Privacy Policy
Last updated: 20 May 2026
We, NSIMPACTT PRIVATE LIMITED (CIN: U80903GJ2022PTC137755, GST: 24AAICN6637R1ZP), (hereinafter referred to as "Growith NSI" and/or "https://growithnsi.com" and/or "We"), are a Private Limited Company incorporated under the Private Limited Company's Act, 2013.
We operate the Growith NSI platform and are committed to protecting your privacy. In this Policy, "we," "us," and "our" refer to NSIMPACTT PRIVATE LIMITED.
This policy complies with:
- The Digital Personal Data Protection Act, 2023 (India — DPDP Act)
- The General Data Protection Regulation (EU — GDPR) for EU users
- The California Consumer Privacy Act (CCPA) for California users
1. Information We Collect
1.1 Information you provide directly
- Account: full name, email address, phone number, password (hashed), country
- Profile: optional details you add
- Payment: handled entirely by Razorpay — we receive only transaction ID and payment status, not card or UPI details
- Consent records: when you agree to policies at payment, we record the timestamp, terms version, and IP address for compliance and dispute-resolution
- Communications: support requests, reviews, comments
- KYC (Distributor Program): identity documents if required
1.2 Information collected automatically
- Device: IP address, browser type and version, operating system
- Usage: pages visited, time spent, clicks, video watch progress, funnel step completions
- Referral: distributor attribution if you arrive via a referral link
- UTM parameters: marketing campaign tracking
- Cookies: essential (authentication and security), functional (preferences)
1.3 From third parties
- Razorpay: transaction results, billing status, subscription lifecycle events
- Bunny Stream: anonymous aggregate video view statistics (no personal identifiers shared)
- Meta (Facebook/Instagram) and LinkedIn: access tokens and basic profile info when you voluntarily connect your account (Distributor Program only — see Section 8)
2. How We Use Your Information
- Providing Services: account creation, payment processing, course access, Distributor Program management
- Consent and compliance: recording policy versions agreed to at each payment for dispute defence and legal compliance
- Customer support: responding to queries and troubleshooting
- Communications: transactional emails (receipts, password resets, renewal confirmations); platform updates (opt-out available)
- Legal compliance: Indian tax, accounting, and regulatory requirements
- Fraud prevention: detecting suspicious activity, fake accounts, payment fraud
- Service improvement: aggregate usage analysis to improve content and platform
3. Legal Basis for Processing (GDPR)
For EU users:
- Contract: to provide the Services you signed up for
- Legitimate interest: platform security, fraud prevention, service improvement
- Consent: marketing emails and non-essential cookies (withdraw anytime)
- Legal obligation: where Indian or EU law requires data retention or disclosure
4. Who We Share Your Data With
We do not sell your personal data.
4.1 Service providers (data processors)
- Razorpay — payment processing (India)
- Resend — transactional email delivery
- Bunny Stream — video content delivery (CDN)
- Cloudflare R2 — secure file storage (certificates, invoices, PDFs)
- Cloudinary — profile image processing
- Hostinger — VPS server hosting (India)
All providers are bound by data-processing agreements and use your data only on our instructions.
4.2 Legal authorities
We disclose data only when required by law, court order, or government request — for example, tax authorities, law enforcement, or regulatory investigations.
4.3 Business transfers
If we are ever acquired or restructured, your data may transfer to the new entity with equivalent privacy protections.
5. International Data Transfers
Our servers are located in India (Hostinger VPS). For EU users, transfers to India are covered by Standard Contractual Clauses (SCCs) or equivalent safeguards as permitted by GDPR.
6. Data Retention
| Data type | Retention period |
|---|---|
| Account data | Duration of account + 3 years after closure |
| Transaction + consent records | 8 years (required by Indian tax law) |
| Support communications | 3 years |
| Social media access tokens | Until you disconnect your account + 30 days |
| Marketing preferences | Until you opt out |
After these periods, data is deleted or fully anonymized.
