Privacy Policy

Last updated: [PLACEHOLDER: DD Month YYYY]

[PLACEHOLDER: legal entity name] ("we," "us," "our") operates NSI Platform and is committed to protecting your privacy. This policy explains what personal information we collect, how we use it, who we share it with, and your rights.

This policy complies with:

  • The Digital Personal Data Protection Act, 2023 (India — DPDP Act)
  • The General Data Protection Regulation (EU — GDPR) for users in the European Union
  • The California Consumer Privacy Act (CCPA) for users in California

1. Information we collect

1.1 Information you provide directly

  • Account information: full name, email address, phone number, password (hashed), country
  • Profile information: any details you add to your profile, including optional fields
  • Payment information: handled entirely by Razorpay. We receive a transaction ID and payment status, not card numbers.
  • Consent records: when you agree to Terms, Privacy, and Refund policies at the payment step, we record the consent timestamp, terms version, and your IP address for compliance and dispute-resolution purposes
  • Communication: emails, support requests, survey responses, comments, and reviews you submit
  • KYC information for distributors (if you join the Distributor Program): any identity documents you upload in accordance with our KYC requirements

1.2 Information we collect automatically

  • Device information: IP address, browser type and version, operating system, device identifiers
  • Usage data: pages visited, time spent, clicks, video-watch progress, funnel step completions
  • Referral tracking: if you arrive via a distributor's referral link, we record the attribution
  • Cookies: essential cookies for authentication and basic functionality; analytics cookies (consent-based) for understanding usage

1.3 Information from third parties

  • Payment processor (Razorpay): transaction results, billing status, subscription lifecycle events
  • Video hosting (Bunny Stream): anonymous aggregate view statistics (no personal identifiers)

2. How we use your information

We use your personal data for the following purposes:

  • Providing the Services: creating your account, processing payments, granting course access, enforcing Distributor Program rules
  • Consent and compliance: recording which version of our policies you agreed to at each payment, for dispute defense and legal compliance
  • Customer support: responding to your queries, troubleshooting issues
  • Service improvement: analyzing usage patterns (in aggregate) to improve course content and platform UX
  • Communications: sending transactional emails (receipts, password resets, subscription renewals); sending product announcements and educational tips (you can opt out anytime)
  • Legal compliance: meeting tax, accounting, and regulatory requirements under Indian law
  • Fraud prevention: detecting and blocking suspicious activity, fake accounts, payment fraud

3. Legal basis for processing (GDPR)

If you are in the EU, we process your data under the following legal bases:

  • Contract: to provide the Services you signed up for
  • Legitimate interest: to secure the platform, prevent fraud, and improve our offerings
  • Consent: for marketing emails and non-essential cookies (you can withdraw consent anytime)
  • Legal obligation: where Indian or EU law requires us to retain or disclose data

4. Who we share your data with

We do not sell your personal data. We share data only with:

4.1 Service providers (data processors)

  • Razorpay — payment processing
  • Resend — transactional email delivery
  • Bunny Stream — video content delivery
  • Cloudflare R2 — secure file storage (certificates, invoices, PDFs)
  • PostgreSQL database hosting — [PLACEHOLDER: hosting provider name, e.g. "AWS ap-south-1"]

All service providers are bound by data-processing agreements and use your data only on our instructions.

4.2 Legal authorities

We may disclose your data if required by law, court order, or government request — for example, responding to tax authorities, law enforcement, or regulatory investigations.

4.3 Business transfers

If we are ever acquired, merged, or restructured, your data may be transferred to the new entity, subject to the same privacy protections.

5. International data transfers

Our servers are located in [PLACEHOLDER: server location, e.g. "India (AWS ap-south-1)"]. If you access the Services from outside this region, your data will be transferred to and processed in that region.

For EU users, transfers to India are covered by Standard Contractual Clauses (SCCs) or equivalent safeguards as permitted by GDPR.

6. Data retention

We retain your personal data only as long as necessary for the purposes described:

  • Account data: for the duration of your account + 3 years after closure, for dispute resolution
  • Transaction records + consent records: 8 years (required by Indian tax law; consent records help defend against chargebacks during this period)
  • Support communications: 3 years
  • Marketing preferences: until you opt out
  • Cookies: as specified in our cookie consent banner

After these periods, data is deleted or fully anonymized.

7. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access: request a copy of the personal data we hold about you
  • Correction: ask us to fix inaccurate data
  • Deletion: ask us to delete your account and associated personal data (subject to legal retention requirements)
  • Restriction: ask us to stop processing your data temporarily
  • Portability: receive your data in a machine-readable format
  • Objection: object to certain processing (e.g. marketing)
  • Withdraw consent: where processing is based on consent
  • Complain: file a complaint with your local data-protection authority

To exercise any of these rights, email [PLACEHOLDER: privacy@your-domain.com] from the email address linked to your account. We will respond within 30 days.

8. Children's privacy

Growith NSI is not intended for users under 18. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please email us and we will delete it promptly.

9. Security

We use industry-standard safeguards to protect your data:

  • HTTPS/TLS encryption for all data in transit
  • Hashed passwords (bcrypt)
  • Access controls limiting who on our team can see user data
  • Regular security reviews and patching
  • Payment data never stored on our servers (handled by Razorpay)

No system is 100% secure. In the unlikely event of a data breach, we will notify affected users within 72 hours as required by law.

10. Cookies

We use:

  • Essential cookies: required for login and security (cannot be disabled)
  • Analytics cookies: [PLACEHOLDER: e.g. "Google Analytics / self-hosted" — only if you consent via the cookie banner]
  • Functional cookies: to remember your preferences

You can manage cookie preferences from the cookie banner on first visit or from your account settings at any time.

11. Changes to this policy

We may update this Privacy Policy as our Services evolve. Material changes will be communicated via email and via a notice on the platform. Continued use after changes means you accept the updated policy.

12. Contact

Privacy questions: [PLACEHOLDER: privacy@your-domain.com]
Grievance Officer: see our Contact page
General support: [PLACEHOLDER: support@your-domain.com]