Logo

Privacy Policy — TaiyariPoint

Effective Date: October 5, 2025
Last Updated: October 5, 2025

Scope: This Privacy Policy explains how TaiyariPoint (“we”, “us”, “our”, “TaiyariPoint”) collects, uses, discloses, stores and protects personal data of users of our website, mobile apps and related services (the “Platform”). It applies to all visitors, registered users, customers, and other persons whose personal data we process.

1. Data controller and grievance contact

  • Data Controller: TaiyariPoint (operating entity)
  • Primary support: support@taiyaripoint.com
  • Data Protection / Grievance Officer: dpo@taiyaripoint.com
  • Registered office: [Insert registered business address here — required for legal notices]

All requests related to privacy, data subject rights, complaints, or data breach notices should be sent to dpo@taiyaripoint.com or support@taiyaripoint.com. We will acknowledge any valid request within 7 calendar days and respond substantively within 30 calendar days unless extended for complex requests (we’ll notify you).

2. Personal data we collect (categories and sources)

We collect only the personal data reasonably necessary for the Platform to operate.

  • A. Data you provide directly
    • Account & identity: name, email, mobile number, password (hashed), profile photo (optional).
    • Payment & billing: transaction ID, billing name and address, receipts (payment methods processed by third-parties).
    • Registration & exam preferences: exam type, target date, preferred language, educational details.
    • User Content: comments, answers, uploaded files, reviews, feedback.
    • Support communications: emails, chat transcripts.
  • B. Data collected automatically
    • Usage & analytics: pages viewed, session length, test attempts, answers, scores, progress metrics, error logs.
    • Device & connection: IP address, browser type/version, OS, device identifiers, geolocation (approximate via IP).
    • Cookies and similar trackers (see Section 7).
  • C. Data from third parties
    • Payment confirmations from payment processors; identity verification data from verification vendors; marketing analytics (if you click ads or social channels). We will only accept data from trusted processors.

3. Purposes and legal bases for processing

  • To provide the Platform and services (account creation, test delivery, scoring, results): performance of contract / legitimate interest.
  • To process payments & refunds (billing, receipts, tax reporting): performance of contract / legal obligation.
  • To communicate with you (service notices, account changes, support): performance of contract / legitimate interest.
  • To improve service & analytics (product analytics, A/B testing, quality assurance): legitimate interest.
  • To personalize recommendations and learning paths (automated suggestions): consent / legitimate interest (you may opt out of marketing personalization).
  • To prevent fraud and abuse (identity verification, security, chargeback prevention): legitimate interest / compliance with law.
  • To comply with legal obligations (tax, law enforcement, court orders): legal obligation.
  • Marketing & promotional messages: only where you have given consent or not opted out. You may opt out at any time.

We will not process your data for other unrelated purposes without notice and, where required, your consent.

4. Cookies and tracking technologies

We use cookies, web beacons, local storage and similar technologies.

  • Strictly necessary: required to operate the Platform (session, login, cart). Cannot be disabled via cookie banner but can be controlled in your browser.
  • Functional / Preference: remember settings, language, and preferences.
  • Analytics / Performance: collect anonymized usage data to improve the service (e.g., Google Analytics).
  • Advertising / Marketing: used to deliver relevant ads (e.g., Meta Pixel, advertising networks).

On first visit you will see a cookie consent banner. You can accept all or manage preferences.
You may disable cookies in your browser (see browser settings). Disabling certain cookies may degrade functionality.
For analytics opt-out: use browser add-ons / extensions or opt-out tools provided by the analytics vendor.

5. Third-party processors and disclosures

We share personal data with trusted third-party processors only as necessary to provide services, including (examples):

  • Hosting & infrastructure: AWS (Asia Pacific — Mumbai) for servers, storage, and backups.
  • Email delivery: AWS SES, SendGrid (for transactional emails and notifications).
  • Payments & billing: Razorpay, Paytm, or other local payment gateways for payment processing. We do not store complete payment card details unless explicitly permitted.
  • Analytics and advertising: Google Analytics, Meta (Facebook) Pixel, other marketing vendors.
  • Support & communication: Intercom / Zendesk / similar (support tickets and chat).
  • Identity verification & anti-fraud: third-party verification providers where used.

We require all processors to implement appropriate technical and organisational measures and do not permit them to use data for their own purposes. We may update the list of processors; the current list can be obtained by contacting dpo@taiyaripoint.com.

