Privacy Policy

1. Who We Are

VetriPath is a partnership firm registered in Coimbatore, Tamil Nadu, India. We operate the website vetripath.in — an e-learning platform for government exam preparation.

Under the Digital Personal Data Protection Act (DPDPA), 2023, VetriPath is the Data Fiduciary responsible for the processing of your personal data.

2. Information We Collect

We collect the following information when you use VetriPath. For each category, we explain why we need it.

• Account information — Email address, full name, and phone number provided during registration (via email OTP or Google sign-in). This is needed to create and manage your account.
• Payment information — Transaction records including order ID, payment amount, and payment status. Your card or bank details are handled entirely by Razorpay (PCI-DSS compliant) — we never see or store them.
• Usage data — Course progress and video completion records. This is needed to track your learning progress and show it to you.
• Device information — Browser type and IP address, collected through our self-hosted analytics tool (Umami). Umami does not use cookies and does not share any data with third parties.

3. Lawful Basis & Consent

Under DPDPA 2023 (Section 4), we process your personal data based on:

• Your consent — given when you sign up for an account.
• Performance of service — to provide you with course access, process payments, and track your progress.

You can withdraw your consent at any time by deleting your account or contacting us. Withdrawal of consent will result in loss of access to purchased courses.

4. How We Use Your Information

• To create and manage your account.
• To process payments and generate receipts.
• To provide course access and track your learning progress.
• To send important notifications about your account or purchases.
• To send marketing communications (only if you have opted in).
• To improve our platform based on aggregated usage patterns.

5. Marketing Communications

If you opt in to marketing during signup, we may contact you about new courses, offers, and updates through:

• Email
• SMS
• WhatsApp
• Telegram

You can opt out at any time by updating your profile settings or by contacting us via email or any of the channels above. We will stop marketing communications within 48 hours of your opt-out request.

6. Cookies & Local Storage

• Analytics (Umami): Our analytics tool does not use cookies. No personal data is collected or shared.
• Authentication (Supabase): We use browser local storage to keep you logged in. This is required for the platform to function.
• Security (Cloudflare): Cloudflare may set a bot-management cookie (__cf_bm) to protect the platform from automated attacks. This is a functional cookie, not a tracking cookie.

We do not use any advertising or tracking cookies.

7. Third-Party Services

• Supabase — Database and authentication. Hosted on AWS ap-south-1 (Mumbai, India). Your data is stored in India.
• Razorpay — Payment processing. PCI-DSS compliant. All payment data is processed within India.
• Cloudflare — CDN and video streaming. Cloudflare operates a global edge network. Request metadata (such as IP address) may be processed at international edge nodes for performance and security purposes. No personal data is stored outside India.
• Umami — Analytics. Self-hosted on our own servers. No personal data is collected, no cookies are used, and no data is shared with third parties.

8. Data Storage & Security

Your data is protected by the following measures:

• All data is hosted on AWS ap-south-1 (Mumbai, India) via Supabase.
• All connections use HTTPS/TLS encryption (data in transit).
• Row-level security (RLS) policies on the database ensure users can only access their own data.
• Service role keys are restricted to server-side operations only.
• Regular automated database backups.

9. Data Retention

• Account data (email, name, phone) — retained while your account is active. Deleted within 30 days of an account deletion request.
• Payment records — retained for 8 years as required by Indian tax law.
• Usage data (course progress, video completions) — retained while your account is active, deleted along with your account.
• Analytics data — aggregated and non-personal, retained indefinitely.

10. Your Rights

Under DPDPA 2023 (Sections 11-14), you have the right to:

• Access your personal data that we hold.
• Correct inaccurate or incomplete data.
• Erase your data by requesting account deletion.
• Data portability — receive your data in a machine-readable format.
• Opt out of marketing communications at any time.
• Nominate another person to exercise your rights on your behalf (DPDPA Section 14).
• Grievance redressal — contact our Grievance Officer (see below).

To exercise any of these rights, email us at [email protected]. We will respond within 15 days.

11. Children's Data

Our platform is open to learners of all ages. However, to make a purchase, you must be 18 years or older, or have verifiable parental/guardian consent.

We do not knowingly collect personal data from children under 18 without parental consent. If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.

12. Data Breach Notification

In the event of a personal data breach that is likely to cause harm, we will notify the Data Protection Board of India and affected users as required under DPDPA 2023 (Section 8(6)).

13. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via email to your registered email address. Continued use of the platform after notification constitutes acceptance of the updated policy.

14. Grievance Officer

In accordance with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under Section 43A of the IT Act 2000, the contact details of our Grievance Officer are: