This notice explains—in plain language—how Shiminly Inc. ("Shiminly," "we," "our") collects, uses, and safeguards Student Data for learners under 18 who use our self paced life skills courses.
1. What We Mean by “Student Data”
2. Why We Collect Student Data
3. Our Legal Foundations
4. Parental & School Rights
5. How We Keep Student Data Safe
6. AI & Automated Tools
7. Data Retention
8. Questions & Contact
“Student Data” is any information that can identify or is reasonably linked to a learner under 18 and is created within the Shiminly platform.
| Category |
Examples |
| Enrolment data |
First name, age band (7 9, 10 12, 13 15, 16 18), parent e mail, school name |
| Learning records |
Check in reflections, quiz scores, certificates |
| Engagement metrics |
Lesson completion status, time on task, badges earned |
| Parent/teacher feedback |
Support tickets, optional surveys |
|
|
We do not collect government IDs, precise GPS, or biometric identifiers.
| Purpose |
Example |
| Deliver lessons |
Track progress, unlock next activity |
| Feedback & certificates |
Auto grade quizzes, generate reports |
| Safety & integrity |
Detect cheating or harmful content |
| Research (de identified |
Measure which lessons boost motivation |
We never sell Student Data or use it for behavioural advertising.
| Region |
Law / Standard |
What We Do |
| USA |
COPPA / FERPA |
Obtain verifiable parent consent for learners under 13; allow schools to act as agent; no behavioural ads to minors. |
| India |
DPDPA 2023 |
Parent consent (or school contract) for minors < 18; local grievance officer; EU hosted data with SCC safeguards. |
| UAE |
PDPL 2021 |
Consent or contract basis; UAE privacy contact; cross border SCCs to EU. |
Parents, guardians, or authorised school officials may:
1. Review the Student Data we hold.
2. Correct inaccurate information.
3. Delete the student’s account and data (subject to tax/audit retention).
4. Withdraw consent at any time.
Requests are processed within 30 days. See § 8 for how to contact us.
• EU based LearnWorlds hosting (ISO 27001).
• TLS 1.2+ in transit; AES 256 at rest.
• Role based access controls; quarterly penetration tests.
• 72 hour breach notification commitment to parents and schools.
Some lessons use AI to generate reflective prompts. These systems:- Process anonymised text only.
- Do not assign grades or pass/fail.
- Are monitored daily for bias; flagged output is reviewed by human educators.
• Course data: Active account + 3 years.
• Payment records: 7 years (legal obligation).
• Support tickets: 2 years.
We then delete or irreversibly anonymise the data.
•
General student privacy enquiries: privacy@shiminly.com
• USA (FERPA/COPPA): support@shiminly.com
• India (DPDPA): DPDPA@shiminly.com
• UAE (PDPL): PDPL@shiminly.com
