Quick answer. You paid for an online course, then the app blocked your login, killed your “lifetime access,” wiped the paid certificate, or said your device limit was full. That is a deficiency of service under section 2(11) of the Consumer Protection Act 2019 and, if “lifetime access” was the selling line, a bait-and-switch dark pattern under the 2023 CCPA Guidelines. You do not need to ask the platform politely a fifth time. Send one written restoration demand, then file NCH 1915 within 72 hours, then e-Daakhil if access is not restored in 30 days.
This is not a refund article. The money has already left your account and the course has already been promised. The fight here is about access being taken away after payment: a login that suddenly fails, a device-limit counter that resets against you, a “lifetime” tag that quietly became “1 year,” videos that throw “content unavailable,” a certificate that vanished from your dashboard, and a support inbox that has gone silent for weeks. Indian consumer law treats this as a service that was paid for and then withdrawn, which is a much stronger case than asking nicely for a refund.
If your situation matches any of those, this guide applies. If your problem is “I want a refund because I changed my mind,” read the sibling article on edtech refunds instead.
The Act defines “deficiency” as any fault, imperfection, shortcoming, or inadequacy in the quality, nature, and manner of performance which is required to be maintained by or under any law, contract, or otherwise. The moment you paid, a contract was formed: you would get access to lectures, downloads, doubt-solving, and a certificate for the duration promised on the sale page. Cutting that off mid-stream, or locking you out at the device-limit pretext, is exactly the kind of “shortcoming in the manner of performance” the section was written for. You do not have to prove malice. You only have to prove (a) you paid, (b) the platform promised X, and © you got less than X.
The Central Consumer Protection Authority notified the Guidelines for Prevention and Regulation of Dark Patterns on 30 November 2023. They list ten prohibited dark patterns. Three apply to access-denied edtech disputes:
A violation of these Guidelines is treated as a violation of the Consumer Protection Act 2019 itself, which means a District Consumer Commission can impose penalties and order refunds + compensation. The Guidelines are notified under sections 18 and 19 of the Act.
If the sale page or YouTube ad said “lifetime,” “unlimited,” “till you crack the exam,” “free certificate,” “doubt-solving included,” or “1:1 mentor,” those are claims that must be substantiated under the 2022 Guidelines. Screenshot the original ad and the current dashboard. The mismatch is your evidence.
Section 43(b) covers “downloading, copying, or extracting any data from a computer resource without permission.” Section 43(f) covers “denying or causing the denial of access to any person authorised to access any computer resource.” Once you paid, you are an authorised user. A platform that wrongfully blocks your login is, on the strict text of section 43(f), causing the denial of access to an authorised person: and is liable to pay damages by way of compensation under section 43 itself. This is rarely litigated against edtech apps, but it is a useful section to cite in your legal notice. It puts the platform on warning.
Section 11 of the DPDP Act gives you the right to access information about your personal data, including a summary of the processing activities and a list of all data principals with whom your data has been shared. Section 12 gives you the right to correction and erasure. Practically, this means you can demand a downloadable copy of your watch history, your assessment scores, your certificate PDF, and your contact-data trail. Most edtech apps will fold the moment a DPDP-style data-portability request lands at their grievance officer's desk, because the alternative is admitting to the Data Protection Board that they cannot produce your records.
Indian courts have repeatedly held that standard-form contracts offered on a take-it-or-leave-it basis are read strictly against the drafter. A clause buried on page 47 of a terms-of-use document, in 8-point grey text, that contradicts the headline promise on the sale page, does not bind a reasonable consumer. The Supreme Court's reasoning in *LIC v. Consumer Education and Research Centre* (1995) 5 SCC 482 and the National Commission's later orders applying it to digital services are the relevant line of authority. You do not need to cite it on day one; mention it only if the platform's reply leans on T&C clauses.
Do these seven things, in this order, the day the lockout happens. You will be done before lunch.
