NiftyWise ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at https://niftywise.org/ (the "Platform").
This Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDPA) of India.
1. Information We Collect
We collect the following categories of personal data:
a) Information you provide directly
- Full name: used to personalise your account.
- Email address: used for account login, password resets, and transactional communications.
- Phone number (optional): may be used for account recovery.
- Password: stored as a securely hashed value (bcrypt). We never store or transmit passwords in plain text.
b) Information collected automatically
- IP address: used for bot/fraud prevention (rate-limiting on registration) and basic analytics.
- Browser and device information: user-agent, screen resolution, browser type, for compatibility and analytics.
- Usage data: pages visited, simulator scenarios run, time spent, to improve the Platform.
- Cookies: session cookies to keep you logged in; preference cookies for theme/settings. See Section 5.
c) Information we do NOT collect
We do not collect bank account details, payment card information, PAN, Aadhaar, or any financial account credentials. NiftyWise is a free platform and processes no real financial transactions.
2. How We Use Your Information
We use your personal data only for the purposes described below:
- Account management: creating and maintaining your account, authentication, and security.
- Service delivery: providing simulator access, course progress tracking, and personalised content.
- Communications: sending transactional emails (e.g., account confirmation, password reset). We do not send marketing emails without your explicit consent.
- Security & fraud prevention: rate-limiting registrations, honeypot checks, CSRF protection.
- Analytics & improvement: understanding how users interact with the Platform to improve features and content.
- Legal compliance: meeting our obligations under applicable Indian law.
3. Legal Basis for Processing
Under the DPDPA 2023, we process your personal data on the following bases:
- Consent: you consent to data processing by creating an account and using the Platform.
- Contractual necessity: processing required to provide the service you signed up for.
- Legitimate interest: security, fraud prevention, and improving our Platform.
- Legal obligation: where required by Indian law.
4. Data Sharing & Third Parties
We do not sell, rent, or trade your personal information to third parties.
We may share data with trusted service providers who assist us in operating the Platform, subject to strict confidentiality agreements:
- Hosting & infrastructure: servers where the Platform runs.
- Email delivery: for transactional emails (e.g., password resets).
- Analytics: anonymised or aggregated usage data only.
We may also disclose information if required by law, court order, or to protect the rights, property, or safety of NiftyWise, its users, or the public.
5. Cookies
We use the following types of cookies:
- Session cookies (essential):required for login and CSRF protection. These expire when you close your browser.
- Persistent cookies (functional):remember your preferences (e.g., dark/light mode). Expire after 30 days.
- Analytics cookies (optional):help us understand Platform usage. You can disable these via browser settings.
You can control or delete cookies through your browser settings. Disabling essential cookies may prevent you from logging in.
6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you with our services. Specifically:
- Account data is retained for the lifetime of your account plus 2 years after closure.
- IP-based rate-limit logs are retained for a maximum of 24 hours.
- Usage analytics are retained for up to 24 months in aggregated form.
You may request deletion of your account and associated data at any time (see Section 7).
7. Your Rights (DPDPA 2023)
Under the Digital Personal Data Protection Act, 2023, you have the following rights as a "Data Principal":
- Right to access: request a summary of personal data we hold about you.
- Right to correction: request correction of inaccurate or incomplete personal data.
- Right to erasure: request deletion of your personal data (subject to legal retention requirements).
- Right to withdraw consent: withdraw consent at any time; this will not affect prior processing.
- Right to grievance redressal: raise a complaint with our Grievance Officer (see below).
- Right to nominate: nominate another person to exercise your rights in the event of death or incapacity.
To exercise any of these rights, please email us at contact@niftywise.org. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- Passwords hashed with bcrypt (never stored in plain text).
- CSRF tokens on all forms.
- Rate-limiting on authentication and registration endpoints.
- HTTPS in production (SSL/TLS encryption in transit).
- Access to production databases restricted to authorised personnel only.
No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
9. Children's Privacy
The Platform is not intended for children under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal information, please contact us immediately at contact@niftywise.org and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date and, where appropriate, by email. Continued use of the Platform after changes constitutes acceptance of the revised Policy.
11. Grievance Officer
In accordance with the DPDPA 2023, our Grievance Officer can be reached at:
- Email: contact@niftywise.org
- Subject line: "Privacy Grievance | NiftyWise"
- Response time: Within 30 days of receiving your request.
If you are not satisfied with our response, you may approach the Data Protection Board of India once established under the DPDPA 2023.
12. Contact Us
For any privacy-related questions or concerns: