Privacy Policy

BHAARATXA TECHNOLOGIES PRIVATE LIMITED ("BhaaratXa", "we", "our") is a company incorporated under the Companies Act 2013, with CIN U62013HP2026PTC012517, registered at 1251 NALAGARH, CHUHUWAL, SOLAN-174101, Himachal Pradesh, India. We operate the website bhaaratxa.com and related services including internship and training programs.

For any privacy-related matters, contact our Grievance Officer: Rohit Sharma at admin@bhaaratxa.com.

We collect the following categories of personal data:

• Identity data: full name, as provided during exam or enrollment
• Contact data: email address, phone number (optional)
• Educational data: college name, graduation year (optional, collected during exam intake)
• Exam response data: answers submitted to the qualifying exam
• Payment data: name, email, phone as submitted to Razorpay; we do not store card numbers or UPI credentials — these are processed directly by Razorpay
• Account data: hashed password and student role, created on successful enrollment
• Usage data: IP address, rate-limit counters (not stored beyond session), server logs retained per the CERT-In Directions 2022

We do not collect biometric data, Aadhaar numbers, PAN, or any sensitive personal data as defined under the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, except payment data processed under a payment service provider.

• To process your enrollment and verify your qualifying exam result
• To create your student portal account and send login credentials
• To communicate course schedule, live session links, and program updates
• To process refund requests where applicable
• To maintain audit logs as required under applicable law
• To detect and prevent fraud and abuse of our systems

We do not use your personal data for targeted advertising, profiling, or sale to third parties.

We process your personal data on the following grounds under the Digital Personal Data Protection Act 2023 ("DPDP Act") and applicable Indian law:

• Consent: you provide data voluntarily when taking the qualifying exam or enrolling
• Contractual necessity: processing required to deliver the service you paid for
• Legal obligation: server log retention under CERT-In Directions 2022 (180 days)

We share data only with the following sub-processors:

• Razorpay Software Private Limited — payment processing. Your payment data is subject to Razorpay's Privacy Policy.
• Resend Inc. — transactional email delivery (enrollment credentials, course notifications). Only your name and email are shared.
• Neon Inc. — database hosting (PostgreSQL, US-East-1). Your data is stored encrypted at rest.

We do not share data with government agencies unless required by a lawful court order or statutory obligation under Indian law.

• Exam attempts: retained for 2 years from submission date
• Enrollment and order records: retained for 7 years from transaction date (GST and accounting compliance)
• Student account data: retained for the duration of active enrollment plus 2 years, or until a deletion request is actioned
• Server logs: retained for 180 days per CERT-In Directions 2022

Under the DPDP Act 2023 and IT Rules 2011, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request erasure of your data where no legal retention obligation applies
• Withdraw consent for processing not based on contractual necessity
• File a complaint with the Data Protection Board of India

To exercise any right, email admin@bhaaratxa.com with the subject line "Data Request". We will acknowledge within 24 hours and respond within 15 working days.

bhaaratxa.com uses session cookies solely for authentication in the student portal (/learn). We do not use third-party tracking cookies, advertising pixels, or analytics scripts that send data to external parties. No cookie consent banner is required for authentication-only cookies under applicable Indian law.

We implement the following security measures:

• TLS 1.2+ encryption for all data in transit
• Password hashing using bcrypt with a cost factor of 10
• HMAC-SHA256 signature verification for all payment callbacks
• Rate limiting on all API endpoints
• UFW firewall with minimal open ports; fail2ban intrusion prevention
• Database access restricted to application server only

If you have a complaint regarding how we handle your personal data:

• Grievance Officer: Rohit Sharma, Director
• Email: admin@bhaaratxa.com
• Acknowledgement: within 24 hours
• Resolution: within 15 working days

If your complaint is not resolved within 15 working days, you may escalate to the Data Protection Board of India when constituted under the DPDP Act 2023.

We may update this policy when our practices change or when required by law. We will notify enrolled students by email of any material changes. The effective date at the top of this page reflects the most recent revision. Continued use of our services after a policy update constitutes acceptance of the revised terms.