Privacy Policy

1. Introduction

Exrnxt Labs Pvt. Ltd. ("we", "us", "our") operates the Exrnxt learning platform and related WebGL content (the "Service"). This Privacy Policy describes what personal data we collect from users (including children), why we collect it, how we use it, how we share it, and the rights available to data subjects.

2. Scope & children

Our Service is directed to child and adult students. We comply with applicable child data protection laws (including India’s DPDP and relevant international rules such as COPPA where applicable). We do not knowingly collect personal information from children under the age at which consent is permitted in their jurisdiction without verifiable parental consent. If you are a parent or guardian, please review the parental controls and consent procedure below.

3. Data we collect

We collect only the minimum personal data necessary to provide the Service:

Account & authentication (collected at registration)

Name (optional), parent/guardian e-mail, username, hashed password (we store securely), user age or date of birth (for age gating).

Service usage

Session identifiers, login timestamps, course progress, in-app answers and interactions necessary to provide the educational experience.

Technical & diagnostic (automatic)

Device type, browser, IP address, approximate geolocation (city-level), User Agent, WebGL capability and crash logs.

Cookies & similar technologies

We only use essential session cookies set by ASP.NET for authentication and session management. We do not use analytics or third-party tracking cookies unless you opt in. See Section 7 (Cookies).

No sensitive categories

We do not collect financial data, health data, national ID numbers, biometric data, sexual orientation, or other “sensitive personal information.”

4. Purpose & legal basis

We process personal data for:

• Performance of the contract / necessary to provide the Service (account, authentication, course progress).
• Compliance with legal obligations (parental consent records, safety).
• Legitimate interest (platform security and fraud prevention), balanced against user privacy — we will not use legitimate interest as the basis for processing children’s personal data where consent is required by law.

Parental consent is the basis for processing children’s personal data where required.

5. Parental consent, age gating, and account deletion

Parents/guardians must provide verifiable consent before a child under the applicable age may register. We record parental consent and contact information.

Parents can request access, correction or deletion of a child’s personal data by contacting us at contact@exrnext.com. We will respond per applicable law and will promptly delete personal data upon verified request unless retention is required by law.

6. Data sharing and processors

We do not sell personal data. We may share personal data with:

• Service providers (hosting, authentication, backups) acting as processors under contract; processors follow instructions, implement security controls and may be located outside India.
• Legal authorities where required by law.

If we ever use Unity cloud services or Unity analytics, we will list Unity as a processor and confirm a Data Processing Addendum (DPA) is in place.

7. Cookies

Essential cookies: ASP.NET session cookie used to maintain authenticated session; described and only set when needed.

Non-essential cookies (analytics or marketing): none used by default. If we later add analytics or other tracking, we will obtain parental consent before enabling those cookies for children.

8. Data retention

We retain personal data only as long as necessary for the purpose collected (account + 24 months of inactivity for account archival) or to meet legal obligations (e.g., parental consent records, tax/financial records). Exact retention periods: account data while account active; parental consent records — minimum 3 years after account deletion unless law requires longer.

9. Security

We use industry standard TLS for data in transit. Passwords are stored with a salted strong hashing algorithm. Access to production data is restricted to authorized staff; processors are contractually required to maintain appropriate security. We perform periodic security reviews.

10. Cross-border transfer

Some processing or backups may occur outside India. We will ensure lawful transfer mechanisms and appropriate safeguards.

11. Your rights

Depending on jurisdiction, data subjects (or parents on behalf of minors) have rights to access, correct, delete, restrict processing, object, and data portability. Submit requests to contact@exrnext.com. We will verify identity and parental status before fulfilling requests.

12. Data breach

We will notify affected individuals and regulators of a breach per applicable law and within required timeframes.

13. Changes

We will publish material changes to this policy on this page and update the Effective date.

14. Contact

Data Protection Officer / Privacy contact: contact@exrnext.com

Exrnxt Labs Pvt. Ltd., Plot No.8, Rani Bazar, Indus. Area, Near Flyover, Bikaner — 334001, Rajasthan.

Phone: +91 7688-993-994