Privacy Policy

1Information We Collect

When you enrol or log in, we collect the following categories of information:

• Identity data: Aadhaar (UID) — used only for verification.
• Contact data: The operator mobile number registered in the UCL database (used for OTP delivery via WhatsApp).
• Technical data: IP address, browser user-agent, device type, and session cookies.
• Usage data: Videos watched, watch duration, completion percentage, and login timestamps.
• Transaction data: Order ID, amount, transaction ID, UTR (no card or bank account details are stored on our servers).

2How We Use Your Information

• To verify that you are a registered UCL operator.
• To send OTPs via WhatsApp for secure authentication.
• To process your training-fee payment securely via our gateway partner.
• To provide video lessons and track learning progress.
• To provide customer support and respond to your queries.
• To detect, prevent, and investigate fraud, abuse, or violations of the Terms of Use.
• To comply with applicable laws, court orders, and government directives.

We do not use your data for advertising, behavioural profiling, or sale to third parties.

3Aadhaar (UID) Handling

In full compliance with the Aadhaar Act 2016 and applicable UIDAI guidelines:

• Aadhaar is used only for authentication against the existing UCL operator database.
• Aadhaar is never displayed in full within the Platform; it is always masked (e.g. “XXXX XXXX 1234”).
• Aadhaar is not shared with third parties, not used for demographic profiling, and not used for marketing.
• You can request deletion of your Aadhaar record from our database at any time (see Section 9).

4Cookies & Session Data

We use HTTP-only, same-site cookies strictly for session management (keeping you logged in). These cookies contain only a random session identifier — no personal information is stored inside them. We do not use third-party analytics, advertising, or tracking cookies.

5Payment Information

Payments are handled entirely by our PCI-DSS compliant gateway partner. Your card/UPI/net-banking details are entered only on the gateway's page, transmitted over TLS 1.2+, and never stored on our servers. We receive only transaction status, order ID, and UTR reference.

6Data Storage & Security

• All data is hosted on servers located within India.
• Transport layer: TLS 1.2+ with HSTS enforced.
• Database: Hashed and/or encrypted sensitive fields.
• Videos: Served only via signed, short-lived tokens bound to your user ID — direct URL access is blocked at the server level.
• Access controls: Role-based, audit-logged, with multi-factor authentication for administrators.

7Third-Party Services

We rely on the following service providers, each contracted under strict data-processing agreements:

8Data Retention

We retain your data only for as long as necessary:

• Operator profile & progress: retained for 3 years from your last login.
• Payment records: retained for 7 years (required by tax law).
• OTP logs: deleted after 30 days.
• Audit logs: retained for 1 year.

9Your Rights

You have the right to:

• Access a copy of the data we hold about you.
• Correct inaccurate information.
• Withdraw consent — this will result in account deletion.
• Request deletion of your personal data (subject to legal retention requirements).
• Lodge a complaint with the designated Grievance Officer below.

To exercise any of these rights, please write to us using the details on the Contact Us page. We aim to respond within 7 working days.

10Children's Privacy

The Platform is intended for adult UCL operators only. We do not knowingly collect personal information from anyone under 18. If we become aware of such collection, the data will be deleted promptly.

11Grievance Officer

In accordance with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Grievance Officer may be contacted at: