Effective Date: 13 June 2026
MindOrp ("we", "us", "our") is committed to protecting your personal data and your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you access or use the mindorp.com website, applications, and portal services. This policy is strictly formulated and compliant with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 (IT Act).
We collect and process the following categories of personal data: (a) Account Information: Full name, verified email address, mobile number, city, and state; (b) Academic Information: Selected exam categories, mock test scores, practice performance logs, and analytics; (c) Payment Information: Subscription plans, cycles, and transaction IDs (we do not store credit card, net banking, or UPI details — all payment operations are handled securely by PCI-DSS compliant third-party payment gateways); (d) System and Usage Information: IP address, device identifier (device_id), browser type, Internet Service Provider (ISP), login history, and navigation patterns; (e) Communication Information: Support tickets, chat histories with mentors, and responses.
In accordance with Section 6 of the DPDP Act 2023, we process your personal data under the following lawful grounds: (a) Consent: When you explicitly opt-in to receive notification updates; (b) Contractual Necessity: To provision, operate, and maintain the subscription services you purchase; (c) Legitimate Uses: For security audit tracking, fraud prevention, debugging, system diagnostics, and to protect the platform against unauthorized use; (d) Legal Compliance: For taxation (GST) compliance, financial auditing, and responding to lawful orders from judiciary or law enforcement agencies.
We share your data only to the minimum extent necessary to provide our services. Your data is shared only with: (a) Payment gateways (including Razorpay, Cashfree, PhonePe, PayU, Paytm, CCAvenue) to securely authorize transactions; (b) Verified SMTP and transactional email relays to deliver account updates; (c) Judicial, regulatory, or law enforcement authorities under lawful mandates. We do not engage in behavioral tracking, advertising profiling, or sale of user data. We do not sell your personal details to third parties.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected: (a) Account profile and academic metrics are retained while the account is active. If you initiate account deletion, your personal data will be purged from active systems within 30 days; (b) Section 67C of the IT Act and GST guidelines mandate the retention of transaction records, invoice logs, IP addresses, and session history logs for a statutory period of 7 years. These records are retained securely and are exempt from standard user erasure requests; (c) Anonymized data points containing no personally identifiable information may be retained indefinitely for analytics.
Under the DPDP Act 2023, you have a statutory duty to: (a) Provide true, accurate, and complete information at all times; (b) Refrain from impersonating other individuals, creating fraudulent accounts, or registering under false identities; (c) Keep your account access details secure. Under the DPDP Act, providing false information or filing frivolous/vexatious complaints is a punishable offense. MindOrp reserves the right to suspend any account violating these duties and report such violations to the Data Protection Board of India.
While you hold the right to access, correct, or erase your data, we enforce strict verification protocols to prevent system exhaustion and security breaches: (a) All access, correction, or deletion requests must undergo multi-factor authentication (email OTP + security questionnaire verification); (b) Frivolous, repetitive, or bad-faith requests designed to disrupt operations or harvest platform data will be rejected. We reserve the right to charge a reasonable administrative processing fee to cover operational costs for excessive or repetitive requests.
We enforce enterprise-grade security protocols: (a) End-to-end data encryption in transit via TLS/HTTPS; (b) Symmetric AES-256 encryption at rest for database records; (c) JWT-based session tokens with 30-minute expiry for administrators; (d) Automated WAF security blocking against SQL injection, XSS, and malicious file uploads; (e) Device fingerprinting and geo-inconsistency checks to prevent unauthorized account sharing; (f) Immutable, security-hardened audit logs tracking all administrative operations for 5 years.
We use technical cookies for session maintenance, security verification, and referral tracking (mindorp_ref, 7-day expiry). We do not load advertising pixels or third-party marketing trackers. Blocking cookies in your browser settings may result in authorization failures and restrict platform usage.
We set cookies solely to maintain security, session state, and attribute referrals. You can configure your browser to block cookies, but this may cause platform errors.
MindOrp provides educational prep services primarily for students aged 13 and above. If you are a minor under 18 years of age, you must use the platform with the consent and supervision of a parent or legal guardian. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If we discover registration from a child under 13, the account will be immediately deleted.
All personal information, database entries, and transaction histories of Indian citizens are stored and processed on secure cloud servers physically located in India in strict compliance with local data localization guidelines.
In accordance with the DPDP Act 2023, you have the right to nominate another individual to exercise your data rights in the event of your death or physical/mental incapacity. You also have the right to seek grievance redressal. For any privacy concerns, complaints, or nomination filings, contact our Grievance Officer at support@mindorp.com. We will acknowledge your request within 48 hours and resolve it within 30 days. If unsatisfied, you may appeal to the Data Protection Board of India.