Gather these before you send the legal notice or file e-Daakhil. A missing item is the most common reason a District Commission dismisses an edtech complaint.
Under Rule 5(9) of the Consumer Protection (E-Commerce) Rules 2020 and Rule 3(2) of the IT Intermediary Rules 2021, every platform must publish the name, contact, and email of a grievance officer. The officer must acknowledge within 48 hours and resolve within 15 days. Their email is usually grievance@[platform].com or compliance@[platform].com. If the platform has hidden the page, search “grievance officer site:[platform-domain]” on Google or check their app store listing: the Play Store and App Store now require it.
Operated by the Department of Consumer Affairs. Three ways to file:
NCH uses a “convergence” model: the docket is forwarded to the platform's registered grievance cell with a 15-day resolution clock. Most platforms reply within 7 days because non-response invites a public “company-wise pendency” report.
If NCH mediation fails or the platform stalls past 30 days, file at edaakhil.nic.in. Procedure in plain steps:
Typical timeline: 90 to 150 days for an order. Edtech cases often settle at the first hearing because the platform's counsel knows a District Commission order is a permanent public record.
If the issue affects more consumers than just you (and access-denied edtech disputes almost always do), file at the CCPA's portal at consumeraffairs.nic.in. The CCPA can issue class-style directions, impose penalties up to ₹10 lakh for a first violation and ₹50 lakh for repeat violations under section 21 of the Act, and order corrective advertising.
ASCI's complaint cell (ascionline.in) handles the underlying YouTube/Instagram/Google Ads claim. ASCI orders are not binding on a District Commission but are persuasive evidence and are now formally tied to MIB and CCPA enforcement under the 2024 cross-referral protocol.
Most access-denied edtech disputes are pure consumer law. You do not need to involve cyber crime or the police. The two exceptions:
For the standard “they locked me out and ghosted me” pattern, skip the police entirely. Going straight to NCH and e-Daakhil is faster, cheaper, and produces a paper trail that the platform cannot escape.
Send by email and registered post to the platform's grievance officer. Replace [bracketed] fields with your facts. Do not name a specific platform in your final letter: just use their registered name from the invoice.
Subject: Demand for restoration of paid course access and grievance under Consumer Protection Act 2019, Information Technology Act 2000, and CCPA Dark Patterns Guidelines 2023 To, The Grievance Officer [Registered name of platform] [Registered address from invoice] Email: [[email protected]] Sir / Madam, 1. I, [your full legal name], holder of registered account [your account email] and registered mobile [+91-XXXXXXXXXX], purchased the course titled "[course name]" from your platform on [date of purchase] for a consideration of Rs [amount], vide payment reference [UPI / card / bank reference number], invoice number [invoice number]. 2. The sale page at the time of purchase, archived at [Wayback Machine URL or screenshot reference], expressly promised [lifetime access / access till exam date / unlimited downloads / free certificate / 1:1 mentor sessions / etc., copy the exact words from the page]. 3. On [date of lockout], at approximately [time], I was [denied login / shown a device-limit error / shown an expiry that contradicts the sale promise / unable to open paid lectures / shown that my certificate is no longer visible]. A screen recording of the failed access, dated and timestamped, is enclosed as Annexure A. 4. I have raised support tickets numbered [ticket numbers] on [dates]. The platform has either not responded, or has responded with [boilerplate / refusal to deregister an old device / a new T&C clause that did not exist on the date of purchase]. Copies are enclosed as Annexure B. 5. The withdrawal of access constitutes a deficiency of service under section 2(11) of the Consumer Protection Act 2019. The mismatch between the sale-page promise and the current access constitutes the dark pattern of "bait and switch" prohibited under the CCPA Guidelines for Prevention and Regulation of Dark Patterns 2023, read with sections 18 and 19 of the Consumer Protection Act 2019. The act of blocking my login despite my being an authorised user attracts liability under section 43(f) of the Information Technology Act 2000. 