Skip to content
K12 Times

Privacy Policy

Last updated: 2026-05-19

This Privacy Policy explains how K12 Times ("we", "us") collects, uses, stores, shares, and protects your personal data. This notice is issued under the Digital Personal Data Protection Act, 2023 (India) and the Information Technology Rules, 2011.

1. Who we are

K12 Times is a K-12 education news platform operated by an Indian individual founder. For data-protection enquiries, see our Grievance Officer page.

2. Data we collect

  • Account data: name, email, password (hashed), school name, city, state, role (student / school / admin).
  • Student profile: class / standard and date of birth. We collect date of birth as profile information; we do not currently operate an automated age-verification or age-assurance system.
  • Parent / guardian data (student accounts): the parent or legal guardian's name and a contact (phone or email), and a record of their consent (including the date and the consent statement they agreed to). This is collected to satisfy the verifiable-consent requirement for a child's data under the DPDP Act 2023 (see section 3).
  • Submissions: articles, poems, stories, drawings, photographs, keywords, attached media.
  • Usage data: page views, likes, IP address (logged briefly for rate-limiting and abuse prevention), device user-agent.
  • Cookies: a session cookie for authentication, plus essential security cookies. Our usage analytics are cookieless. We do not use advertising or cross-site tracking cookies.

3. Children's data

K12 Times serves K-12 students, who are generally under 18 and are treated as "children" under Section 9 of the DPDP Act 2023. We do not knowingly process a child's personal data without the consent of their parent or lawful guardian.

When a student account is created, the sign-up form requires the parent or legal guardian to provide their name and a contact (phone or email) and to give explicit, informed consent — through a separate, unticked-by-default consent statement — to our collecting and processing the child's personal data as described in this policy. The student account cannot be created unless this guardian information and consent are provided, and this requirement is enforced on our servers. We record the consent together with the exact statement the guardian agreed to and the date.

We rely on this guardian declaration as the verifiable basis for processing under Section 9(1). We do not currently use a government-ID, Aadhaar, or DigiLocker-based verification step, and we do not claim to perform identity verification beyond the consent declaration described above.

In line with Section 9(3) of the DPDP Act 2023, we do not carry out behavioural tracking, behavioural monitoring, or targeted advertising directed at children. Our pageview analytics are cookieless and aggregate, and we do not build advertising or behavioural profiles of users (see section 4).

A parent or guardian may write to our Grievance Officer at any time to access, correct, or delete a child's account, or to withdraw consent.

4. How we use your data

  • Provide the K12 Times service and your account.
  • Moderate and publish your submissions.
  • Send transactional email (account verification, password reset, submission status).
  • Measure aggregate, cookieless usage (page views and a small set of product events such as "sign-up started" or "enquiry submitted") to improve the platform. This analytics data does not use cookies, does not identify you, and is not used to build advertising or behavioural profiles.
  • Detect and prevent abuse, fraud, and security incidents.

5. Legal basis

We process your personal data based on (a) your consent at signup, (b) the necessity of performing our service contract with you, and (c) our legitimate interest in operating a safe platform. You may withdraw consent at any time by deleting your account.

6. Sharing

We do not sell your data. We share data only with:

  • Service providers: Cloudflare (hosting/CDN and cookieless Web Analytics), AWS SES (email), Google Gemini (AI moderation), Cloudflare R2 (media storage).
  • Law-enforcement when legally compelled by an Indian court order or statute.

7. Retention

Account data is kept until you delete your account. Submissions remain published until you or our moderators take them down. Logs and IP addresses are retained for up to 90 days unless required for ongoing investigation.

8. Your rights (DPDP Act §11–§14)

  • Access: request a copy of your personal data.
  • Correction: ask us to fix inaccurate data.
  • Erasure: delete your account and submissions.
  • Withdraw consent: at any time without penalty.
  • Grievance redressal: contact our Grievance Officer below.

To exercise these rights, write to our Grievance Officer. We respond within 30 days.

9. Security

We use TLS in transit, hashed passwords, time-bound access tokens, and access controls. No system is perfectly secure; please use a strong unique password and report any suspected compromise to our Grievance Officer.

10. International transfers

Some service providers (Cloudflare, AWS, Google) may process data outside India under standard contractual safeguards. Personal data is primarily stored in Mumbai, India.

11. Changes

We will publish material changes on this page and update the "Last updated" date. If we materially change the purposes of processing, we'll request fresh consent.