Is Aanchal safe for my child?

Yes. Aanchal's kids portal has zero analytics, zero tracking, and zero ads. Your child's voice is processed by Google AI in real time and never stored by Aanchal. Every experience is approved by you before it reaches your child.

What languages does Aanchal support?

Aanchal works in any language supported by Google Gemini — including Telugu, Hindi, Tamil, Kannada, Malayalam, Marathi, Bengali, and 50+ more. The AI narrates natively, not through translation.

Yes. Your child gets 3 free stories daily with no setup. For personalized interactive experiences, you add a free Google AI key (no credit card needed). Google's free tier gives you 1,500+ interactions per day.

What ages is Aanchal for?

Aanchal is designed for children ages 3-12. The AI automatically adapts vocabulary, pacing, and complexity based on your child's age profile.

Turn screen time into your child's smartest hour

1. Who We Are

Aanchal is operated by Aanchal Experiences (OPC) Private Limited, a company incorporated in India. Our registered office is in Hyderabad, Telangana, India.

Aanchal is an AI-powered learning adventures platform for families with children aged 3-12. We provide two applications: a Parent Portal (for parents, teachers, and guardians) and a Kids Portal (for children).

For any privacy-related queries, contact us at: aanchal.hq@gmail.com

2. Our Privacy Philosophy

We believe childhood should belong entirely to the child and their family. Our platform is built on three non-negotiable principles:

Zero tracking in the Kids Portal — no analytics, no ads, no third-party SDKs, no behavioral profiling.
Bring Your Own Key (BYOK) — AI interactions happen through the parent's own Google AI key. The child's voice goes directly to Google's API via a short-lived token — we never store raw voice data. Session transcripts are processed server-side solely to generate your child's Learning Report and are not used for any other purpose.
Parent as gatekeeper — no AI experience reaches a child without explicit approval from a trusted adult.

3. Data We Collect

3.1 Parent Portal

Data	Purpose	Storage
Display name	Personalized greeting	Firestore (encrypted at rest)
Email or phone number	Authentication (Firebase Auth)	Firebase Auth (Google-managed)
Google AI API key	BYOK interactive stories	Firestore (AES-256-GCM encrypted)
Child profiles (name, age, language)	Story personalization	Firestore (encrypted at rest)
Experience preferences & restrictions	Content safety filtering	Firestore (encrypted at rest)
Aggregate page view counts	Application health monitoring	Firestore (anonymized, no PII)

3.2 Kids Portal

The Kids Portal collects zero personal data. Specifically:

No analytics or tracking of any kind
No third-party SDKs (no Google Analytics, no Meta Pixel, no advertising SDKs)
No behavioral profiling or session recording
No cookies beyond the essential session cookie for authentication
Content Security Policy (CSP) enforced to prevent any unauthorized data collection

The child's voice during interactive experiences is sent directly from their device to Google's Gemini API via a short-lived ephemeral token. Aanchal never stores raw voice data. Post-session, text transcripts are processed server-side to generate the Learning Report visible to the parent. These transcripts are not shared, sold, or used for AI training.

3.3 Data We Do NOT Collect

Location data
Device identifiers or fingerprints
Contact lists or address books
Photos, camera, or microphone recordings (voice goes directly to Google)
Browsing history outside our application
Data from other apps on the device

4. Bring Your Own Key (BYOK) Model

Aanchal's interactive storytelling uses a BYOK architecture. This means:

The parent provides their own Google AI Studio API key.
The key is encrypted using AES-256-GCM before storage and is never stored in plaintext.
When a child starts a story, the key is decrypted server-side and used to create a short-lived ephemeral token (30 minutes, self-expiring). The raw key never reaches the child's device.
All AI interactions (voice, text, story generation) happen directly between the child's device and Google's API. Aanchal acts as a secure bridge, not a data processor.
Google's own privacy policies and data handling apply to the AI interactions. We recommend reviewing Google AI Studio Terms.