6. I hereby call upon you to, within fifteen (15) days of receipt of this notice: a. Restore full access to the course as originally promised, for the originally promised duration; b. Re-issue the paid certificate, if applicable; c. Provide a downloadable export of my entire data: watch history, assessment scores, certificates, and contact data: under sections 11 and 12 of the Digital Personal Data Protection Act 2023; d. Confirm in writing that no adverse remark, defaulter flag, or credit-related entry will be created against my name in connection with this dispute. 7. Failing the above, I shall, without further notice, approach the District Consumer Disputes Redressal Commission having territorial jurisdiction over my address through the e-Daakhil portal, seeking restoration of access, refund of the full consideration paid, compensation for mental agony and litigation cost, and exemplary damages for the dark-pattern violation, with all costs being recoverable from you. 8. A copy of this notice has been simultaneously filed with the National Consumer Helpline (docket number [NCH docket]) and the Central Consumer Protection Authority. Yours faithfully, [Your name] [Your address] [Date and place] Enclosures: A. Screen recording and screenshots of the failed access B. Support ticket trail C. Original sale-page screenshot / Wayback Machine URL D. Payment proof and invoice E. Welcome and certificate emails
If the platform claims to be empanelled with a government scheme (Skill India, NSDC, PMKVY, IIT-PAL, NPTEL-SWAYAM, DIKSHA, or a state government scholarship portal), the empanelling body is a public authority and is bound by the RTI Act 2005. You can file this RTI to surface complaint data and force a regulatory look at the platform.
To, The Central Public Information Officer [National Skill Development Corporation / Ministry of Education / relevant authority] [Address] Subject: Application under section 6(1) of the Right to Information Act 2005 Sir / Madam, Under section 6(1) of the RTI Act 2005, I request the following information regarding the empanelment of "[platform name]" with [scheme name]: 1. The complete empanelment agreement, terms of service-level guarantee, and minimum-access duration committed by the platform under the scheme. 2. The total number of consumer complaints received against the platform from 1 April 2023 to date, with year-wise break-up. 3. The action-taken report on each such complaint, including any show-cause notices, suspensions, or de-empanelment orders. 4. Copies of any audit reports on the platform's access-availability and certificate-issuance compliance. I am attaching the prescribed application fee of Rs 10 via [IPO / DD / online challan reference]. I am a citizen of India. Please furnish the information within 30 days as mandated by section 7(1). Yours faithfully, [Your name] [Address] [Date]
This is the most common access-denied pattern. The device-fingerprint reset bug usually triggers after an OS update or app reinstall. First, send a written deregister-old-devices request to the grievance officer and quote CCPA Dark Patterns Guidelines 2023 paragraph on “subscription trap.” Most platforms reset the counter within 48 hours once you cite the Guidelines. If they refuse, that refusal is itself evidence for your e-Daakhil complaint: they cannot show you what data their “device limit” runs on, which is a section 11 DPDP violation.
The headline promise on the sale page wins. Indian contract law and the CCPA Misleading Advertisements Guidelines 2022 both treat the visible representation that induced the purchase as the binding term. A buried T&C clause contradicting the headline is, in legal terms, an unfair contract term under section 2(46) of the Consumer Protection Act 2019. Save both screenshots and cite paragraph 9 of the dark-patterns guidelines (bait and switch) when you file.
Yes. Section 12 of the DPDP Act 2023 obligates the platform to preserve and, on request, restore your personal data, which includes a certificate issued in your name. File a DPDP data-correction request first; if ignored within 30 days, escalate to the Data Protection Board (when notified) and, in parallel, file at NCH 1915 citing deficiency of service. Most platforms re-issue within a week once a DPDP request is on file because they do not want the Board's first published order to be against them.
