Privacy Policy

Effective date: 22 May 2026

KISS LMS ("KISS LMS", "we", "us" or "our") is committed to protecting the privacy of every person who uses our website, mobile applications and related services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, store, share and protect your personal data, and the rights available to you.

This Privacy Policy is published in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, as amended from time to time.

By accessing or using the Platform, or by providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use and processing of your personal data as described herein. If you do not agree, please do not use the Platform.

1. Definitions

"Personal Data" means any data about an individual who is identifiable by or in relation to such data.
"Data Principal" means the individual to whom the personal data relates (i.e. you). Where the individual is a child, it includes the parents or lawful guardian.
"Data Fiduciary" means the person who, alone or with others, determines the purpose and means of processing personal data — in this Policy, KISS LMS.
"Sensitive Personal Data or Information" (SPDI) means information such as passwords, financial information, health information and other categories specified under the IT Rules, 2011.
"Processing" means any operation performed on personal data, including collection, recording, storage, use, sharing, disclosure or erasure.

2. Information We Collect

We collect the following categories of personal data:

Account & identity data: name, email address, phone number, password (stored in hashed form), profile photograph and date of birth.
Educational data: courses enrolled, lesson and quiz progress, exam attempts, scores, certificates, assignments and submissions.
Transaction data: purchase history, invoices, billing address and GST details. Card and bank details are processed directly by our payment gateway partners and are not stored by us.
Technical data: IP address, device identifiers, browser type, operating system, app version, log data, cookies and similar technologies.
Communications: messages, support tickets, feedback and correspondence you send to us.
Data from third parties: where you sign in using Google or Microsoft, we receive basic profile information (name, email) from those providers.

3. How We Collect Information

We collect personal data when you register an account, enrol in or purchase a course, attempt a quiz or exam, contact our support team, subscribe to communications, or otherwise interact with the Platform. Some technical data is collected automatically through cookies and similar technologies — see our Cookie Policy.

4. Purpose and Legal Basis of Processing

We process your personal data on the basis of the consent you provide, and, where applicable, for certain legitimate uses permitted under the DPDP Act. We use your data to:

create and administer your account and authenticate you;
deliver courses, track learning progress and issue certificates;
process payments, issue invoices and comply with tax obligations;
provide customer support and respond to your queries;
send service-related communications, updates and, with your consent, marketing communications;
improve, personalise and secure the Platform, and detect and prevent fraud or misuse;
comply with applicable laws and respond to lawful requests from authorities.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform. For details on the cookies we use and how you can control them, please read our Cookie Policy.

6. Sharing and Disclosure of Information

We do not sell your personal data. We may share it with:

Service providers / Data Processors who perform services on our behalf — such as cloud hosting, payment processing, email and SMS delivery, analytics and customer support — under contractual obligations of confidentiality and security;
Institutes and instructors on the Platform, to the extent necessary to deliver the courses you enrol in;
Legal and regulatory authorities, where disclosure is required by law, court order or to protect our rights, users or the public; and
Successor entities, in connection with a merger, acquisition or reorganisation, subject to this Privacy Policy.

7. Data Security

We implement reasonable security practices and procedures as required under Section 8 of the DPDP Act and the IT Rules, 2011. These include encryption in transit, hashed storage of passwords, access controls, network safeguards and periodic security reviews. While we strive to protect your data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required to comply with legal, accounting or regulatory obligations. When your data is no longer required and no legal obligation requires its retention, we will erase it or anonymise it.

9. Your Rights as a Data Principal

Subject to the DPDP Act, you have the right to:

access a summary of the personal data we process about you and the processing activities;
correction, completion and updating of inaccurate or incomplete personal data;
erasure of your personal data where it is no longer necessary for the purpose for which it was collected;
withdraw consent at any time (withdrawal does not affect processing carried out before withdrawal);
grievance redressal through the channels described below; and
nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any of these rights, contact our Grievance Officer using the details in Section 13.

10. Children's Data

The Platform is intended for users who are 18 years of age or older. Where we knowingly process the personal data of a child (a person below 18 years) or a person with a lawful guardian, we will obtain verifiable consent from the parent or lawful guardian, and we will not undertake processing likely to cause any detrimental effect on the well-being of the child, nor carry out tracking, behavioural monitoring or targeted advertising directed at children.

11. Third-Party Links and Services

The Platform may contain links to, or integrate with, third-party websites and services (such as payment gateways, video providers and meeting providers). We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies.

12. Transfer of Data

Your personal data is primarily stored and processed on servers located in India. Where personal data is transferred to or processed in a country outside India, we will do so only to the extent permitted under the DPDP Act and applicable law, and with appropriate safeguards in place.

