Privacy Policy

Genzzi ("we", "us", or "our") is a learning management platform that connects students with structured courses, assignments, and certifications. This Privacy Policy describes how we collect, use, and protect your personal data when you access or use our services.

By creating an account or using Genzzi, you agree to the practices described here. If you do not agree, please do not use our platform.

We collect data in three ways: what you give us directly, what we record automatically when you use the platform, and what we derive from your activity.

We use your data for the following purposes:

• ·Authentication & access control — verifying your identity, assigning your role (Student, Staff, or Admin), and protecting your account from unauthorised access.
• ·Course delivery — enrolling you in courses, tracking progress, distributing assignments and projects, and recording grades.
• ·Certification — generating and issuing verifiable certificates of completion tied to your student profile.
• ·Platform notifications — sending you alerts about enrollment updates, reviewed submissions, released marks, and certificate availability.
• ·Security & audit — detecting suspicious device activity, maintaining audit logs, and revoking compromised sessions.
• ·Platform improvement — aggregated, anonymised usage analytics to improve features and performance.

We never use your data to build advertising profiles or sell targeting information to third parties.

All data is stored in a PostgreSQL database managed on infrastructure with encryption at rest and in transit (TLS 1.2+).

• ·Passwords are never stored — we use OAuth flows. Refresh tokens are stored as salted hashes, not raw values.
• ·Device fingerprints are used solely to detect new and potentially fraudulent logins — not to track you across the web.
• ·Sessions use short-lived access tokens (JWT) paired with rotating refresh tokens. Revoked tokens are flagged immediately.
• ·File attachments (submission uploads, syllabus PDFs) are stored in a secured object store with per-object access keys.

In the unlikely event of a data breach affecting your personal information, we will notify affected users within 72 hours and report to the relevant authority where required by law.

Genzzi uses HttpOnly cookies to store session identifiers securely. These cookies are not accessible to JavaScript running in your browser, which protects against XSS attacks.

• ·Session cookie — carries your refresh token. Expires when you log out or after 30 days of inactivity.
• ·CSRF token cookie — a SameSite-protected token to prevent cross-site request forgery.

We do not use third-party tracking cookies or advertising pixels. There is no Google Analytics, Facebook Pixel, or similar tracking on the platform.

We do not sell, rent, or trade your personal data. We share it only in these limited circumstances:

• ·Within Genzzi — Staff assigned to a course can see the names and submission records of enrolled students in that course only.
• ·Service providers — Infrastructure vendors (database hosting, object storage) who are contractually bound not to use your data for their own purposes.
• ·Legal obligations — If required by law, court order, or government authority to disclose information.
• ·Business transfers — In a merger or acquisition, your data may transfer to the new entity under the same protections.

We retain your data for as long as your account is active or as needed to provide services.

• ·Account data — kept until you request deletion, subject to a 30-day grace period.
• ·Audit logs — retained for 12 months to support security investigations and compliance.
• ·Expired session tokens — purged within 7 days of expiry.
• ·Certificates — retained indefinitely unless revoked, as they serve as verifiable credentials.
• ·Deleted accounts — a soft-delete flag is set immediately; hard deletion of personal data occurs within 30 days.

Depending on your location, you may have the following rights under applicable data protection law (including GDPR and similar frameworks):

To exercise any of these rights, email support@genzzi.in. We will respond within 30 days.

Genzzi is intended for users aged 13 and above. We do not knowingly collect personal data from children under 13. If a parent or guardian believes their child has created an account without consent, contact us at support@genzzi.in and we will delete the account immediately.

For users between 13 and 18, we recommend parental oversight. Certain features — such as profile visibility to Staff — are limited for minor accounts.

We may update this policy to reflect changes in our practices or applicable law. When we make material changes, we will:

• ·Update the "Last updated" date at the top of this page.
• ·Send a platform notification to all registered users at least 14 days before the change takes effect.
• ·For significant changes, request re-acknowledgement at next login.

Continued use of Genzzi after the effective date constitutes acceptance of the updated policy.

Questions or concerns about this Privacy Policy? Reach us through any of these channels: