Legal

Privacy Policy

Last updated: April 2026 ·  Compliant with IT Rules, 2011 (India).

1. What We Collect

We collect only what is necessary to provide the Platform. The categories of personal data we process are:

CategoryData PointsBasis
AccountName, email address, hashed password, registration dateContract
TelegramTelegram user ID (if you link Telegram delivery)Consent
UsageMCQ responses, syllabus progress, doubt queries submitted, daily session recordsLegitimate interest
SubscriptionPlan type, billing dates, Razorpay subscription ID (no card data — handled solely by Razorpay)Contract
TechnicalIP address, browser/OS, page views, error logsLegitimate interest

We do not knowingly collect data from persons under 18. If you believe a minor has created an account, contact us and we will delete it.

2. How We Use Your Data

Your data is used to:

  • Provide, operate, and personalise the Platform
  • Process subscription payments and generate GST invoices
  • Send transactional emails (welcome, invoice, renewal reminder, payment failure)
  • Enforce plan limits (e.g., free-tier doubt query cap)
  • Improve content quality and fix errors
  • Detect and prevent fraud or abuse
  • Comply with applicable legal obligations

We do not sell your personal data to any third party. We do not use your data for advertising targeting.

3. Third-Party Processors

We engage the following sub-processors, each bound by data processing agreements and their own privacy policies:

ProcessorRoleData Shared
SupabaseDatabase & authenticationAccount, usage, subscription data
RazorpayPayment processingName, email, billing amount
Google / GeminiContent generationDoubt query text (anonymised)
PineconeVector search (NCERT corpus)Query embeddings only
VercelWeb hosting & edge deliveryIP address, request logs
RailwayAPI service hostingAPI request logs
ResendTransactional emailName, email

All processors are contractually prohibited from using your data for their own commercial purposes.

4. Data Retention

We retain data for as long as your account is active, plus a 90-day grace period after deletion to allow for dispute resolution and legal compliance.

  • Account data: Deleted 90 days after account closure
  • MCQ responses & progress: Retained for the life of the account for personalisation; deleted with the account
  • Subscription records: Retained for 7 years for GST and accounting compliance
  • Technical logs: Retained for 90 days, then automatically purged

You may request deletion of all personal data at any time by emailing upscclearcut1@gmail.com. We will process deletion requests within 30 days, subject to any legal retention obligations.

5. Cookies & Tracking

We use a minimal set of cookies:

  • Session cookies: Managed by Supabase for authentication. Strictly necessary — no consent required.
  • Analytics: We use PostHog for product analytics (page views, feature usage). PostHog is configured in cookieless mode; no advertising identifiers are set.

We do not use third-party advertising cookies, tracking pixels, or share browsing data with ad networks.

6. Your Rights

Under applicable Indian law and our own policy, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update inaccurate or incomplete data (via Dashboard → Settings)
  • Deletion: Request erasure of your personal data
  • Portability: Request your MCQ history and progress data in a machine-readable format
  • Objection: Object to processing based on legitimate interests

To exercise any of these rights, email upscclearcut1@gmail.com. We will respond within 30 days.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • TLS encryption for all data in transit
  • AES-256 encryption for data at rest (Supabase)
  • Row-Level Security (RLS) policies — users can only access their own data
  • API key rotation and secrets management via environment variables (never committed to version control)
  • Regular dependency updates and security audits

No security system is impenetrable. In the event of a data breach affecting your rights, we will notify you within 72 hours of becoming aware of it.

8. Legal Compliance

This Privacy Policy is designed to comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under the Information Technology Act, 2000 (India).

We are also aware of the Digital Personal Data Protection Act, 2023 and are monitoring its implementation rules as they are notified. Our practices will be updated to comply with the DPDPA framework as it comes into force.

9. Contact

For privacy-related queries or to exercise your rights:

UPSC Clear Cut Contact

upscclearcut1@gmail.com

Response within 30 days.

For billing or refund support, use the payment contact listed on the Contact page.