Use the Wayback Machine (web.archive.org). Enter the platform's sale page URL, pick a snapshot dated on or before your purchase date, screenshot it with the URL bar visible, and save the .png. The Wayback Machine is admissible electronic evidence under section 65B of the Indian Evidence Act 1872 (now section 63 of the Bharatiya Sakshya Adhiniyam 2023) when accompanied by a self-certificate of authenticity. The District Commission accepts Wayback printouts routinely.
Card-network rules give you 120 days from the date of service disruption (not the date of payment) to file a “service not rendered” chargeback. That means if your access was cut off last week, your 120-day clock starts last week: even if you paid a year ago. Call the card issuer, ask for the dispute desk, and quote reason code 4853 (Visa) or 4859 (Mastercard).
Yes. Rule 4(1)(a) of the IT Intermediary Rules 2021 requires acknowledgement within 24 hours and resolution within 15 days. Non-compliance can be reported to the Grievance Appellate Committee (gac.gov.in) and to MeitY directly. A separate sub-clause of your e-Daakhil complaint should be that the platform breached the Intermediary Rules: this lets the Commission award additional compensation for the regulatory violation.
Yes. Section 34(2)(d) of the Consumer Protection Act 2019 allows a consumer to file the complaint at the District Commission having jurisdiction over the consumer's place of residence or workplace, regardless of where the platform is registered. This is one of the most consumer-friendly provisions in the Act and is the reason platforms cannot drag you to their head-office city.
No, not legitimately. A truthful, factually accurate review of paid service that was withdrawn is protected under article 19(1)(a) of the Constitution and falls outside section 356 (defamation) of the BNS 2023 because truth in the public interest is a complete defence. Reply once, in writing, stating that your review is a fair statement of personal experience, and forward the threat to NCH 1915 as evidence of “unfair trade practice” under section 2(47) of the Consumer Protection Act 2019. Most threats evaporate at that point.
No. Section 38(8) of the Consumer Protection Act 2019 specifically allows a consumer to appear in person or through any agent. The procedure is designed to be lay-friendly. Read the sibling guide on e-Daakhil filing for the field-by-field walkthrough. A lawyer becomes useful only at the State Commission appeal stage or if the platform raises a complex jurisdictional objection.
Realistic timeline:
Cost to you across the whole journey: about ₹250 in postage and court fee, zero rupees in lawyer fee if you handle it yourself.
This article uses ten `==== Q ====` H3 questions. The site-wide schema generator at `/static/js/schema-auto.js` reads those headings and outputs a single valid FAQPage block in the rendered head. Do not add an inline `<script type=“application/ld+json”>` block here: DokuWiki on this site renders inline JSON-LD as visible text. The schema script handles it automatically.
The pattern (anonymised composite from NCH-published 2024 case data): A NEET aspirant in Lucknow paid ₹18,500 for a coaching app's “Till NEET 2025: unlimited revision” plan in July 2024. On 12 December 2024 her login failed with “device limit exceeded.” She had only ever used one phone. Five support tickets in 16 days were auto-closed without reply. On day 17 she screen-recorded the failed login, filed NCH 1915 (docket 4-something), and emailed the grievance officer the demand template above. On day 22 the platform restored access and extended her plan by 60 days as compensation. Total out-of-pocket spend: ₹0. Time to resolution: 22 days. The key move was citing CCPA Dark Patterns 2023 paragraph on subscription-trap in the very first email: most support agents are trained to escalate immediately once they see that phrase.
A young Indian student sitting at a study desk at night, looking at a laptop screen showing a generic course-app “Access Denied” lock icon with a faded play button behind it. Warm desk lamp on the left, a stack of textbooks and a half-finished cup of chai on the right. The student's expression is calm and determined, not distressed, reading a printed sheet titled “Consumer Rights Checklist.” Soft cinematic lighting, photorealistic, 1200×630, horizontal composition, neutral palette of warm browns and cool laptop blue. No brand logos visible. No real human likenesses. Subtle Indian context cues (a Diya in the background blur, a wall calendar with Devanagari month name).