What is DPDPA 2023?
The Digital Personal Data Protection Act 2023 governs how organisations in India collect, process, and store personal data — with heightened expectations when the data subject is a child. For parents, the practical question is not legal jargon but: who sees my child's data, for what purpose, and can I withdraw consent?
EdTech apps often market "AI personalised learning" while their privacy policies permit broad data sharing, behavioural profiling, or third-party ad networks. DPDPA-aligned products should be narrow: collect what practice requires, explain why, obtain verifiable parental consent for minors, and offer deletion without a support maze.
5
Checklist items before signup
RLS
Server-side data isolation
No ads
Children's data not sold to advertisers
PIN
Parent dashboard gate
The parent verification checklist
| Verify | Green flag | Red flag |
|---|---|---|
| Parental consent | Explicit consent step at child signup; timestamp stored | Child account created with only a birth-year checkbox |
| Purpose limitation | Data used for practice, grading, and progress only | Vague "improve services" plus undisclosed third-party lists |
| Ad monetisation | No sale of children's data; no behavioural ad targeting on minors | Free app funded by ad networks with child-directed content |
| AI data handling | Prompts use syllabus context — not names, emails, or phone numbers | Chat logs with PII sent to general-purpose models with unclear retention |
| Deletion & withdrawal | Documented path via settings or /help; honour within stated SLA | No contact path or "email legal@" with no response |
Battle-tested onboarding loop
Before paying: (1) Read /privacy and /about — confirm legal entity name. (2) Complete signup yourself first; note the consent screen. (3) Let your child run one graded worksheet. (4) Open the PIN-gated parent dashboard — confirm you see topic mastery, not chat transcripts. (5) Bookmark /help for consent withdrawal. This five-step loop takes under 20 minutes and beats discovering gaps mid-board season.
How Mingi handles children's data
- Legal entity: Ingagenow Marketing Consultant LLP (Gurugram). Verify on mingi.in/about — not third-party directory copy.
- Parental consent captured at onboarding; profile stores consent metadata for audit requests.
- Graded attempts and learnability metrics live in RLS-protected tables — students cannot read siblings' data; parents access linked children via verified family links.
- AI worksheet and grading prompts receive subject, class, topic, and mark weight — not student names, phone numbers, or account emails.
- No sale of children's data to advertisers; Mingi is subscription-funded, not ad-targeting-funded.
- Parent dashboard is PIN-gated (SHA-256 hash with salt) — a UX gate for progress summaries, not a substitute for server-side RLS.
Sunday
Scan dashboard mastery — lowest topic scores first. No need to read every answer.
Wednesday
Review one graded report card together — one misconception, not full chapter re-teaching.
Quarterly
Re-check app privacy policy for new integrations (social login, camera, third-party analytics).
On request
Withdraw consent or delete account via mingi.in/help — keep confirmation for your records.
| Dimension | Mingi | Generic chat AI |
|---|---|---|
| Data model | Graded worksheets + topic mastery metrics | Conversation threads with unpredictable retention |
| AI inputs | Subject/topic context only | Often includes whatever the child types — names, school, photos |
| Parent visibility | PIN-gated mastery dashboard | Usually no structured progress view |
| Monetisation | Subscription (Starter ₹499/mo) | Often free tier with unclear data use |
| Compliance posture | DPDPA 2023 aligned; children's data not sold to advertisers | Varies by provider and jurisdiction |
Free is not always private
Apps with no subscription sometimes fund operations through ads, data brokers, or broad "analytics" sharing. For children under 18, a narrow-purpose paid practice tool with clear deletion rights often carries lower privacy risk than a flashy free chat wrapper.
RLS and family accounts explained
Row Level Security (RLS) means database queries automatically filter by the logged-in user. Your child's graded attempts, learnability metrics, and generations are not readable by other students — even if someone guesses a URL. Family plans link parent and child profiles through verified family_links; the parent dashboard aggregates mastery summaries without exposing unrelated users' data. The four-digit parent PIN prevents younger siblings from casually opening progress views on a shared tablet — but RLS is what actually enforces isolation on the server.
What Mingi deliberately does not collect for AI
Worksheet generation and grading do not need your child's name, phone number, school address, or Aadhaar. Mingi sends curriculum context — board, class, subject, topic, mark distribution — to the model. If an app asks for excessive PII "for personalisation," ask what breaks if you omit it.
Key takeaway
- Run the five-point checklist before every new edtech signup — DPDPA awareness is ongoing, not one-time.
- Prefer graded history over chat logs: you get mastery signal without reading private messages.
- Mingi: consent at onboarding, RLS isolation, no ad sales on children's data, subject-only AI prompts.
- Re-audit quarterly — especially when apps add social features or new third-party SDKs.
Verify Mingi yourself
Start the 30-day trial, complete one graded worksheet with your child, then set a parent PIN and review the mastery dashboard.
Start my 30-day trial