Privacy Policy

ItsProvn is operated by Liz Advisors Private Limited (CIN: U70200PN2026PTC254248), a company incorporated under the Companies Act, 2013.

Registered address: Pune, Maharashtra, India.

Contact: support@itsprovn.com

We collect and process the following categories of personal data:

• Account information: name, email address, and/or phone number used for login; role (academy, school, student, or parent).
• Student records: full name, date of birth, grade, school affiliation, academy enrollments, and the credentials (badges) issued to the student.
• Login identifiers: email or phone number; OTP session metadata (timestamp, IP address).
• Payment metadata: order ID, amount, and status via Razorpay. We do not store card numbers or bank account details.
• Usage data: pages visited, features used, and error logs for service improvement. No advertising trackers.

We process your data for the following purposes:

• To create and manage your account.
• To issue, store, and verify digital credentials on behalf of academies and schools.
• To share credentials with parties you have authorised (parents, schools, universities).
• To send transactional notifications: OTP codes, credential issuance alerts, billing confirmations.
• To fulfil legal and regulatory obligations.

We do not use your data for advertising, profiling, or selling to third parties.

ItsProvn is designed for students, many of whom are under 18. We take the following protections seriously:

• Students under 18 may only be enrolled by an academy, school, or parent/guardian with verified authority over the student's records.
• We do not market directly to minors.
• Parents and guardians control the visibility of their child's credentials and may request deletion of their child's data at any time.
• We do not require a student under 18 to create their own account; academies and schools manage records on their behalf.

We share personal data only in the following limited circumstances:

• Academies and schools: can view records of students they have enrolled. They cannot access records of students enrolled by other institutions.
• Parents/guardians: can view credentials for their child once a verified parent-child relationship is established.
• Verifiers: anyone with a public verification link can confirm that a specific credential was issued by a named institution on a named date. No other personal data is exposed via the public verification page.
• Third-party processors (sub-processors): Supabase (database hosting, US/EU regions); Resend (transactional email); MSG91 (SMS, India); Interakt (WhatsApp Business messaging, India); Razorpay (payment processing, India).

We do not sell personal data. Ever.

• Active accounts: data is retained while the account is active.
• Deletion on request: account data is deleted within 30 days of a verified deletion request.
• Credential records (certificates and extracurricular achievement records): retained for 7 years from issuance. After 7 years, credential records may be archived or retained longer at the issuing academy's or school's discretion, since credentials are intended as lifelong achievement records.
• Account deletion: on user request, we permanently delete account and personal data within 30 days, except where law requires longer retention (e.g. tax records under the Income Tax Act, 1961).
• OTP logs: IP address and timestamp logs for OTP sessions are deleted after 90 days.

Under India's Digital Personal Data Protection Act, 2023, you have the following rights:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your data (subject to retention obligations).
• Grievance: raise a complaint with our Grievance Officer.

To exercise any of these rights, email support@itsprovn.com with the subject line "Data Rights Request". We will respond within 30 days.

We are also aware of similar rights under the EU General Data Protection Regulation (GDPR) for users in EU member states, including families at international IB schools. The above rights apply equally to such users.

Grievance Officer
ItsProvn (Liz Advisors Private Limited)

Email: support@itsprovn.com, subject line: "Privacy Grievance"

Address: Pune, Maharashtra, India

Response time: We will acknowledge your grievance within 48 hours and resolve it within 30 days, in line with Section 8(10) of the Digital Personal Data Protection Act, 2023.

Data storage location: Your personal data is stored in Supabase's Mumbai (ap-south-1) region, located within India. We have selected this region specifically to keep primary data storage within Indian borders.

Limited operational metadata (such as authentication tokens and error logs) may transit through providers' global infrastructure under contractual data protection commitments equivalent to or stronger than the DPDP Act 2023.

Our transactional email provider (Resend) operates infrastructure in the United States. We require Resend to maintain contractual data protection commitments consistent with applicable law, and only the minimum data necessary for email delivery (recipient address, subject, body) is transmitted.

ItsProvn uses only essential session cookies required for login and authentication. We do not use advertising cookies, tracking pixels, or third-party analytics scripts. You cannot meaningfully use the service without session cookies, so we do not offer a cookie opt-out for essential cookies.

If we make material changes to this policy, we will notify registered users by email at least 14 days before the changes take effect. Continued use of ItsProvn after that date constitutes acceptance of the revised policy.