StudyCoin

Privacy Policy

Last Updated: December 2024

This Privacy Policy outlines how StudyCoin, operating as a Virtual Digital Asset Service Provider (VASP) within the Indian regulatory framework, collects, uses, protects, and discloses information gathered from our users. Our commitment is to protect your privacy while adhering to the stringent compliance obligations required to operate our VDA ecosystem.

1. The Legal Basis for Data Collection

As an entity that facilitates the transfer and safekeeping of Virtual Digital Assets (VDAs)—our STC Tokens—StudyCoin is classified as a Reporting Entity under India's Prevention of Money Laundering Act (PMLA). This classification mandates that we comply with strict regulatory obligations set forth by the Financial Intelligence Unit-India (FIU-IND).

2. Information We Collect

We collect information based on two primary categories of engagement:

A. Non-VDA (General Educational Engagement) Data

This data is collected when you browse content, register for basic access, and participate in non-token-earning activities:

  • Registration Data: User name, email address, country, and password.
  • Engagement Data: Course progress, quiz scores, content consumption patterns, and curriculum feedback.
  • Technical Data: IP address, device information, and web browser type.

B. VDA (Regulatory Compliance) Data

This sensitive data is mandatory for all users who wish to earn, hold, trade, or use STC Tokens (our Virtual Digital Asset) or participate in DAO governance.

  • Identity Verification (KYC/CDD): Government-issued identification documents (e.g., Aadhaar number, passport), full legal name, date of birth, and proof of address.
  • Transaction Data: Records of all STC Token transfers, redemption of tokens for marketplace discounts, wallet addresses, and corresponding transaction amounts, as required for mandated transaction monitoring.
  • Financial Data: Records necessary for tax compliance (e.g., TDS) related to token transactions.

3. How We Use Your Information

Your data is used primarily to operate the platform, provide educational services, and, critically, to fulfill our legal duties:

  • Service Provision: To deliver educational content, track progress, issue Proof-of-Skill credentials, and manage marketplace redemption.
  • Security and Compliance (Mandatory): We use VDA data to perform Customer Due Diligence (CDD) and Anti-Money Laundering (AML) checks on all VDA participants. This is essential for compliance with PMLA.
  • Regulatory Reporting: We use transaction monitoring data to file reports, including Suspicious Transaction Reports (STRs), directly with the FIU-IND and other necessary regulatory bodies as required by law.
  • Transparency: To ensure compliance with the Consumer Protection Act of 2019 regarding transparency in digital transactions and protection against fraud.
  • Governance: To verify STC Token holder rights and execute voting mechanisms within the DAO structure.

4. Disclosure and Sharing of Information

We do not sell, trade, or rent your Personal Data to third parties. However, we may disclose your information under the following circumstances:

  • Legal Obligation: We will disclose necessary VDA Data to governmental and regulatory bodies, including the FIU-IND, if required by law or judicial order, particularly to comply with PMLA and AML reporting requirements.
  • Service Providers: We may share data with third-party service providers (such as KYC verification services or hosting partners) who assist us in operating our business, provided they are bound by confidentiality obligations.
  • Public Blockchain Records: Please note that while your identity remains secure, any credential or transaction recorded on the blockchain (e.g., Proof-of-Skill NFT/SBT issuance) is inherently public and pseudonymous.

5. Data Retention and Security

We retain your information only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, or reporting requirements. Due to our VASP status, transaction and identity records must be retained for the minimum statutory period mandated under the PMLA.

We implement robust, industry-standard technical and organizational security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

6. Your Rights

You have rights regarding your data, including the right to access, correct, or request the deletion of your personal data. However, please be advised that compliance with our mandatory legal and regulatory obligations (specifically KYC and AML record-keeping under PMLA) will supersede any request for the immediate deletion of VDA-related transaction and identity data.