Privacy Policy

Last Updated: 20 May 2026 | Effective Date: 20 May 2026

Summary: We collect only what we need to deliver our service. We never sell your data. We never store card details. AI questions are processed by Google Gemini. You can ask us to delete your data at any time.

1. Who We Are

Love for Physics ("we", "us", "our") is an educational technology service operated by Arnab Mondal, a physics teacher based in Bankura, West Bengal, India. We offer AI-powered tutoring services primarily targeting Class 11 and Class 12 students preparing for the JEE (Joint Entrance Examination) and NEET (National Eligibility cum Entrance Test) examinations.

Our service is accessible at https://loveforphysics.com and includes L4P Sathi (our AI physics tutor), PhysicsVerse (interactive chapter learning), and related learning tools.

Contact: arnabmondal.bankura@gmail.com | Bankura, West Bengal, India

2. Information We Collect

2.1 Information You Provide Directly

Account registration: Your full name, email address, and password (stored as a bcrypt hash — we never store your plain-text password).
Profile preferences: Target exam (JEE/NEET/Boards), preferred language (English, Hindi, or Bengali), and any other optional details you choose to add.
Payment information: When you purchase a subscription or Pay As You Go credit pack, you are redirected to Razorpay's secure payment interface. We receive a payment confirmation, an order ID, and a transaction ID from Razorpay. We never receive, store, or process your card number, CVV, UPI PIN, or banking credentials. All payment data is handled by Razorpay under their own privacy policy and PCI-DSS compliance.
Questions and queries: When you use L4P Sathi, the physics questions you type are stored in our database and sent to Google's Gemini API for processing.
Reports and feedback: If you flag an AI answer or submit a report, that content is stored and reviewed by our team.
Contact enquiries: Any messages you send through our contact form or via email.

2.2 Information Collected Automatically

Authentication logs: Login timestamps and device context (handled via JSON Web Tokens; no session data is stored server-side).
Usage data: Which AI features you use, how many credits you consume, and response times. This data is used to improve service quality and is never sold to third parties.
Server logs: Standard web server access logs (IP address, browser type, pages visited, timestamps) retained for up to 90 days for security and debugging purposes.

2.3 Information We Do Not Collect

We do not collect location data beyond what your IP address may reveal.
We do not use tracking pixels, cross-site cookies, or advertising trackers.
We do not collect biometric data.
We do not collect data from social media accounts.

3. How We Use Your Information

3.1 Service Delivery

The primary use of your data is to deliver our educational service. This includes authenticating your account, displaying your credit balance, processing your AI questions, and showing your learning history.

3.2 AI Personalisation

We may use your question history and chapter preferences to tailor responses. For example, if you have previously studied optics, we may contextualise a new question accordingly. This personalisation is done within our own systems and does not involve sharing your identity with any AI provider.

3.3 Payment Processing

Your order details (name, email, amount, product code) are shared with Razorpay solely to process your payment. Razorpay's use of this data is governed by their Privacy Policy.

3.4 Communication

We may send you:

Transactional emails (payment receipts, account verification).
Subscription expiry reminders (10 days, 5 days, 1 day before expiry).
Important service announcements (policy changes, feature updates).

We do not send unsolicited marketing emails. You can opt out of non-transactional emails at any time by contacting us.

3.5 Quality Assurance and Safety

Our team reviews flagged AI answers and reports to ensure accuracy and appropriateness. Questions with low confidence scores from our AI are automatically flagged for human review. Reviewers access question text and AI answers but do not access your personal profile unless it is relevant to resolving a content dispute.

3.6 Legal Compliance

We may use your data to comply with applicable Indian law, respond to lawful requests from government authorities, or enforce our Terms of Service.

4. Data Storage and Security

Your data is stored on servers located in India, operated by our hosting provider. We implement the following security measures:

HTTPS: All data in transit is encrypted using TLS 1.2 or higher.
Encrypted API keys: Third-party API keys (such as Razorpay keys) are stored encrypted in our database using AES-256-GCM encryption. The encryption master key is never stored in the database itself.
Password hashing: User passwords are hashed using bcrypt with a minimum cost factor of 10.
Database access controls: Database credentials are stored only in server-side environment variables, never in version-controlled code.
Rate limiting: API endpoints are rate-limited to prevent abuse.
Input validation: All user inputs are validated and sanitised before processing.

