Privacy & Compliance Policy

BKRS LLC operates the platforms Eppo Gurukulam, Eppo Music, and Eppo Event. This comprehensive Privacy & Compliance Policy explains how we collect, use, store, protect, share, and delete user data, how different sign-in methods function, how payments and refunds are handled, and how administrative access is governed. Our practices comply with the Google API Services User Data Policy, Google OAuth Verification Requirements, Apple Sign-In Data Usage Terms, Facebook Login Platform Policies, India’s Digital Personal Data Protection Act (DPDP 2023), and global GDPR-aligned privacy standards. By using our services, you agree to the practices and terms described here.
 
 
1. Information We Collect

1.1 Registration Data

When users sign up through Apple Sign-In, Google Sign-In, Facebook Login, or email-based authentication via Firebase, we collect basic registration details such as full name, email address (including Apple relay email where applicable), phone number (if provided), profile image, user role (student or teacher), timezone, region, and preferred language.

1.2 Google Sign-In Data

If a user chooses Google Login, we receive access only to the Google profile name, email, and profile picture. We do not access any Google data beyond what the user explicitly authorizes.

1.3 Google Calendar API Data

Calendar access is strictly optional and activated only when users explicitly choose to sync their calendars. When enabled, we create class events, and when needed, modify or delete only those events created by Eppo. We do not access private event descriptions, do not modify events from other apps, and never view or interact with any other calendars.

1.4 Apple Sign-In Data

Apple Sign-In may provide the user’s name and either their real email or Apple’s private relay email. We do not request or store any Apple account details, do not track across devices, and do not access Apple purchases, iCloud, or any other Apple ID information.

1.5 Facebook Login Data

When Facebook Login is used, we may receive the user’s name, email, and profile photo. We do not access friend lists, posts, photos, Instagram or Meta data, or any messaging information.

1.6 Email/Password Login

For users who log in via email and password, we store the email address and authentication credentials securely through Firebase’s protected system.

1.7 Learning & Platform Activity Data

Within Eppo Gurukulam, we collect information related to the user’s learning activity, such as enrolled courses, scheduled and attended classes, assignments, progress data, class recordings, and teacher-student communication that occurs within the platform’s environment.

1.8 Payment & Transaction Data

During payment processing, we collect order IDs, transaction status, payment history, associated mobile numbers, payment IDs, and email addresses. We do not collect or store sensitive financial details such as card numbers, CVV, or UPI PINs. All payments are processed through PCI-DSS-compliant gateways.

1.9 Technical & Device Data

For security and performance, we collect technical information including device type, operating system, browser, IP address, and timezone.
 
 
2. Why We Use Your Data

We use these data points to authenticate users, deliver classes, manage schedules, sync calendars (when enabled), process payments, personalize the learning experience, prevent fraud, enhance platform performance, and send important notifications such as class reminders or updates. Google Calendar data, when provided, is used exclusively for class scheduling and related reminders.
 
 
 
3. Admin Access Policy

3.1 What Admins Can Access

To ensure smooth functioning of Eppo Gurukulam and to help resolve technical issues efficiently, platform administrators may access certain portions of user dashboards. Admins can view both teacher and student dashboards, review class schedules, and assist in troubleshooting operational issues. They may also schedule, reschedule, and cancel classes where necessary. This access is limited to read-only and scheduling-related operational control.

3.2 What Admins Cannot Access

Admins are strictly restricted from viewing or modifying any financial or sensitive user information. They cannot withdraw teacher payments, view wallet balances, access the credits purchase window, or modify authentication settings. They cannot view passwords, stored payment instruments, teacher payout details, or private calendar data beyond events created by Eppo. Sensitive account settings and Google/Apple/Facebook credentials are completely inaccessible to Admins.

3.3 Purpose of Admin Access

Administrative access exists solely for platform maintenance and user support. This includes resolving support tickets, correcting scheduling issues, and assisting teachers or students facing dashboard or class-related problems. Admins do not sell or transfer any user data, cannot access personal communication outside the platform environment, and cannot modify external linked credentials. All administrative actions are internally logged for security and audit purposes.
 
 
4. Data Sharing Practices

We do not sell, rent, or commercially monetize any user data. Limited information may be shared with teachers for class delivery, and with secure service providers such as payment gateways, hosting partners, and communication services (SMS and email). Data may also be shared with government authorities only when required by law. Google user data is never shared externally in any form.
 
 
 
5. Data Storage & Protection
All user data is protected using industry-standard security, including AES-256 encryption, TLS/HTTPS transmission, encrypted OAuth tokens, firewalls, server isolation, and role-based access controls. We conduct annual internal security audits and maintain disaster-recovery backups to ensure uninterrupted service and data safety.
 
 
6. Data Retention
Learning-related data is retained until the user deletes their account. Class schedules are retained as operational records, and payment histories are stored as legally required. System logs are maintained between 90 and 365 days. Google and Apple tokens are deleted immediately upon revocation, and a deleted account is permanently erased from active systems with no option for recovery.
 
 
7. User Rights
Users may request deletion of their account by contacting support@bkrsllc.com. Upon deletion, all learning history, playlists, bookmarks, and calendar events created by Eppo are removed. All OAuth tokens are revoked, and once deleted, the data cannot be restored.
 
 
8. Cookies & Tracking
We use cookies primarily for session management, timezone detection, and basic analytics. We do not use cookies for advertising, third-party tracking, or cross-site profiling.
 
 
9. Payments & Refund Policy
Payments are processed securely by PCI-DSS-compliant providers, and we do not store complete payment credentials. Refunds within Eppo Gurukulam are offered only in specific circumstances: teacher cancellations without alternatives, platform-wide failures, duplicate payments, and verified medical emergencies (handled case-by-case). Refunds are not provided for missed classes by students, completed classes, or group classes after scheduling. All eligible refunds are processed back to the original payment method within 7–14 business days.
 
10. Children’s Privacy
We do not knowingly collect data from children under 13 years of age without verified parental consent.
 
 
11. Policy Updates
This policy may be updated periodically. Users will be informed of significant changes through email, website announcements, or in-app notifications.
 
 
12. Contact
For any privacy-related inquiries, users may write to support@bkrsllc.com.