5. Legal Basis for Processing

5.1 Under India's DPDP Act, 2023

We process personal data based on explicit consent obtained at the time of account creation. For children's data, we rely on verifiable parental consent — only a parent or guardian can create a child profile, and every AI experience requires explicit parental approval.

5.2 Under GDPR (for EU users)

If you are located in the European Economic Area, our legal basis for processing is:

Consent (Article 6(1)(a)) — for account creation, child profiles, and API key storage.
Parental consent for children (Article 8) — only parents/guardians create profiles for children. Children cannot create accounts independently.
Legitimate interest (Article 6(1)(f)) — for application health monitoring using anonymized, aggregate metrics only.

6. Children's Privacy

Aanchal is designed for children aged 3-12, used under adult supervision. We take children's privacy extremely seriously:

Only adults can create accounts. The Parent Portal requires Google authentication or phone verification. Children access the Kids Portal via a time-limited Magic Code generated by their parent.
Zero data collection from children. The Kids Portal has no analytics, no tracking, and no third-party SDKs.
No open-ended AI access. Every AI experience is scoped, approved, and monitored by the parent. Children cannot interact with AI without parental pre-approval.
10-minute screen lock. After each story experience, the Kids Portal locks for 10 minutes to manage screen time.
No persistent sessions. Magic Codes expire in 5 minutes. Parents can remotely sign out any device at any time.

7. Data Security

All data is encrypted at rest (Firestore default encryption) and in transit (TLS 1.3).
API keys are additionally encrypted with AES-256-GCM before storage.
Authentication uses Firebase Auth with secure, HTTP-only session cookies.
All mutation endpoints are protected with CSRF validation.
Server-side rate limiting on all API endpoints.
Content Security Policy (CSP) headers enforced on all portals.
No plaintext secrets in API responses — API keys are never returned to the client.

8. Data Retention & Deletion

Soft delete only. When you delete data, it is marked as deleted but retained for 30 days for recovery purposes.
Anonymisation after 30 days. After the 30-day recovery window, all personally identifiable information is permanently scrubbed.
Account deletion. You can delete your entire account from Settings. This cascades to all child profiles and associated data.
Data export. You can download all your data from Settings at any time in a machine-readable format.
Magic Codes. Expire automatically in 5 minutes and are soft-deleted after use.

9. Your Rights

Under DPDP Act, 2023

Right to access your personal data
Right to correction of inaccurate data
Right to erasure of your data
Right to withdraw consent at any time
Right to nominate another person to exercise rights on your behalf
Right to grievance redressal

Under GDPR

Right to access (Article 15)
Right to rectification (Article 16)
Right to erasure / “right to be forgotten” (Article 17)
Right to data portability (Article 20)
Right to restrict processing (Article 18)
Right to object to processing (Article 21)

To exercise any of these rights, email aanchal.hq@gmail.com. We will respond within 30 days.

10. Cross-Border Data Transfers

Aanchal uses Firebase (Google Cloud) for data storage. Our Firestore database is configured in the asia-south1 (Mumbai) region. Parent and child profile data is stored in India.

When using BYOK interactive mode, AI interactions are processed by Google's Gemini API. Google may process this data in data centers outside India, subject to Google's own data processing terms and Standard Contractual Clauses.

11. Third-Party Services

Service	Purpose	Data Shared
Firebase Auth	Parent authentication	Email or phone number
Firebase Firestore	Data storage	Profile data (encrypted)
Firebase Storage	Audio file hosting	Pre-generated story audio (no PII)
Google Gemini API	AI experience generation (BYOK)	Via parent's own key — raw voice never stored by us
Sentry	Error monitoring (Parent Portal only)	Anonymized error traces — no child data, no PII

We do not share data with advertisers, data brokers, or any third party not listed above.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website and updating the “Last Updated” date. Continued use of Aanchal after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights:

Email: aanchal.hq@gmail.com
Entity: Aanchal Experiences (OPC) Private Limited
Location: Hyderabad, Telangana, India