Privacy Policy

1. Data We Collect

We collect the following categories of personal data:

• Profile data: CAT/XAT/GMAT/SNAP/NMAT/MAH-CET/TISSNET percentiles, 10th and 12th marks, graduation CGPA, work experience (months and sector), gender, category (General/OBC/SC/ST/EWS/PwD), state of domicile.
• Account data: Email address (if you create an account), authentication tokens.
• Payment data: Payment reference IDs from our payment processor. We do not store card numbers or bank account details.
• Usage data: Pages visited, form steps completed, prediction IDs, report download events. Collected only after analytics consent.
• Technical data: IP address (for geo-detection of INR/USD pricing), browser type, device type.

2. Why We Collect Your Data

• Prediction generation: Your profile data is required to compute personalised MBA call predictions.
• Report delivery: Your email is used to deliver the GDPI report PDF after payment.
• Service improvement: Anonymised, aggregated usage data helps us improve prediction accuracy.
• Legal compliance: Payment records are retained for 7 years as required by Indian tax law.

3. Legal Basis (DPDP Act 2023)

Under the Digital Personal Data Protection Act 2023, we process your data on the following bases:

• Consent: Profile data for prediction generation. You provide explicit consent via our consent modal before submitting your profile.
• Contract: Payment and report delivery data, necessary to fulfil your purchase.
• Legitimate interest: Fraud prevention and security monitoring.
• Legal obligation: Financial records retention.

4. Data Retention

• Prediction data: Retained for 2 years from the date of creation, then anonymised.
• Account data: Retained until you request deletion.
• Payment records: Retained for 7 years (Indian tax law requirement).
• Consent logs: Retained for 5 years for compliance purposes.
• Analytics data: Retained for 12 months in Mixpanel.

5. Your Rights

Under the DPDP Act 2023, you have the following rights:

• Right to access: Request a copy of all personal data we hold about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to erasure: Request deletion of your personal data (subject to legal retention requirements).
• Right to data portability: Request your data in a machine-readable format.
• Right to withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to nominate: Nominate another person to exercise your rights on your behalf.
• Right to grievance redressal: Lodge a complaint with our Grievance Officer (see Section 8).

To exercise any right, email privacy@prepbee.in. We will respond within 30 days.

6. Data Storage and Security

All personal data is stored on servers located in India (Supabase, Mumbai region). We implement Row-Level Security (RLS) to ensure users can only access their own data. Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256. We do not transfer personal data outside India without your explicit consent.

7. Cookies and Analytics

We use strictly necessary cookies for authentication and session management. Analytics cookies (Mixpanel) are only set after you grant analytics consent via our consent modal. You can withdraw analytics consent at any time by clearing your browser cookies or contacting us.

8. Grievance Officer

As required by the DPDP Act 2023, our Grievance Officer can be reached at:

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email (if you have an account) and via a banner on the website. The consent_version in our consent log is incremented on each material change, and we will re-seek your consent where required by law.