Bharath Shiksha

Privacy policy · v2 · 2026-05-08

What we collect, why, and how to control it.

This is v2 of the Bharath Shiksha privacy policy, updated May 2026 to reflect the Indian Digital Personal Data Protection (DPDP) Act 2023 framework, the new features added in 2026 (cohort waitlist, diagnostic, testimonials, affiliate program), and our commitment to data minimisation. Plain English; full enumeration below.

One-paragraph summary: We collect the minimum information needed to deliver the curriculum to you. Email and name for enrolment. Payment data is held by Razorpay, not us. Anonymous diagnostic results, anonymous funnel events, and aggregated NPS are stored in Netlify Blobs for our own quality improvement. We do not sell, share, or trade your data with third parties for marketing. You can request deletion of your data at any time.

Sections

  1. What data we collect
  2. Why we collect it
  3. Third parties & processors
  4. Cookies & tracking
  5. Retention windows
  6. Your rights under DPDP Act 2023
  7. International transfer
  8. Children's data
  9. Changes to this policy
  10. Contact

1. What data we collect

We classify data into essential (required to deliver the curriculum), functional (improves the experience), and analytical (helps us improve the curriculum). The classification determines retention and your control rights.

Data typeClassSourceHeld by
Name, emailEssentialEnrolment formBharath Shiksha
Payment method, card detailsEssentialCheckoutRazorpay (we never see card numbers)
Login credentials (email + password)EssentialAccount creationNetlify Identity (passwords hashed)
Stage enrolment, cohort membershipEssentialRazorpay webhookBharath Shiksha
Curriculum progress, lesson completionFunctionalPortal interactionBharath Shiksha
Tutor channel queries (text)FunctionalTutor channelBharath Shiksha
Trade journal entries (if you use our journal)FunctionalJournal interfaceBharath Shiksha (encrypted at rest)
Diagnostic resultsAnalytical (anonymous)Diagnostic pageBharath Shiksha (no PII tied to result)
NPS responses, feedbackAnalyticalSurvey formsBharath Shiksha
Funnel events (page-view, click)AnalyticalSite instrumentationBharath Shiksha (aggregate)
Cohort waitlist infoFunctionalWaitlist formBharath Shiksha
Testimonial submissionsFunctionalTestimonial formBharath Shiksha (with consent)
Affiliate program dataFunctionalAffiliate apply formBharath Shiksha
IP address, user agentAnalyticalHTTP requestsNetlify (truncated & rotated)

Calculator inputs (position sizing, expectancy, R-multiple, drawdown, compound returns) are computed entirely in your browser. No calculator data is transmitted to us. The calculators are designed to never need network access for their core function.

2. Why we collect it

Each data point has a specific purpose. We don't collect speculatively.

  • Email + name — to deliver curriculum content and login access. Required for service delivery.
  • Payment data (via Razorpay) — to process enrolment payments. Razorpay is PCI-DSS compliant; we don't see or store card numbers.
  • Curriculum progress — to unlock subsequent lessons (gate quizzes, capstone certificates) and personalise the curriculum sequence.
  • Tutor channel queries — to answer your methodology questions. Reviewed weekly to identify content gaps for curriculum updates.
  • Diagnostic results — to compute your stage recommendation and (anonymously, in aggregate) understand stage-distribution patterns across waitlist members.
  • NPS responses — to measure curriculum satisfaction and identify detractors needing personal follow-up. Used in quarterly compliance report (aggregate only; no individual responses disclosed).
  • Funnel events — to understand which content paths lead to enrolment vs drop-off. Used to improve free-to-paid conversion. Aggregated; individual users not tracked across the funnel beyond pseudonymous session IDs.
  • Cohort waitlist info — to send you priority enrolment links and cohort-related notifications. No marketing emails outside cohort context.
  • Testimonial submissions — to publish on /testimonials.html with your consent. Performance-claim testimonials are auto-rejected per SEBI compliance.
  • Affiliate program data — to track referrals and pay commissions. Bank/UPI details collected at payout time, retained for tax-record purposes.

3. Third parties & processors

The following third parties process some of your data on our behalf. We've selected each based on data-protection posture and minimum-necessary access.

