Privacy Policy

Information you provide: your name, email address, password (stored only as a salted hash — never in plain text), and your exam preference when you create an account or contact us.

Information collected automatically: how you use the Service (briefs read, quizzes attempted, items saved), device and browser type, approximate location from IP address, and similar diagnostic data.

Payment information: payments are processed by our payment partner (Razorpay). We do not collect or store your card, UPI or bank details; we only receive the payment status and a transaction reference from Razorpay.

• To provide, personalise and maintain the Service and save your progress across devices.
• To process subscriptions and confirm payments.
• To send you service and transactional emails (e.g. a welcome email, and the daily brief notification).
• To improve our content and features, and to keep the Service secure and prevent abuse.
• To comply with legal obligations.

We send service emails such as a one-time welcome email and a daily 'brief is live' notification. You can unsubscribe from the daily notification at any time using the link in those emails; essential account and transactional emails may still be sent.

We do not sell your personal data. We share limited data only with service providers that help us run the Service:

• Google — for Google Sign-In (authentication).
• Razorpay — for payment processing.
• Cloudflare — for hosting, email delivery and security.
• Analytics providers (e.g. Google Analytics) — for aggregate, non-identifying usage statistics.

We may also disclose information if required by law or to protect our rights and users.

We use cookies and browser local storage for essential functions — keeping you signed in, remembering preferences (such as theme and language), and storing items you save or mark as read. You can clear these via your browser settings, though some features may stop working.

We protect your data with encryption in transit (HTTPS), hashed passwords, scoped access tokens and access controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

We retain your information for as long as your account is active or as needed to provide the Service, and thereafter only as required to comply with legal obligations, resolve disputes and enforce our agreements. You may request deletion of your account and associated data at any time.

Subject to applicable law (including India's Digital Personal Data Protection Act, 2023), you may request access to, correction of, or deletion of your personal data, and you may withdraw consent. To exercise these rights, contact us at hello@vidyastraa.in.

The Service is intended for users aged 18 and above (UPSC aspirants). We do not knowingly collect data from minors.

We may update this Policy from time to time. Material changes will be reflected by the 'Last updated' date above and, where appropriate, notified to you.

In accordance with applicable Indian law, you may contact our Grievance Officer regarding any concern about your data or this Policy at hello@vidyastraa.in. We will acknowledge and address grievances within the timelines required by law.