6. Cross-border transfers

Your data may be processed or stored in countries outside India (for example, AWS regions or service provider infrastructure). Where data is transferred outside India, we will ensure appropriate safeguards are in place (standard contractual clauses, data processing agreements, or other legally recognized mechanisms) and that the recipient provides adequate protection.

7. Data retention (how long we keep your data)

  • Account profile & registration data: Until you delete your account, then retained for up to 2 years for fraud prevention and to comply with legal obligations.
  • Transaction & billing records (payments/refunds): Up to 7 years (to satisfy tax and accounting laws).
  • Test results, scores, progress: Until account deletion + 2 years (unless you request earlier deletion).
  • Support records & communications: Up to 3 years.
  • Server logs and security logs: Up to 12 months (may retain for longer if necessary for investigations).
  • Backups / archival copies: may be retained for a limited period (anonymized where possible).
  • Aggregated / anonymized data: may be retained indefinitely for analytics and product improvement (non-personal).

If you request deletion of your data, we will remove personal data from active systems within a reasonable time but may keep limited copies in backups or archives as required by law (e.g., tax) or to defend legal claims.

8. Your rights & how to exercise them

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase / Delete your data (subject to legal retention obligations).
  • Portability of your data in a machine-readable format.
  • Restrict processing for particular purposes.
  • Object to processing (including marketing).
  • Withdraw consent at any time (where processing is based on consent).

To exercise rights: email dpo@taiyaripoint.com or support@taiyaripoint.com with subject “Privacy Request” and include your account email and a clear description of the request. We may require identity verification. We will acknowledge receipt within 7 calendar days and respond substantively within 30 calendar days (extensions for complex requests will be communicated).
If you are unsatisfied with our response, you may escalate the complaint to the relevant data protection regulator or consumer forum.

9. Children’s privacy

TaiyariPoint is intended for users 16 years or older. We do not knowingly collect personal data from children under 16. If we learn we have inadvertently collected a child’s personal data without parental consent, we will delete it promptly. Parents or guardians who believe we have collected data of a minor should contact dpo@taiyaripoint.com.

10. Data security

  • Encryption in transit (TLS) and encryption at rest where feasible (industry-standard algorithms).
  • Access controls, multi-factor authentication for admin access, and least-privilege principles.
  • Vulnerability scanning, patch management and logging/monitoring.
  • Regular backups and incident response procedures.

While we take reasonable measures to protect personal data, no system is 100% secure. We disclaim absolute security guarantees.

11. Data breach notification

  • Contain and remediate the breach.
  • Notify affected users and the relevant regulatory authority as required by applicable law, in a timely manner and with available information about the incident and remedial steps.
  • Provide contact details for further information (DPO contact).

12. Automated decision-making and profiling

We may use automated systems to analyze performance and to provide personalized learning recommendations. These automated decisions do not have legal effects beyond tailoring content/suggestions. If such processing causes significant adverse effects, you may request human review by emailing dpo@taiyaripoint.com.

13. Marketing communications

We will only send marketing communications where you have opted in or where permitted by applicable law. Every marketing message includes an unsubscribe link. You can also opt-out by emailing support@taiyaripoint.com.

14. Links to other websites

The Platform may link to third-party sites. We are not responsible for their privacy practices. Read the privacy policies of third-party sites before providing personal data.

15. Changes to this Policy

We may update this Policy to reflect changes in law, our processing practices, or services. Material changes will be notified to registered users via email or prominent notice at least 30 days before the change becomes effective. The “Effective Date” at the top will be updated.

16. International users

If you use the Platform from outside India, your data may be transferred to and processed in India or other countries. By using the Platform you consent to such transfers and processing as described in this Policy.

17. Complaints and supervisory authority

If you are not satisfied with our response to a grievance, you may escalate to the relevant supervisory authority in your jurisdiction. For India-related disputes, contact details for consumer forums and regulator escalation will be provided upon request.

18. Contact information

Support: support@taiyaripoint.com
DPO / Grievance: dpo@taiyaripoint.com
Address: [Insert registered business address here — required]
Please include your full name, registered email, description of the request or complaint, and any supporting documents.

19. Miscellaneous

  • We may update or remove processors and partners; the policy will reflect material changes.
  • Aggregated and anonymized data used for analytics does not constitute personal data and may be used freely.
  • We reserve the right to refuse or limit service for abusive or fraudulent requests.