Privacy Policy

PingLearn ("we", "our", or "us") operates the voice AI tutoring platform at ping-learn.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

We built PingLearn for students in grades 6-12 in India and the United States. Because many of our users are children, we take privacy seriously and have designed our data practices to be minimal, transparent, and compliant with applicable law in each jurisdiction.

Effective Date: March 23, 2026

Contact: privacy@pinglearn.com

We collect only what is necessary to provide the tutoring service:

What we do NOT collect: Location data, social media profiles, browsing history, contacts, photos, or any data beyond what is listed above.

Voice tutoring sessions use real-time audio processing via LiveKit Cloud and Google Gemini AI. Voice audio is processed in real time and is not recorded or stored.

When you speak during a session, your audio is transmitted live to the AI tutoring system to generate a response. The audio itself is discarded immediately after processing. We do not retain voice recordings, voiceprints, or audio files.

What IS stored after a session: AI-generated text notes summarizing the topics discussed. These notes do not contain audio; they are text summaries created by the AI from the session content.

We use your data exclusively to operate and improve the tutoring service:

• •Tutoring: Personalizing lessons to your grade level, subject, and learning history
• •Session notes: Generating and storing AI-created notes accessible to the student and their parent
• •Progress tracking: Maintaining streaks, milestones, and session history to motivate learning
• •Parent/teacher communication: Sending session summaries and progress notifications to linked parents or teachers
• •Safety and compliance: Age verification, parental consent management, and privacy law compliance (DPDP Act & COPPA)
• •Service improvement: Anonymized, aggregated analytics to improve the AI tutoring quality

We never: Sell your data to third parties, use your data for advertising, share your data with unrelated companies, or build advertising profiles from your usage.

PingLearn is designed for students in grades 6-12, including minors. We comply with India's Digital Personal Data Protection (DPDP) Act 2023, the U.S. Children's Online Privacy Protection Act (COPPA), and the California Consumer Privacy Act (CCPA/CPRA) with respect to user data.

To exercise parental rights, contact privacy@pinglearn.com with your child's username and your relationship to the child. We will respond within 5 business days.

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you specific rights regarding your personal information:

• •Right to Know: You have the right to know what personal data we collect, how it is used, and whether it is disclosed or sold.
• •Right to Delete: You can request deletion of your personal data via Settings > Privacy > Delete Account or by emailing privacy@pinglearn.com.
• •Right to Opt-Out of Sale: We do not sell personal data. Period. There is no data sale to opt out of.
• •Right to Non-Discrimination: Exercising your privacy rights will not change the quality or pricing of our service.
• •Verified Requests for Minors: For users under 13, parent identity verification is required before we process data requests.

PingLearn uses the following third-party services to operate. Each service receives only the minimum data required for its function:

We do not use advertising networks, analytics trackers, or any service that builds behavioral profiles for advertising purposes.

We retain your data for as long as your account is active and for a reasonable period after account deletion for legal compliance purposes (typically 30 days).

After deletion, your data is permanently removed from our active databases within 5 business days. Backup copies may persist for up to 30 additional days before being purged.

California residents: Under CCPA, we will respond to verified data access or deletion requests within 45 calendar days. If additional time is needed, we will notify you of the reason and extension period (up to an additional 45 days).

We implement industry-standard security measures to protect your data:

• •Encryption in transit: All data is transmitted over HTTPS/TLS. Voice sessions use encrypted WebRTC connections.
• •Encryption at rest: Database data is encrypted at rest via Supabase (AES-256).
• •Password hashing: Passwords are never stored in plain text; we use industry-standard bcrypt hashing.
• •Access controls: Row-level security ensures each user can only access their own data.
• •CSRF protection: All state-changing API requests include CSRF tokens to prevent cross-site request forgery.
• •Rate limiting: API endpoints are rate-limited to prevent abuse and unauthorized bulk data access.

Despite these measures, no internet service is 100% secure. If you discover a security vulnerability, please disclose it responsibly to privacy@pinglearn.com.

PingLearn provides an AI-powered tutoring service on an "as is" basis. We do not guarantee specific learning outcomes. The AI tutor provides educational guidance based on curriculum content, but parents and teachers should verify critical educational content independently.

PingLearn is not liable for: learning outcomes or academic results, temporary service outages from third-party providers (Supabase, LiveKit, Google), or any indirect or consequential damages arising from use of the service.

Our total liability is limited to the amount paid for the service in the 3 months preceding any claim.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (for registered users) and by updating the effective date at the top of this page.

Continued use of PingLearn after a policy update constitutes acceptance of the updated policy. If you do not agree with the changes, you should discontinue use and delete your account.