13. Grievance Officer / Data Protection Officer

In accordance with the IT Act, the IT Rules, 2021 and the DPDP Act, the contact details of our Grievance Officer are:

Name: [Grievance Officer Name]
Designation: Grievance Officer, KISS LMS
Email: [email protected]
Address: [Registered Office Address, City, State, PIN]

The Grievance Officer will acknowledge your complaint within 24 hours and endeavour to resolve it within 15 days of receipt. If you are not satisfied with our response, you may make a complaint to the Data Protection Board of India as provided under the DPDP Act.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law or our practices. The revised policy will be posted on this page with an updated effective date. Your continued use of the Platform after such changes constitutes acceptance of the revised policy.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at [email protected] or write to KISS LMS, [Registered Office Address, City, State, PIN].

Effective date: 22 May 2026

1. Definitions

"Personal Data" means any data about an individual who is identifiable by or in relation to such data.
"Data Principal" means the individual to whom the personal data relates (i.e. you). Where the individual is a child, it includes the parents or lawful guardian.
"Data Fiduciary" means the person who, alone or with others, determines the purpose and means of processing personal data — in this Policy, KISS LMS.
"Sensitive Personal Data or Information" (SPDI) means information such as passwords, financial information, health information and other categories specified under the IT Rules, 2011.
"Processing" means any operation performed on personal data, including collection, recording, storage, use, sharing, disclosure or erasure.

2. Information We Collect

We collect the following categories of personal data:

Account & identity data: name, email address, phone number, password (stored in hashed form), profile photograph and date of birth.
Educational data: courses enrolled, lesson and quiz progress, exam attempts, scores, certificates, assignments and submissions.
Transaction data: purchase history, invoices, billing address and GST details. Card and bank details are processed directly by our payment gateway partners and are not stored by us.
Technical data: IP address, device identifiers, browser type, operating system, app version, log data, cookies and similar technologies.
Communications: messages, support tickets, feedback and correspondence you send to us.
Data from third parties: where you sign in using Google or Microsoft, we receive basic profile information (name, email) from those providers.

3. How We Collect Information

4. Purpose and Legal Basis of Processing

We process your personal data on the basis of the consent you provide, and, where applicable, for certain legitimate uses permitted under the DPDP Act. We use your data to:

create and administer your account and authenticate you;
deliver courses, track learning progress and issue certificates;
process payments, issue invoices and comply with tax obligations;
provide customer support and respond to your queries;
send service-related communications, updates and, with your consent, marketing communications;
improve, personalise and secure the Platform, and detect and prevent fraud or misuse;
comply with applicable laws and respond to lawful requests from authorities.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Platform. For details on the cookies we use and how you can control them, please read our Cookie Policy.

6. Sharing and Disclosure of Information

We do not sell your personal data. We may share it with:

Service providers / Data Processors who perform services on our behalf — such as cloud hosting, payment processing, email and SMS delivery, analytics and customer support — under contractual obligations of confidentiality and security;
Institutes and instructors on the Platform, to the extent necessary to deliver the courses you enrol in;
Legal and regulatory authorities, where disclosure is required by law, court order or to protect our rights, users or the public; and
Successor entities, in connection with a merger, acquisition or reorganisation, subject to this Privacy Policy.

7. Data Security

8. Data Retention

9. Your Rights as a Data Principal

Subject to the DPDP Act, you have the right to:

access a summary of the personal data we process about you and the processing activities;
correction, completion and updating of inaccurate or incomplete personal data;
erasure of your personal data where it is no longer necessary for the purpose for which it was collected;
withdraw consent at any time (withdrawal does not affect processing carried out before withdrawal);
grievance redressal through the channels described below; and
nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any of these rights, contact our Grievance Officer using the details in Section 13.

10. Children's Data

11. Third-Party Links and Services

12. Transfer of Data

13. Grievance Officer / Data Protection Officer

In accordance with the IT Act, the IT Rules, 2021 and the DPDP Act, the contact details of our Grievance Officer are:

Name: [Grievance Officer Name]
Designation: Grievance Officer, KISS LMS
Email: [email protected]
Address: [Registered Office Address, City, State, PIN]

14. Changes to this Privacy Policy

15. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at [email protected] or write to KISS LMS, [Registered Office Address, City, State, PIN].

Privacy Policy

1. Definitions

2. Information We Collect

3. How We Collect Information

4. Purpose and Legal Basis of Processing

5. Cookies and Tracking Technologies

6. Sharing and Disclosure of Information

7. Data Security

8. Data Retention

9. Your Rights as a Data Principal

10. Children's Data

11. Third-Party Links and Services

12. Transfer of Data

13. Grievance Officer / Data Protection Officer

14. Changes to this Privacy Policy

15. Contact Us

Loading...

Privacy Policy

1. Definitions

2. Information We Collect

3. How We Collect Information

4. Purpose and Legal Basis of Processing

5. Cookies and Tracking Technologies

6. Sharing and Disclosure of Information

7. Data Security

8. Data Retention

9. Your Rights as a Data Principal

10. Children's Data

11. Third-Party Links and Services

12. Transfer of Data

13. Grievance Officer / Data Protection Officer

14. Changes to this Privacy Policy

15. Contact Us