Despite these measures, no system is completely secure. In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the breach, as required by applicable law.

5. Third-Party Services

We use the following third-party services that may process your data:

5.1 Razorpay (Payment Processing)

Razorpay Payments Private Limited processes your payments. They are PCI-DSS compliant. When you make a payment on our platform, you are interacting directly with Razorpay's secure payment interface. We share your name, email address, and order details with Razorpay for payment processing. See Razorpay's Privacy Policy.

5.2 Google Gemini API (AI Processing)

When you submit a question to L4P Sathi, your question text is sent to Google's Gemini API for processing. Important disclosure: If we are using the free tier of the Gemini API, Google's standard terms may allow them to use inputs for model improvement. As our service grows, we will migrate to a paid API tier under Google's enterprise terms, which includes a data processing agreement prohibiting the use of inputs for model training. We will update this policy when that migration occurs. Please do not submit personally identifying information, sensitive personal data, or information you would not want processed by Google in your questions. See Google's Privacy Policy.

5.3 MSG91 (Future — OTP Verification)

We plan to integrate MSG91 for phone-based OTP verification in a future phase. When implemented, your phone number will be shared with MSG91 solely for delivering OTP messages. This section will be updated when this integration is active.

5.4 Hosting Provider

Our servers are operated by Hostinger. Your data physically resides on their infrastructure. Hostinger's data processing is governed by their Data Processing Agreement and Privacy Policy.

6. Your Rights

You have the following rights regarding your personal data:

Right of Access: You may request a copy of all personal data we hold about you. We will respond within 30 days.
Right of Correction: If any data we hold is inaccurate or incomplete, you may request correction. You can update your name and language preference directly within your account settings.
Right of Deletion: You may request the deletion of your account and all associated data. Note that we are required to retain payment records for a minimum of 7 years as required by Indian tax law (GST and income tax regulations). All other personal data will be deleted within 30 days of your request.
Right to Data Portability: You may request a machine-readable export of your learning history and account data.
Right to Object: You may object to certain processing activities, such as receiving non-transactional communications.

To exercise any of these rights, please contact us at arnabmondal.bankura@gmail.com with the subject line "Data Rights Request".

7. Children's Data

Our service is intended for users who are at least 14 years of age (Class 9 onwards, though our content primarily targets Class 11–12). We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe that your child under 13 has registered for our service without your consent, please contact us immediately at arnabmondal.bankura@gmail.com and we will delete the account and all associated data within 72 hours.

For students between 13 and 18, we recommend parental awareness of their learning activity on our platform. Parents who wish to review, modify, or delete their minor child's account data may contact us directly.

8. AI-Generated Content and Question Data

When you submit a physics question to L4P Sathi, that question is:

Stored in our database linked to your user account.
Transmitted to Google's Gemini API for generating an answer.
Retained in our system to provide question history and to allow our team to review AI quality.

We do not use your question history to build or train our own AI models. We do not share individual question data with any third party other than as described in Section 5 above.

If you submit a question that inadvertently contains personal information (e.g., "My name is Rohan and I am solving this problem..."), that personal information will be processed by Google Gemini. We recommend keeping questions focused on physics concepts and avoiding inclusion of personal identifiers.

9. Cookies and Local Storage

We do not use advertising cookies or third-party tracking cookies. Our service uses browser localStorage to store your authentication token (JSON Web Token). This token is used to authenticate your API requests and expires after a configurable period (typically 24 hours). You can clear this data at any time through your browser settings, which will log you out of your account.

10. Data Retention

We retain your data for as long as your account is active or as needed to provide our service, subject to the following:

Account data: Retained until you request deletion.
Question and learning history: Retained for the duration of your account and up to 1 year after deletion.
Payment records: Retained for a minimum of 7 years as required by Indian financial regulations.
Server logs: Retained for 90 days.
Deleted accounts: All personally identifiable data (excluding payment records) is permanently deleted within 30 days of an account deletion request.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by:

Sending an email to the address associated with your account, and/or
Displaying a prominent notice on our homepage and your dashboard for at least 14 days.

The "Last Updated" date at the top of this page indicates when this policy was last revised. Continued use of the service after the effective date of a revised policy constitutes your acceptance of the changes.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: arnabmondal.bankura@gmail.com
Address: Arnab Mondal, Bankura, West Bengal, India (full address available on request for official correspondence)
Response time: We aim to respond to all privacy-related queries within 5 business days.