Privacy Policy

Last updated: 18 May 2026

The 30-second version. We collect your email, your child's first name and age, the goals you set, and how the weekly tasks went. That's what we use to put together your weekly plans. We don't sell your data, and other Summiva users never see it. You can delete everything from inside the app whenever you want. The marketing website (summiva.com) also uses Google Analytics for aggregate visitor stats, separate from anything you do inside the app.

1. Who we are

Summiva is built and run by Anand Yadav, an individual in India. If you have a privacy question, please write to me at hello@summiva.com. That's also the address for any data-protection grievance under India's Digital Personal Data Protection Act (DPDP Act, 2023). I'm the Data Fiduciary and the Grievance Officer; in practice, the same person reads both queues.

2. What we collect

From you (the parent)

About your child (entered by you)

What we do NOT collect

3. Why we collect it

4. How long we keep it

5. Who else sees your data

We don't sell your data to anyone. We do rely on a small number of service providers to run the app. Each of them only sees what they need to do their specific job, and none of them is allowed to use your data for anything else:

6. Your rights

You can:

To exercise any of these, email hello@summiva.com with the subject line "Data Request". We'll reply within 30 days, usually faster.

7. About your child specifically

Summiva is for parents and guardians (you must be 18+ to create an account). Your child does not have an account and never interacts with the app directly. The data in section 2 about your child is information that you entered as their parent or guardian, so you're responsible for what you choose to add.

For data about anyone under 18, we follow the principles of the US Children's Online Privacy Protection Act (COPPA), India's DPDP Act, and the EU GDPR:

8. If your data crosses borders

Most of our service providers are based in the United States (Supabase, Anthropic, Apple, RevenueCat, PostHog, Resend, Cloudflare) or Germany (Sentry). Your data therefore moves outside India. We rely on standard contractual clauses with each provider and on each provider's compliance with applicable data-protection rules.

9. Security

We do the things you'd hope for: passwords are hashed (bcrypt), data is encrypted in transit (TLS 1.3) and at rest (AES-256), and access to production systems requires multi-factor authentication. We never store payment-card details, since Apple handles all payment processing.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you within 72 hours and report to the Indian Data Protection Board as required by the DPDP Act.

10. About the curriculum frameworks we reference

Summiva's weekly plans draw on publicly available developmental milestones and curriculum frameworks. You'll see names like FIDE youth chess pedagogy, ABRSM and Royal Conservatory grade-level expectations, Lexile reading bands, Singapore Math, Common Core State Standards, Trinity College London grades, CEFR language levels, Toastmasters, and similar. These names appear so parents understand where the structure of our plans comes from. Summiva is not affiliated with, partnered with, certified by, or endorsed by any of these organisations. The frameworks are referenced for educational purposes only.

11. If you live in the EEA, UK, or California

EEA / UK (GDPR)

Our lawful basis for processing your data is your consent (when you sign up) and contract performance (delivering the service you paid for). You have everything in section 6 plus the right to lodge a complaint with your local supervisory authority.

California (CCPA / CPRA)

You have the right to know what data we collect, delete it, correct it, and opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information as defined by CCPA.

12. When we change this policy

We update this page when we add features, change service providers, or when laws change. The "Last updated" date at the top reflects the most recent change. For any material change that affects your rights, we'll tell you in-app and by email at least 14 days before it takes effect.

13. Contact

For any privacy question or to exercise your rights:
Anand Yadav (Data Fiduciary & Grievance Officer)
hello@summiva.com