Privacy Policy

In this policy, “Vivaran” means the Vivaran platform and the individual or entity identified as the service provider in the relevant client agreement, pilot agreement, order form, or similar contract.

Vivaran provides software infrastructure for schools, inclusion centres, child-development organisations, and similar institutions that need a durable record of human development, observations, workflows, and reports.

Vivaran primarily operates from India. Indian law, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and related Indian privacy rules, forms the baseline for how this policy is written.

This is Vivaran’s privacy policy. It is not the parent-facing privacy policy of any school, centre, therapist, or client institution that uses Vivaran.

Vivaran may process the following categories of information:

• Website and business contact information: names, organisation names, roles, email addresses, phone numbers, inquiry details, demo requests, meeting notes, and communication history.
• Client staff account information: names, work emails, phone numbers, roles, permissions, login events, session metadata, device/browser information, and support/debugging information.
• Client-controlled programme data: information a client enters into Vivaran about students, children, parents, guardians, staff, programmes, reports, reviews, workflows, and communication records.
• Operational diagnostics: feature usage, route hits, performance metrics, error logs, audit information, and security logs needed to operate and protect the service.

In client deployments such as inclusion centres or schools, this may include developmental observations, school-readiness notes, behaviour and regulation patterns, intervention history, parent communication logs, therapy-linked records, and similar high-sensitivity information entered by the client.

Vivaran uses information to run and improve the service, including to:

1. Provide and maintain the Vivaran website, platform, and support workflows.
2. Authenticate users and enforce access permissions.
3. Create and maintain authorised client workspaces.
4. Support reports, records, approvals, communications, and review cycles requested by clients.
5. Monitor reliability, performance, abuse, misuse, and security incidents.
6. Debug problems, investigate issues, and respond to support requests.
7. Communicate with users and clients about the service, updates, billing, security, and product operations.
8. Comply with legal obligations and preserve evidence where required.

Vivaran does not use client-controlled child or parent data for targeted advertising, sale of personal data, marketing materials, independent research, or training third-party AI models.

Where a client uses Vivaran to manage student, child, parent, or programme records, the client remains the organisation that decides why data is collected, what gets entered, who can access it, how long it should be kept, and when it may be shared.

In those deployments, Vivaran acts as a service provider / data processor. The client typically acts as the data fiduciaryor controller for those records.

That means Vivaran processes client-controlled records only to provide, secure, support, and maintain the contracted service. Vivaran does not independently decide how a child’s or student’s record should be used for care, therapy, education, admissions, school-readiness, or parent-facing decisions.

Vivaran may use cookies, local storage, analytics, and observability tooling to keep the site and product working, understand feature usage, detect errors, and improve reliability.

Vivaran’s product analytics approach is designed to avoid intentional capture of sensitive child notes, parent details, or similar record content in analytics payloads. Sensitive fields should be masked, redacted, or excluded where analytics tooling is used.

Vivaran may also provide AI-assisted workflows, such as summaries, report support, or structured drafting. When those features process client-controlled records, they do so only as part of the client-directed service. Vivaran does not use child or parent data to train third-party AI models, and AI-assisted outputs are not a substitute for human review or institutional judgment.

Vivaran may share information with limited categories of service providers needed to operate the platform, such as cloud hosting, authentication, communication, analytics, observability, document-processing, and AI infrastructure providers.

Vivaran expects those providers to support service delivery, security, and infrastructure functions only. They are not authorised by Vivaran to use client-controlled child or parent data for their own marketing or unrelated business purposes.

Vivaran uses reasonable technical and organisational safeguards, including permission systems, authentication controls, restricted internal access, encryption in transit, logging, monitoring, and provider-level security controls. No system can guarantee absolute security, but Vivaran is designed to reduce unauthorised access, misuse, alteration, and loss.

Unless a client contract says otherwise, Vivaran may retain client workspace data for up to one year after the client relationship endsto support export, transition, security review, dispute handling, and service continuity. Logs, backups, and security records may remain longer where needed for security, infrastructure recovery, legal claims, or compliance.

Children’s data requires heightened care, especially when it relates to neurodiversity, therapy, developmental observations, behavioural support, or school readiness. Vivaran treats such information as high-sensitivity client data.

For client-controlled records, parents, guardians, and students should usually contact the relevant school, centre, or institution directly for requests such as access, correction, deletion, withdrawal of consent, copies of reports, or complaints about how records are used.

If Vivaran receives such a request directly, Vivaran may redirect the request to the relevant client unless Vivaran is legally required to respond differently. Vivaran will assist the client with access, correction, export, or deletion workflows where instructed and technically feasible.

Vivaran does not knowingly run targeted advertising to children, build advertising profiles about children, or make autonomous care or admission decisions about children from their records.

Clients using Vivaran remain responsible for:

1. Providing their own legally required privacy notices and consent flows.
2. Obtaining valid parent or guardian consent, or another lawful basis where required, before entering child data into Vivaran.
3. Deciding what records are necessary and who should access them.
4. Reviewing and approving reports, communications, and AI-assisted outputs before external use.
5. Handling parent, guardian, therapist, and regulator requests about client-controlled records.
6. Deciding whether records may be shared with parents, therapists, schools, or other third parties.

Vivaran provides the platform. The client remains responsible for its own educational, therapeutic, administrative, professional, and legal decisions.

Vivaran may update this Privacy Policy from time to time. If changes are material, Vivaran may notify users or clients through email, a dashboard notice, contract notice, or another reasonable channel.

Questions about this policy or Vivaran’s handling of personal data can be sent to tech@vivaran.app.

Questions about a particular child, student, or client record should be sent to the institution, school, or centre that controls that record.