Privacy Policy

When you register or use ESGyan, we collect the following information:

Account information: name, email address, and password (stored as a secure hash via Supabase Auth).

Payment information: we do not store card or UPI details on our servers. Payments are processed by Razorpay; only the transaction status, amount, and reference ID are stored by us.

Usage data: course progress, exam scores, certificate IDs, and pages visited — used to personalise your learning experience.

Communications: if you contact us by email, we retain the correspondence to resolve your query.

We use your data to:

- Create and manage your account.

- Deliver courses, issue certificates, and track your progress.

- Process payments and send purchase confirmations.

- Send important service emails (receipts, password resets, certificate downloads). We do not send marketing emails without your explicit consent.

- Improve the platform — anonymised, aggregated usage statistics help us decide which features to build.

- Comply with legal obligations under Indian law, including the Information Technology Act, 2000.

We do not sell your personal data. We share it only with:

Supabase — our database and authentication provider, operating under data-processing agreements.

Razorpay — our payment gateway. Their privacy policy governs data shared during checkout.

Vercel — our hosting provider, which processes request logs.

Law enforcement — if required by a valid court order or applicable Indian law.

ESGyan uses strictly necessary cookies to keep you logged in (Supabase session cookie). We do not use advertising or third-party tracking cookies. You may disable cookies in your browser, but core features such as login will not work.

Your account data is retained for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g., financial records are retained for 7 years as required by the Companies Act, 2013).

All data is transmitted over HTTPS (TLS 1.2+). Passwords are never stored in plain text. Access to the production database is restricted to authorised personnel and is logged. Despite our best efforts, no internet transmission is 100 % secure — please use a strong, unique password.

Under applicable Indian data-protection laws and the DPDPA 2023, you have the right to:

- Access the personal data we hold about you.

- Correct inaccurate data.

- Delete your account and associated personal data.

- Withdraw consent for processing (which may require account closure).

To exercise these rights, email privacy@esgyan.in from your registered address.

ESGyan is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has registered, contact us and we will delete the account promptly.

We may update this policy periodically. Material changes will be notified by email or a prominent notice on the site. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

Questions about this policy? Write to us at privacy@esgyan.in or:

ESGyan Learning Pvt. Ltd.

India