpose of evaluating teaching quality and identifying areas for improvement. This processing is performed on our secure servers and is not shared externally.

Diagnostic assessments: Our MIDAS diagnostic assessment uses algorithmic analysis to evaluate student strengths and learning gaps and generate personalised reports for teachers.

AI processing of children's data is performed exclusively for educational purposes and in compliance with COPPA and other applicable regulations. We do not use AI to profile children for advertising or non-educational purposes. Parents may contact us at any time to enquire about how AI is used in connection with their child's data.

10. Cookies and Tracking Technologies

Our website and applications use cookies and similar tracking technologies to personalise your experience, analyse usage, and support our marketing efforts. The types of cookies we use include:

Essential cookies: Required for the basic functioning of our Services, including authentication, session management, and security. These cannot be disabled without losing access to core functionality.

Functional cookies: Remember your preferences such as language, region, and display settings to provide a more personalised experience.

Analytics cookies: Help us understand how users interact with our Services by collecting data such as pages visited, time spent, and navigation paths. We use third-party analytics services to process this data.

Advertising cookies: Used by third-party advertising networks to serve relevant advertisements based on your browsing activity. These cookies are not placed on pages or features accessed by children.

You can manage your cookie preferences through your browser settings. Disabling cookies may affect the functionality of our Services. For mobile applications, you can manage tracking permissions through your device's operating system settings.

11. Security Measures

We implement robust technical and organisational security measures to protect your personal data, including:

Encryption: All data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption algorithms.

Access controls: Access to personal data is restricted to authorised personnel on a need-to-know basis. All staff with access to personal data are bound by confidentiality obligations.

Secure payment processing: Payment information is handled by PCI-DSS compliant payment service providers. We do not store full credit or debit card numbers on our servers.

Infrastructure security: Our services are hosted on enterprise-grade cloud infrastructure with regular security audits, vulnerability assessments, and monitoring.

Incident response: In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities as required by applicable law, without undue delay.

While we take all reasonable precautions, no system can guarantee 100% security. We encourage you to protect your account by using a strong password and not sharing your login credentials.

12. Your Rights

12.1 GDPR (EU and UK Users)

If you are located in the European Union or the United Kingdom, you have the right to: access your personal data and obtain a copy; rectify inaccurate or incomplete data; erase your data ("right to be forgotten"); restrict processing of your data; data portability (receive your data in a structured, machine-readable format); object to processing based on legitimate interests; and withdraw consent at any time. To exercise these rights, contact us at contact@begalileo.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

12.2 CCPA (California Users)

If you are a California resident, you have the right to: know what personal information we collect, use, and disclose about you; request deletion of your personal information; opt out of the sale of personal information (we do not sell personal information); and non-discrimination for exercising your CCPA rights. To exercise these rights, email contact@begalileo.com with the subject line "California Privacy Request."

12.3 Indian Law (IT Act and SPI Rules)

Users in India have the right to access and correct their personal data, and to withdraw consent for data processing. In accordance with the Information Technology Act, 2000 and the SPI Rules, we have designated a Grievance Officer who can be contacted at contact@begalileo.com. Grievances will be addressed within 30 days of receipt.

12.4 All Users

Regardless of your jurisdiction, you may at any time: opt out of promotional communications using the unsubscribe link in any marketing email or by contacting us; request a copy of your data; request correction of inaccurate data; or request deletion of your account and associated data. Note that some data may be retained as required by law or for legitimate business purposes even after account deletion.

13. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required by law. Our general retention practices are as follows:

Account data: Retained for the duration of your active account, plus up to 12 months after account deletion to support any pending matters or disputes.

Student performance data: Retained for the duration of the active account. Upon account deletion, performance data is anonymised for aggregate analysis or deleted within 90 days.

Live class recordings: Automatically deleted after 3 months from the date of the class.

Payment records: Retained for the period required by applicable tax and financial regulations (typically 5–7 years).

Google Classroom data: Deleted within 30 days of disconnection or account deletion.

Communication logs: Retained for up to 24 months for customer support quality purposes.

14. International Data Transfers

beGalileo is operated by CarveNiche Technologies Private Limited, headquartered in Bangalore, India. Our servers and infrastructure are located in India and the United States. Regardless of your location, your data may be transferred to, stored in, and processed in India and the United States.

Our teachers are based in India and access student data (including data of students located in the US, Canada, and the Middle East) to deliver live classes and monitor student progress. This constitutes a cross-border transfer of data.

For users in the EU/EEA and UK, we ensure that such transfers are made in compliance with GDPR by relying on appropriate safeguards, including standard contractual clauses approved by the European Commission. By using our Services, you consent to the transfer, storage, and processing of your data in India and the United States as described in this policy.

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through a prominent notice on our website, an in-app notification, or an email to the address associated with your account. The "Last Updated" date at the top of this policy will be revised accordingly.

We encourage you to review this Privacy Policy periodically. Continued use of our Services after changes become effective constitutes your acceptance of the revised policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-specific enquiries or to exercise your rights under EU data protection law, you may also contact our Data Protection point of contact at the same email address.

By using beGalileo, you acknowledge and agree to this Privacy Policy. If you do not consent, please discontinue use of our Services.