7. Your Rights
You may have the right to:
- Access: request a copy of your personal data
- Correction: fix inaccurate data
- Deletion: request deletion of your account and data (subject to legal retention requirements)
- Restriction: pause certain processing
- Portability: receive your data in a machine-readable format
- Objection: object to processing (e.g. marketing emails)
- Withdraw consent: for consent-based processing
To exercise any right, email privacy@growithnsi.com from your registered email address. We will respond within 30 days.
8. Social Media Integration (Distributor Program Only)
8.1 What we collect when you connect a social account
When you voluntarily connect your Facebook, Instagram, or LinkedIn account via the Distributor Program, we collect and store:
- Your platform user ID and username
- An access token issued by the platform to authorise publishing on your behalf
- Basic profile information (name, profile picture URL)
All access tokens are encrypted at rest using AES-256-GCM encryption before being stored in our database.
8.2 How we use connected account data
We use connected account data solely to:
- Publish AI-generated posts on your behalf at your chosen schedule
- Retrieve basic engagement data (likes, reach, impressions) for your personal analytics dashboard
- Send you WhatsApp notifications about your post activity
We do not sell, share, transfer, or use your social media tokens or profile data for any purpose other than the above.
8.3 Data from Meta (Facebook/Instagram)
When you connect a Facebook Page or Instagram Business account, we access and store only:
- Page access token (for publishing)
- Page ID and name
- Basic engagement metrics per post
We do not access your personal Facebook friends list, private messages, or any data beyond what is required for content publishing and basic engagement analytics.
8.4 Revoking access
You can disconnect any social account at any time from your Dashboard → Settings → Connected Accounts. Your access token is removed from our systems within 24 hours of disconnection.
You can also revoke access directly from the social platform:
- Facebook/Instagram: facebook.com/settings → Apps and Websites → Remove NSI Platform
- LinkedIn: linkedin.com/settings → Data Privacy → Permitted Services → Remove NSI Platform
8.5 Data deletion
To request deletion of your social media connection data:
- Disconnect your account from Dashboard → Settings → Connected Accounts, OR
- Email hello@growithnsi.com with subject line: "Social Media Data Deletion Request"
We will remove all stored tokens and associated data within 30 days of your request.
Note: Posts already published to your social media accounts cannot be deleted by us — you must delete them directly from the respective platform.
8.6 Third-party platform policies
Your use of connected social media platforms is governed by their own privacy policies:
- Meta Privacy Policy: facebook.com/privacy/policy
- LinkedIn Privacy Policy: linkedin.com/legal/privacy-policy
9. Children's Privacy
Growith NSI is not intended for users under 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data to us, please email hello@growithnsi.com and we will delete it promptly.
10. Security
We use industry-standard safeguards:
- HTTPS/TLS encryption for all data in transit
- Hashed passwords (bcrypt)
- AES-256-GCM encryption for social media access tokens at rest
- Access controls limiting team member access to user data
- Regular security reviews
- Payment data never stored on our servers (handled entirely by Razorpay)
In the event of a data breach, we will notify affected users within 72 hours as required by law.
11. Cookies
- Essential cookies: required for login and security — cannot be disabled
- Functional cookies: remember your preferences (language, settings)
- Analytics: we use self-hosted analytics to understand platform usage (no third-party analytics cookies at this time)
You can manage cookie preferences from the cookie banner on first visit.
12. Changes to This Policy
Material changes will be communicated via email and platform notice. Continued use after changes constitutes acceptance.
13. Contact
Privacy questions: privacy@growithnsi.com
General support: hello@growithnsi.com
Grievance Officer: hello@growithnsi.com
NSIMPACTT PRIVATE LIMITED
CIN: U80903GJ2022PTC137755 | GST: 24AAICN6637R1ZP
Ahmedabad, Gujarat, India
© 2026 NSIMPACTT PRIVATE LIMITED. All rights reserved.