ProcessorData sharedPurpose
Netlify (hosting + Identity)Login credentials, page requests, function logsSite hosting, authentication, serverless functions
RazorpayEmail, name, payment method, transaction amountPayment processing
PostmarkEmail, message contentTransactional email delivery (welcome, drip, cohort, NPS)
Backblaze B2 (private)Curriculum video files (encrypted)Video content delivery via signed URLs

We do not share your data with: marketing platforms, ad networks, analytics aggregators (Google Analytics, Facebook Pixel), data brokers, or any party outside the four processors above. We have no marketing-attribution layer that tracks you across sites.

4. Cookies & tracking

We use a minimal cookie set. The site cookie banner offers consent choices.

  • Essential cookies (always on, no opt-out): session ID for login state, CSRF tokens. Without these, login and enrolment can't function.
  • Functional cookies (default opt-in, can opt out via banner): cohort thread preferences, lesson-progress markers.
  • Analytics cookies (default opt-out, opt-in via banner): pseudonymous session ID for funnel-event tracking.
  • No marketing cookies. We do not run third-party ad pixels, retargeting tags, or marketing-attribution beacons. The CSP at /_headers blocks them at the platform level.

5. Retention windows

Data typeRetentionReason
Account profile (name, email, password hash)While account is active + 1 year after deletion requestRe-enrolment and dispute resolution
Payment records7 yearsIndian tax record retention requirements
Curriculum progressWhile account is activeService delivery; deleted on account deletion
Tutor channel queries2 yearsCurriculum improvement; aggregate-anonymised after 2 years
Trade journal entriesWhile account is activeYour data, your retention; downloadable via account export
Diagnostic resultsIndefinite (anonymous)Pattern analysis; no PII tied to result
NPS responses3 years (anonymous after 1 year)Trend analysis
Funnel events1 year (aggregated thereafter)Conversion analysis
Compliance complaint records7 yearsCompliance audit trail
Refund records7 yearsTax + compliance audit trail
Server logs (IP, user agent)30 days then aggregatedSecurity incident response

6. Your rights under DPDP Act 2023

India's Digital Personal Data Protection Act, 2023 grants you specific rights as a Data Principal. We honour each.

  • Right to access. Request a copy of all personal data we hold about you. We respond within 7 working days. Email privacy@bharathshiksha.com.
  • Right to correction. Request correction of inaccurate data. Most fields can be self-edited from your portal; non-self-editable fields can be requested via email.
  • Right to erasure. Request deletion of your account and personal data. We honour deletion requests within 30 days, except for data we're legally required to retain (e.g., payment records for tax purposes).
  • Right to portability. Request export of your data in machine-readable format (JSON or CSV). Trade journal entries, curriculum progress, and tutor channel queries are exportable.
  • Right to grievance. If you believe we've mishandled your data, file via grievance redressal Stage 1.
  • Right to nominate. You can nominate another person to act on your behalf in case of incapacity or death. Contact privacy@bharathshiksha.com with nomination details.
  • Right to withdraw consent. Withdraw consent for analytics cookies, marketing emails, or functional features at any time. Doesn't affect prior processing.

7. International data transfer

Your data is processed in India and the United States. Netlify (hosting + Identity) operates servers in the US; data in transit is encrypted (TLS 1.3). Razorpay is India-based; Backblaze B2 is US-based with India edge replication. Postmark is US-based.

Per DPDP Act 2023, cross-border transfers to countries not on the negative list are permitted. The Government of India hasn't yet published the negative list as of May 2026; if it does and the US is included, we'll migrate the relevant processing within 90 days of the gazette notification and disclose the change at this URL.

8. Children's data

The Bharath Shiksha curriculum is intended for adult learners. We do not knowingly collect data from children under 18. Account creation requires self-declaration of age 18+. If you believe a minor has created an account, contact privacy@bharathshiksha.com and we'll delete the account and associated data within 7 working days.

9. Changes to this policy

We update this policy when we add features, change processors, or in response to regulatory updates. Material changes are notified via email to all enrolled students at least 30 days before the change takes effect. Non-material changes (clarifications, formatting) are made silently with the version number and date updated.

Version history: v1 (initial), v2 (this version, 2026-05-08). v1 archived at /privacy-v1.html.

10. Contact

For privacy questions or to exercise any right above, contact:

This privacy policy is the canonical statement of Bharath Shiksha's data practices as of 2026-05-08. Reviewed annually and updated when material changes occur. Disputes governed by Indian law; jurisdiction Bengaluru. The policy doesn't waive consumer-protection rights you have under Indian law including the DPDP Act 2023.