Privacy Policy
Last updated: 13 July 2026
This policy explains how MARKJ Research and Analytics Solutions (“MARKJ”, “we”), the operator and Data Fiduciary of Samvidhan (samvidhan.co.in), handles personal data — in line with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Short version: you can read everything without an account or tracking; if you sign in we store the minimum needed to run your prep progress, API keys and subscription — and we never sell it.
1. Data we collect, and why
Visitors (no account): standard server logs — IP address, user-agent, requested URL, timestamp — retained briefly (up to 30 days) solely for security, debugging and abuse prevention. No advertising trackers, no analytics cookies, no fingerprinting.
Account holders: (a) identity — name, email and profile photo from your sign-in provider, processed by Clerk Inc., our authentication processor; (b) learning data — quiz and mock-test attempts, scores, spaced-repetition schedule, streaks, chosen exam track; (c) developer data — API key names and irreversible SHA-256 hashes of keys (we cannot recover a lost key), and per-day request counts per key; (d) billing data — your plan, its status and Razorpay subscription/payment identifiers. Card, UPI and bank details are collected and processed solely by Razorpay under their own policy; we never see or store them.
Correspondence: emails you send us (support, grievance, data requests) are retained as long as needed to resolve and document the matter.
2. Legal basis and purposes
We process personal data on the basis of your consent (given at sign-up/subscription) and for the legitimate purposes of providing the Service you request: authenticating you, saving progress, scheduling reviews, metering API quotas, billing, preventing fraud and abuse, complying with law, and communicating service messages. We do not sell or rent personal data, do not serve third-party advertising, and do not use your personal data to train AI models.
3. Where your data lives and who processes it
Our processors, each bound by their own security and data-protection commitments:
· Clerk Inc. — authentication and session management
· Neon Inc. — Postgres database hosting (learning, API and subscription records)
· Vercel Inc. — application hosting and server logs
· Razorpay Software Pvt. Ltd. — payment processing (India)
Some processors store data on servers outside India (United States). By using the Service you consent to this cross-border transfer, which is permitted under the DPDP Act to countries not restricted by the Central Government.
4. Cookies
Functional cookies only: your Clerk sign-in session and, if set, a theme preference. No consent banner is shown because no non-essential cookies exist to consent to.
5. Retention
Server logs: up to 30 days. Account, learning and API data: for the life of your account and deleted within 30 days of account deletion. Billing records: retained as required by Indian tax and accounting law (currently 8 years) even after account deletion. Revoked API key hashes are purged with your account.
6. Security
Reasonable security practices under the IT Rules, 2011: TLS encryption in transit, encrypted storage at rest with our processors, API keys stored only as SHA-256 hashes, least-privilege access, separation of the public read path from writable systems, and audit of admin actions. In the event of a personal data breach we will notify the Data Protection Board of India and affected users as required by the DPDP Act.
7. Your rights (DPDP Act, 2023)
As a Data Principal you may: access a summary of your personal data and processing; correct or complete it; erase it (delete your account from the profile menu, or email us — completed within 30 days, subject to Section 5 retention); nominate a person to exercise rights on your behalf; and withdraw consent at any time (which ends the related processing but not the lawfulness of prior processing). To exercise any right, use the account profile menu or contact the Grievance Officer below. If unsatisfied with our response you may complain to the Data Protection Board of India.
8. Children
The reading content is suitable for general audiences. Accounts are intended for users 13+; for users under 18 a parent or guardian must consent and supervise. We do not knowingly process children's data for tracking, behavioural monitoring or advertising, consistent with Section 9 of the DPDP Act.
9. Grievance Officer and contact
Grievance Officer — MARKJ Research and Analytics Solutions
Email: support@samvidhan.co.in
Acknowledgement within 24 hours; resolution within 15 days (IT Rules, 2021) and within timelines prescribed under the DPDP Act for data requests.
10. Changes
Material changes will be flagged on this page with a new “Last updated” date and notified to account holders by email or in-product notice. Continued use after the effective date constitutes acceptance.