GDPR Compliance Statement

Yugnext-AI ("we," "us," or "our") is committed to protecting the privacy, security, and fundamental data rights of our users. This GDPR Compliance Statement details how we adhere to the strict requirements of the European Union's General Data Protection Regulation (GDPR) to protect personal data processed across our systems.

1. Yugnext-AI's Roles: Data Controller vs. Processor

Under the GDPR, Yugnext-AI operates under two distinct roles depending on how data is gathered:

• Data Controller (Corporate Site): We act as the Data Controller for information submitted on www.yugnext-ai.com (such as requesting demos, newsletter signups, or CV career applications). We determine the purposes and secure methods of processing this business data.
• Data Processor (TriSphere Platform): For student, teacher, and parent data stored within TriSphere, the **partner school or educational institution is the Data Controller**, and **Yugnext-AI acts as the Data Processor**. We process application-level data strictly in accordance with instructions provided by the school's administrators and legal representatives.

2. Your Fundamental Data Rights

We respect the absolute data rights granted to individuals under Chapter 3 of the GDPR. You can exercise these rights at any time by contacting our Data Protection Officer:

• Right to be Informed: You have the right to receive clear, plain-language explanations of how we collect and use your data (as detailed in this statement and our privacy policies).
• Right of Access: You have the right to request a complete, structured copy of all personal details and communication logs we hold relating to you.
• Right to Rectification: You have the right to request that we correct inaccurate or incomplete personal contact details.
• Right to Erasure ("Right to be Forgotten"): You have the right to request that we permanently delete all your contact details, emails, and files from our active servers.
• Right to Restrict Processing: You have the right to request that we block or limit processing of your personal information in specific conditions.
• Right to Data Portability: You have the right to download and transfer your personal data in structured, machine-readable formats.
• Right to Object: You have the right to object to direct marketing or processing based on legitimate business interests.
• Rights in Relation to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing. For example, our Lernix AI Auto-Grading engine behaves purely as an assistive advisor—all final grading decisions and grade modifications are controlled exclusively by human teachers (absolute override).

3. Our Key Compliance Actions

We have integrated GDPR principles directly into our corporate and technical design workflows:

• Privacy by Design: We engineer our applications (like TriSphere) with data minimization in mind. For example, ASTRA wellness check-ins process voice records ephemerally (zero-logs on the cloud server).
• Data Protection Officer (DPO): We maintain a dedicated privacy desk to oversee regulatory compliance, monitor server security, and process user rights requests.
• Data Protection Agreements (DPAs): We sign standardized DPAs with our institutional school clients, binding us to clean data-deletion schedules, sub-processor restrictions, and notification timelines.
• Security and Breach Notification: All files are encrypted using TLS 1.3 in transit and AES-256 at rest. In the highly unlikely event of a security compromise, we will notify affected Data Controllers and supervisory authorities within 72 hours of discovery.

4. Contact Our Privacy Desk

If you wish to submit an access request, exercise your right to erasure, or ask questions regarding our GDPR compliance standards, please email our DPO desk:

• DPO Contact Email: contact@yugnext-ai.com
• Administrative Office: Yugnext-AI Data Protection, Bengaluru, India