🔒 Privacy

Privacy Policy

Last Updated: May 20, 2026  ·  Effective: May 20, 2026

🇮🇳

This Privacy Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act), Information Technology Act, 2000, IT (SPDI) Rules, 2011, and the Consumer Protection Act, 2019 of India.

1. Introduction

EduMock ("we," "our," or "us"), operated by Rahul Pawar (Udyam Registered, Maharashtra, India), is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, store, share, and protect information you provide when using the EduMock platform at edumock.in.

By registering for or using EduMock, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform.

2. Data Fiduciary Details (DPDP Act 2023)

Data Fiduciary: Rahul Pawar (EduMock)

State: Maharashtra, India

Contact: help@edumock.in

3. Information We Collect

3.1 Information You Provide Directly

  • Account data: Full name, email address, password (stored as a one-way bcrypt hash — never in plain text), institution/organization name.
  • User Content: Study materials, PDFs, and any other files you upload to the Platform.
  • Communications: Messages or queries you send to our support team.

3.2 Payment Information

Payments are processed entirely by our authorized, PCI-DSS compliant third-party payment gateway(s). We do not collect, store, or have access to your credit/debit card numbers, CVV, net-banking credentials, or UPI PINs. The payment processor shares with us only the transaction status, amount, date, and a tokenized transaction reference.

3.3 Automatically Collected Data

  • Usage data: Exam attempts, scores, time spent, study patterns, features accessed.
  • Technical data: IP address, browser type and version, device type, operating system, screen resolution.
  • Log data: Server access logs, error logs, timestamps of Platform activity.
  • Cookies: See Section 11 for details.

4. Sensitive Personal Data & Information (SPDI Rules 2011)

Under Rule 3 of the IT (SPDI) Rules, 2011, "financial information" such as bank account details, credit card numbers, and payment credentials constitutes Sensitive Personal Data or Information (SPDI). EduMock does not directly collect or store any SPDI. Payment processing is delegated entirely to certified third-party payment processors. Any other personal information we collect (name, email, usage data) does not fall within the SPDI category under the Rules.

5. How We Use Your Information

We use the information we collect to:

  • Create and manage your account, and authenticate your identity.
  • Provide, operate, maintain, and improve the Platform and its features.
  • Process transactions and send subscription-related communications and receipts.
  • Generate AI-powered exam analyses, recommendations, and personalized learning insights.
  • Send service announcements, updates, and support responses.
  • Detect, prevent, and investigate fraud, abuse, security incidents, and technical issues.
  • Comply with applicable legal obligations and enforce our Terms and Conditions.
  • Aggregate and anonymize data for analytics and product improvement (in a form that does not identify you).

6. Legal Basis for Processing (DPDP Act 2023)

Under the Digital Personal Data Protection Act, 2023, we process your personal data on the following bases:

  • Consent: You provide explicit, informed consent during account registration. You may withdraw consent at any time (see Section 10).
  • Contract: Processing is necessary to perform the service contract (Subscription) you have entered into with us.
  • Legal Obligation: Processing is necessary to comply with applicable Indian law, including tax, regulatory, and reporting requirements.
  • Legitimate Interests: Processing for Platform security, fraud prevention, and service improvement, where such interests are not overridden by your rights.

7. Sharing & Disclosure of Information

We do not sell, rent, or trade your personal data. We may share information in the following limited circumstances:

  • Service Providers: We share data with third-party vendors who assist in operating the Platform (e.g., Cloudinary for file hosting; OpenAI and Google for AI features; database and hosting providers). These providers are contractually bound to process data only on our instructions and to maintain appropriate confidentiality and security.
  • Payment Processors: Transaction data is shared with authorized payment gateway(s) solely for processing payments.
  • Legal Requirements: We may disclose data when required by law, court order, or a competent governmental or regulatory authority in India.
  • Protection of Rights: We may disclose data where necessary to protect the rights, property, or safety of EduMock, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the successor entity, subject to the same privacy protections.

