EVIT
ProgramsAboutTrialContact
Data & Compliance

Data & Compliance

How EVIT approaches data protection, privacy, security, and compliance.

Last updated: 2 June 2026

Notice: This page is an operational policy draft provided for transparency. It is not legal advice and should be reviewed by qualified legal counsel before being relied upon for production or compliance purposes.

On this page
  1. 01Overview
  2. 02Compliance Framework
  3. 03Data Governance
  4. 04Student Data Protection
  5. 05RBAC and Access Control
  6. 06Infrastructure Security
  7. 07Data Storage
  8. 08Data Processors / Service Providers
  9. 09Cross-Border Data Transfers
  10. 10Incident Response
  11. 11User Rights Workflow
  12. 12Contact and Grievance
  13. 13Legal Review Notice

On this page

  1. 01Overview
  2. 02Compliance Framework
  3. 03Data Governance
  4. 04Student Data Protection
  5. 05RBAC and Access Control
  6. 06Infrastructure Security
  7. 07Data Storage
  8. 08Data Processors / Service Providers
  9. 09Cross-Border Data Transfers
  10. 10Incident Response
  11. 11User Rights Workflow
  12. 12Contact and Grievance
  13. 13Legal Review Notice
On this page
  1. 01Overview
  2. 02Compliance Framework
  3. 03Data Governance
  4. 04Student Data Protection
  5. 05RBAC and Access Control
  6. 06Infrastructure Security
  7. 07Data Storage
  8. 08Data Processors / Service Providers
  9. 09Cross-Border Data Transfers
  10. 10Incident Response
  11. 11User Rights Workflow
  12. 12Contact and Grievance
  13. 13Legal Review Notice

On this page

  1. 01Overview
  2. 02Compliance Framework
  3. 03Data Governance
  4. 04Student Data Protection
  5. 05RBAC and Access Control
  6. 06Infrastructure Security
  7. 07Data Storage
  8. 08Data Processors / Service Providers
  9. 09Cross-Border Data Transfers
  10. 10Incident Response
  11. 11User Rights Workflow
  12. 12Contact and Grievance
  13. 13Legal Review Notice

1.Overview

EVISIONARY TECH WORKS PRIVATE LIMITED (EVIT) is committed to secure and responsible education technology. This page summarizes our approach to data governance, security, student privacy, and compliance. It complements our Privacy Policy and Terms of Use.

2.Compliance Framework

We design our policies with reference to applicable laws and recognized principles, including, where relevant:

  • India’s Digital Personal Data Protection Act and its Rules;
  • India’s Information Technology Act and intermediary obligations, where applicable;
  • GDPR data-protection principles for users where applicable;
  • contractual obligations with our service providers;
  • education-sector privacy expectations.

We do not claim formal certification under any of these frameworks unless it has been independently verified.

3.Data Governance

Our governance practices include:

  • data minimization — collecting only what we need;
  • purpose limitation — using data only for stated purposes;
  • access control and role-based access;
  • audit trails for sensitive actions;
  • retention controls and secure deletion.

4.Student Data Protection

Student learning records, assignment submissions, and progress data are handled with care. For minors, guardian involvement may be required. Tutor access is limited to the learners and courses they are assigned, and administrators provide oversight under least-privilege principles.

5.RBAC and Access Control

EVIT enforces a role-based access model:

  • user — default role on signup;
  • student — granted after trial approval/enrollment;
  • tutor — access scoped to assigned classes and courses;
  • parent — linked guardian access where enabled;
  • admin — manages content, access, and operations.

The default signup role is user. The student role is granted only after approval, course access is controlled through enrollments, and administrators manage content and access. Authorization is enforced on the server and in the database.

6.Infrastructure Security

Our security controls include:

  • Supabase Auth for authentication;
  • PostgreSQL row-level security (RLS) policies;
  • server-side authorization independent of the client;
  • secure, HttpOnly session cookies;
  • private storage buckets with short-lived signed URLs for private files;
  • audit logging of sensitive actions;
  • protection of secrets via server-only environment variables.

We never expose service credentials to the browser, and we do not overclaim external certifications.

7.Data Storage

We store the following categories of data:

  • profile and account data;
  • course and curriculum data;
  • learning progress;
  • assignments and submissions;
  • support requests;
  • security and audit logs.

8.Data Processors / Service Providers

We work with the following categories of providers. “Planned” entries are not yet integrated and are shown for transparency.

CategoryProviderPurposeStatus
Database & AuthenticationSupabase (PostgreSQL, Auth, Storage)Account authentication, application database, and private file storageActive
Transactional EmailResendAccount, trial, and support email notificationsActive
Application HostingCloud hosting / edge platform (e.g. Vercel)Serving the EVIT web applicationActive
PaymentsPayment processor (to be confirmed)Processing course/trial payments where applicablePlanned
AnalyticsPrivacy-respecting analytics (to be confirmed)Aggregate, non-identifying product usage insightPlanned
Live Classes / VideoVideo meeting provider (to be confirmed)Hosting live trial and mentoring sessionsPlanned

9.Cross-Border Data Transfers

Depending on provider infrastructure and legal requirements, some processing may occur outside India. Where this happens, we seek to ensure appropriate safeguards consistent with applicable law.

10.Incident Response

Our incident-response approach follows these stages:

  • Detect — monitor for anomalies and security events;
  • Investigate — assess scope and impact;
  • Contain — limit further exposure;
  • Notify — inform affected users/regulators where required;
  • Remediate — fix the root cause;
  • Document — record lessons learned.

11.User Rights Workflow

You can request the following, subject to verification and applicable law:

  • access to your data;
  • correction of inaccurate data;
  • deletion of your data;
  • withdrawal of consent where applicable;
  • grievance redressal.

Requests can be sent to privacy@evit.org.in and are routed to the appropriate team.

12.Contact and Grievance

Data protection: privacy@evit.org.in. Grievance officer: grievance@evit.org.in.

13.Legal Review Notice

Our compliance posture evolves with our product and the law. This page is reviewed periodically and must be validated by qualified legal counsel before being relied upon for regulatory or contractual purposes.

Need help?

For data-protection requests or grievances, reach our team.

Data protection
privacy@evit.org.in
Grievance officer
grievance@evit.org.in

EVISIONARY TECH WORKS PRIVATE LIMITED · evit.org.in

EVIT

Enlightened Visionary Institute of Technology. A practical, build-first technology institute helping beginners learn coding, software, AI, and digital skills through structured courses, assignments, and projects.

Explore

  • Programs
  • About
  • Book a Trial
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • IP Infringement
  • Data & Compliance

© 2026 EVIT — Enlightened Visionary Institute of Technology. All rights reserved.

Part of the EVTECH & GROUPS ecosystem.

Sign inEnter the Path of Innovation