1. Introduction

Welcome to Examvine (“we,” “us,” “our”). This Privacy Policy explains how we collect, use, process, share, and protect your personal data when you use our website https://examvine.com and services (collectively, the “Services”). We are committed to protecting your privacy and handling your data responsibly in compliance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (IT Rules).

By accessing or using our Services, you signify your understanding of the terms outlined in this Privacy Policy.

Important Note: This policy primarily applies to the processing of digital personal data within India or the processing of digital personal data outside India if connected with offering goods or services to individuals within India.

2. Definitions

• Personal Data: Means any data about an individual who is identifiable by or in relation to such data. This includes information you provide directly (like name, email) and information collected automatically (like usage data, potentially IP address if logged).
• Digital Personal Data: Personal Data in digital form.
• Processing: In relation to Personal Data, means a wholly or partly automated operation or set of operations performed on digital personal data, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.
• Data Principal: The individual to whom the Personal Data relates (i.e., “you”). If you are a parent or guardian providing data for a child, you act on their behalf.
• Data Fiduciary: The entity which alone or jointly with others determines the purpose and means of Processing Personal Data. For the purpose of this policy, Examvine ([Your Company Legal Name, if applicable]) is the Data Fiduciary.
• Data Processor: Any person who processes Personal Data on behalf of a Data Fiduciary.
• Consent: Any freely given, specific, informed, unconditional, and unambiguous indication of the Data Principal’s wishes by which they, through a clear affirmative action, signify agreement to the Processing of their Personal Data for the specified purpose.
• Data Breach: Any unauthorized Processing of Personal Data or accidental disclosure, acquisition, sharing, use, alteration, destruction of or loss of access to Personal Data, that compromises the confidentiality, integrity or availability of Personal Data.

3. Information We Collect (Personal Data)

We collect Personal Data necessary to provide and improve our Services. This may include:

• Data You Provide Directly:
  • Contact Information: Name, email address (e.g., when you use the contact form, sign up for notifications, or register for an account – if applicable).
  • Communication Data: Content of your messages or inquiries sent to us.
• Data Collected Automatically (Usage Data):
  • Interaction Data: Information about how you interact with the Services, such as PYQs accessed, searches performed, pages visited, features used, time spent on pages.
  • Device and Log Data: We may automatically log information like your IP address (potentially), browser type, operating system, device information, access times, and referring website addresses. This data is primarily used for analytics, security, and service improvement.
• Cookies and Similar Technologies: We may use cookies and similar tracking technologies to collect usage data, understand user preferences, and enhance user experience. Please refer to Section 10 (“Cookies”) for more details.
• Sensitive Personal Data: We generally do not collect Sensitive Personal Data (as defined under applicable law, such as financial information, health data, biometric data, etc.). If we ever need to collect such data (e.g., for premium services involving payments processed by a third party), we will seek your explicit consent beforehand and ensure appropriate safeguards are in place. User account passwords, if applicable, are stored using secure hashing techniques and are not considered Sensitive Personal Data in that form for the purposes of this section.

4. How We Use Your Information (Purpose and Lawful Basis)

We process your Personal Data for specific, lawful purposes based primarily on your **Consent** or for **Legitimate Uses** as permitted under the DPDP Act:

• To Provide and Maintain Services (Consent/Legitimate Use): To operate the website, provide access to PYQs, manage user accounts (if any), and respond to your inquiries or requests.
• To Improve and Personalize Services (Consent/Legitimate Use): To understand how users interact with our Services, analyze trends, troubleshoot issues, and personalize your experience.
• For Communication (Consent/Legitimate Use): To send you updates about the Services (like new PYQs or features), respond to your support requests, and send notifications you have opted into (e.g., “Notify Me” for new features). You can opt-out of non-essential communications.
• For Security and Fraud Prevention (Legitimate Use): To monitor for suspicious activity, prevent fraud, protect the security of our Services and users, and enforce our terms.
• For Legal Compliance (Legitimate Use): To comply with applicable laws, regulations, legal processes, or governmental requests.

We will only process your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason compatible with the original purpose and permitted by law. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so, typically seeking fresh Consent.

5. Consent

Where Consent is the basis for processing, we will obtain it before or at the time of collecting your Personal Data. This will typically be through a clear affirmative action, such as ticking a checkbox during registration or form submission, clearly linked to this Privacy Policy and the specific purpose(s).

The request for Consent will be presented in clear and plain language, and will inform you about the Personal Data to be processed, the purpose, how you can exercise your rights, and how to lodge complaints.

Withdrawal of Consent: You have the right to withdraw your Consent at any time. Withdrawing Consent is designed to be as easy as giving it. You can typically withdraw consent by [Describe mechanism – e.g., adjusting settings in your account, clicking an unsubscribe link in emails, contacting the Grievance Officer]. Withdrawal will not affect the lawfulness of processing based on Consent before its withdrawal. Upon withdrawal, we will stop processing your data for the purpose(s) you consented to, unless another lawful basis (like legal obligation or certain legitimate uses) applies.

6. Data Sharing and Disclosure

We do not sell your Personal Data. We may share your Personal Data with third parties only in the following circumstances:

• With Data Processors (Service Providers): We may share data with trusted third-party companies that perform services on our behalf (e.g., website hosting providers, analytics providers like Google Analytics, email service providers). These Data Processors are contractually obligated to process your data only based on our instructions, maintain confidentiality, and implement adequate security measures.
• For Legal Reasons: We may disclose your Personal Data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Examvine, our users, or the public.
• In Case of Business Transfers: If Examvine is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred as part of that transaction. We will notify you before your Personal Data is transferred and becomes subject to a different privacy policy.

We ensure that any third party with whom we share Personal Data maintains reasonable security practices and provides a level of data protection comparable to ours, as required by law.

7. Data Security

We implement reasonable security practices and procedures appropriate to the nature of the Personal Data we hold, to protect it from unauthorized access, use, alteration, disclosure, or destruction. These measures include:

• Technical safeguards (e.g., encryption where appropriate, secure servers, access controls).
• Organizational safeguards (e.g., internal policies, staff training, confidentiality agreements).
• Regular review of our security practices.

While we strive to protect your Personal Data, please be aware that no method of transmission over the Internet or electronic storage is 100% secure. In the event of a Data Breach affecting your Personal Data, we will notify you and the Data Protection Board of India (once established and as required by law) in accordance with applicable regulations.

8. Data Retention

We will retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including for providing the Services, satisfying any legal, accounting, or reporting requirements, or resolving disputes.

When your Personal Data is no longer required, or upon your valid request for erasure or withdrawal of consent (where no other legal basis for retention exists), we will securely delete or anonymize it.

9. Your Rights as a Data Principal

Under the DPDP Act, you have certain rights regarding your Personal Data. These include:

• Right to Access Information: You have the right to obtain confirmation whether we process your Personal Data, access your Personal Data, and receive a summary of the data being processed and the processing activities undertaken.
• Right to Correction and Erasure: You have the right to request correction of inaccurate or incomplete Personal Data and the erasure of your Personal Data that is no longer necessary for the purpose it was collected, or when you withdraw consent (subject to certain legal exceptions).
• Right to Withdraw Consent: As detailed in Section 5, you can withdraw your consent at any time where processing is based on consent.
• Right to Grievance Redressal: You have the right to have readily available means of grievance redressal provided by us regarding any act or omission concerning your Personal Data or our obligations under the law. Please see Section 11.
• Right to Nominate: You have the right to nominate another individual who, in the event of your death or incapacity, shall exercise your rights under the DPDP Act. [You may need a mechanism to facilitate this if offered].

10. How to Exercise Your Rights

To exercise any of your rights, please contact our Grievance Officer using the details provided in Section 11. We will respond to your request within a reasonable timeframe and in accordance with applicable law. We may need to verify your identity before processing your request.

11. Grievance Redressal

We are committed to resolving any questions or concerns you may have about your privacy and our data processing practices. If you have a grievance, please first contact our Grievance Officer:

• Grievance Officer Name: [Insert Name of Grievance Officer]
• Designation: [Insert Designation, e.g., Privacy Officer, Grievance Officer]
• Email: [Insert Dedicated Grievance Email Address, e.g., grievance@examvine.com]

We will acknowledge your grievance promptly and attempt to resolve it within the timelines stipulated by law. If you are not satisfied with our response, you have the right to approach the Data Protection Board of India (once established).

12. Cookies and Tracking Technologies

We use cookies (small text files placed on your device) and similar technologies (like web beacons or pixels) to operate the Services, analyze performance, personalize your experience, and understand usage patterns.

Types of cookies we may use:

• Essential Cookies: Necessary for the website to function (e.g., session management).
• Performance/Analytics Cookies: Help us understand how visitors interact with the website (e.g., Google Analytics).
• Functionality Cookies: Remember your preferences to enhance your experience.

You can manage your cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. However, disabling essential cookies may affect the functionality of the Services. [Optional: Link to a separate Cookie Policy if you have one].

13. Children’s Privacy

Our Services are not directed towards individuals under the age of 18 (“Children”). We do not knowingly collect Personal Data from Children. If you are a parent or guardian and believe your child has provided us with Personal Data without verifiable parental consent, please contact our Grievance Officer immediately. If we become aware that we have collected Personal Data from a Child without verifiable parental consent, we will take steps to remove that information from our servers.

We shall not undertake processing of personal data that is likely to cause any detrimental effect on the well-being of a child, nor undertake tracking or behavioural monitoring of children or targeted advertising directed at children.

14. Third-Party Links

Our Services may contain links to other websites or services not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

15. International Data Transfer

Your Personal Data may be processed and stored on servers located outside of India [Specify if true, e.g., “where our hosting providers operate”]. If we transfer Personal Data outside India, we will ensure that the transfer complies with the DPDP Act and that the data receives an adequate level of protection, comparable to that afforded within India, or as permitted by law (e.g., based on adequacy decisions or specific consent, subject to any restrictions notified by the Central Government).

16. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Effective Date” and “Last Updated” date at the top. We encourage you to review this Privacy Policy periodically for any changes. For significant changes, we may also provide notice through other means, such as email (if we have your email address).

17. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of India.

18. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Via Email: [Insert General Contact Email, e.g., support@examvine.com]
• Via our Contact Form: [Link to your Contact Us page]
• For grievances, please contact the Grievance Officer as detailed in Section 11.

---

Disclaimer: This Privacy Policy is provided as a template and general guide. It does not constitute legal advice. Examvine strongly recommends consulting with a qualified legal professional specializing in Indian data protection law to ensure this policy is fully compliant with the DPDP Act 2023, IT Rules 2011, and accurately reflects your specific data handling practices before implementation.