8. Cross-Border Data Transfers

Some of our third-party service providers (e.g., AI APIs, cloud services) may process data outside India. Where such transfers occur, we ensure that adequate contractual safeguards are in place as required under applicable Indian law, including the DPDP Act 2023 and any rules notified thereunder. We do not transfer data to jurisdictions that do not provide adequate data protection standards without appropriate safeguards.

9. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide the Platform services, plus any additional period required by applicable law (e.g., tax and financial records under the Income Tax Act, 1961). Upon your written request to delete your account, we will erase your personal data within 30 days, except where retention is mandated by law or required to resolve outstanding disputes.

Anonymized, aggregated data (which cannot identify you) may be retained indefinitely for analytics and research purposes.

10. Security of Your Data

We implement reasonable security practices and procedures as required under Rule 8 of the IT (SPDI) Rules, 2011, including:

  • Encrypted data transmission using HTTPS/TLS.
  • Passwords stored exclusively as bcrypt hashes — never in plain text.
  • Role-based access controls limiting data access to authorized personnel only.
  • Regular security reviews and vulnerability assessments.
  • Secure, access-controlled database environments.

However, no method of transmission over the internet or method of electronic storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials. Notify us immediately at help@edumock.in if you suspect any unauthorized access to your account.

11. Your Rights Under the DPDP Act 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to Access: Request a summary of your personal data we process and the processing activities.
  • Right to Correction & Completeness: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data where it is no longer necessary for the purpose for which it was collected (subject to legal retention requirements).
  • Right to Withdraw Consent: Withdraw your consent to data processing at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal; however, it may affect your ability to use certain Platform features.
  • Right to Grievance Redressal: Have your data-related grievances addressed promptly (see Section 15).
  • Right to Nominate: Nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, email us at help@edumock.in with the subject line "Data Rights Request." We will respond within 30 days.

12. Cookies & Tracking Technologies

We use the following categories of cookies:

  • Essential Cookies: Required for authentication, session management, and core Platform functionality. Cannot be disabled without affecting Platform usability.
  • Analytics Cookies: Used to understand how users interact with the Platform (e.g., pages visited, features used), in aggregate and anonymized form, to improve our services.

You can control or delete cookies through your browser settings. Disabling essential cookies will impair Platform functionality and may prevent you from logging in.

13. Children's Privacy

Under the DPDP Act 2023, EduMock does not knowingly process personal data of individuals under the age of 18 without verifiable parental or guardian consent. Users under 18 must ensure their parent or legal guardian consents to the creation of an account and the processing of their data as described in this Policy.

EduMock does not knowingly collect personal data from children under the age of 13. If we become aware that we have inadvertently collected data from a child under 13 without appropriate consent, we will delete such data promptly. If you believe we have collected data from a child under 13, please contact us at help@edumock.in immediately.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights or interests, we will notify you and the relevant authority (Data Protection Board of India, once established) as required under the DPDP Act, 2023, in the prescribed form and within the prescribed timelines.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. Changes will be effective upon posting on the Platform with an updated "Last Updated" date. Where changes are material, we will endeavour to notify registered users by email. Your continued use of the Platform after the effective date constitutes acceptance of the revised Policy.

16. Grievance Officer (Mandatory under IT Rules 2011 & DPDP Act 2023)

In accordance with Rule 5(9) of the IT (SPDI) Rules, 2011 and the DPDP Act, 2023, the following person is designated as EduMock's Grievance Officer for privacy-related concerns:

Name: Rahul Pawar

Designation: Grievance Officer, EduMock

Email: help@edumock.in

Address: Maharashtra, India

You may direct any privacy grievance or complaint to the Grievance Officer. We will acknowledge your complaint within 24 hours and resolve it within 30 days of receipt.

If you are not satisfied with the resolution, you may approach the Data Protection Board of India once it is constituted under the DPDP Act, 2023.

Privacy questions? Contact us or write to help@edumock.in