A. Account and Identity Information

• Full name and email address
• Phone number (mandatory)
• WhatsApp number (optional, collected only with explicit consent)
• Authentication credentials (passwords, OAuth tokens)
• Profile information (role, institution, subject expertise)
• Photo or avatar (optional)

B. Usage and Interaction Data

• Prompts and queries submitted to AI tools
• Generated content (notes, mock tests, quizzes, presentations)
• Search history and learning preferences
• Feature usage patterns and engagement metrics
• Exam preparation details and performance metrics

C. Device and Technical Data

• IP address and approximate geolocation
• Device type, operating system, and browser information
• Unique device identifiers
• Log and performance data
• Cookies and similar tracking technologies

D. Payment Information

• Transaction details and subscription information
• Payment gateway reference IDs
• Billing address (for invoicing)
• We do not store card details. All payments are processed securely by third-party gateways.

E. Communication Data

• Support tickets, emails, and chat communications
• Feedback, suggestions, and complaints
• Communication preferences and consent records

A. Core Service Delivery

• Account creation and management
• Access to AI-powered educational tools
• Personalized learning recommendations
• Storage and retrieval of generated content
• Learning progress analytics

B. Payment Processing

• Subscription billing and renewals
• Invoice and receipt generation
• Refunds and dispute management
• Fraud detection and prevention

C. Communication

• Transactional and account-related emails
• Customer support communication
• Marketing communications (opt-in only)
• WhatsApp updates (explicit consent required)
• Security and maintenance notifications

D. Platform Improvement and Analytics

• User experience optimization
• Research and development
• Feature testing and performance enhancement
• Anonymized analytics and insights
• A/B testing and usability improvements

E. Legal and Security

• Legal and regulatory compliance
• Fraud, abuse, and security prevention
• Protection of users and platform integrity
• Enforcement of policies and agreements
• Responding to lawful authority requests

A. Types of Cookies Used

• Essential / Functional Cookies: Required for account authentication, session management, and core functionality. These cannot be disabled.
• Analytics Cookies: Help us understand usage patterns and improve services (e.g., Google Analytics).
• Performance Cookies: Measure platform performance, load times, and system stability.
• Marketing Cookies: Used for advertising and retargeting only if you have opted in.

B. Cookie Management

• You can manage cookies through your browser settings.
• Disabling non-essential cookies may limit certain platform features.
• Cookie preferences can be managed via our consent banner on your first visit.
• Local storage and session storage are used to store preferences and temporary data.

A. Service Providers and Vendors

• Cloud Hosting Providers: Amazon Web Services (AWS) for secure infrastructure and data storage.
• Payment Gateway Processors: Razorpay, Stripe, and similar providers for payment processing.
• AI Model Providers: OpenAI, Anthropic, AWS Bedrock, and similar AI services for content generation.
• Analytics Providers: Google Analytics, Mixpanel, and similar tools.
• Email and Communication Services: SendGrid, Twilio, and similar platforms.
• Customer Support Tools: Zendesk, Intercom, and comparable services.

B. Legal and Regulatory Compliance

• Government agencies or law enforcement when required by law
• Regulatory authorities for compliance with Indian regulations
• Competent authorities for fraud prevention and public safety

C. Business Transfers

In the event of a merger, acquisition, or asset sale, personal data may be transferred as part of the transaction. You will be notified of any material changes.

D. Data Processing Agreements

All third-party providers are bound by Data Processing Agreements requiring them to:

• Process data only on our documented instructions
• Maintain appropriate technical and organizational safeguards
• Prevent unauthorized disclosure of personal data
• Comply with applicable data protection laws

A. Retention Periods

• Active User Data: Retained while your account is active and up to 12 months after deletion.
• Account Deletion Requests: Deleted within 30 days, unless legally required otherwise.
• Payment Data: Retained for 7 years under Indian tax laws.
• Transaction Records: Maintained for 6 years for audit and fraud prevention.
• Support Communications: Retained for up to 2 years.
• Marketing Consent Records: Retained while you remain subscribed.
• Cookies and Analytics Data: Typically retained for 13 months.

B. Deletion Process

• Personal data is removed from active systems upon deletion request
• Backup data may take up to 30 days to be fully purged
• Anonymized or aggregated data may be retained indefinitely
• Deletion requests can be initiated via account settings or support

A. Right to Access

• Request a copy of personal data we hold about you
• Requests fulfilled within 30 days after identity verification

B. Right to Correction

• Update inaccurate data via account settings
• Written correction requests resolved within 30 days

C. Right to Erasure

• Request deletion of personal data at any time
• Deletion completed within 30 days unless legally required

D. Right to Data Portability

• Receive data in a machine-readable format
• Requests fulfilled within 30 days

E. Right to Withdraw Consent

• Withdraw consent at any time via account settings
• Withdrawal does not affect prior lawful processing

F. Right to Restrict Processing

• Request restriction of processing in certain circumstances
• You will be notified when restrictions are lifted

G. Right to Lodge a Complaint

• File complaints with Indian regulatory authorities
• Contact our Data Protection Officer before escalation

A. Technical Security Measures

• Encryption: Data in transit is encrypted using TLS 1.2+ (HTTPS). Data at rest is encrypted using AES-256.
• Secure infrastructure hosted on AWS with firewalls, intrusion detection, and DDoS protection.
• Role-based access control (RBAC) and least-privilege access.
• Database security including VPC isolation, encryption, and automated backups.
• API security using API keys, OAuth 2.0, and rate limiting.
• Regular security audits and penetration testing.

B. Organizational Security Measures

• Mandatory data protection training for staff.
• NDAs and strict confidentiality obligations.
• Documented incident and breach response plans.
• Background verification for sensitive access roles.

C. Incident Notification

• Breach notifications within 72 hours or as required by law.
• Notifications include breach details, affected data, and mitigation steps.

D. Limitations

• No system can guarantee absolute security.
• Users are responsible for safeguarding account credentials.

A. Age Restrictions

• Independent accounts require a minimum age of 13.
• Users under 13 require parental or guardian consent and supervision.

B. Parental Consent for Minors Under 13

• Written parental or guardian consent is mandatory.
• Consent is verified via confirmation email.
• Only minimal data is collected from children.

C. Children's Data Processing

• Data processed solely for educational purposes.
• No marketing or profiling without parental consent.
• Data shared only with essential service providers.
• Children may delete their accounts at any time.

D. Parental Rights

• Access, correction, and deletion of child data.
• Withdrawal from optional features.
• Requests handled by the Data Protection Officer.

A. Marketing Emails

• Sent only to users who explicitly opt in.
• Opt-in available during registration or account settings.
• Unsubscribe anytime via email link.
• Transactional emails continue regardless of opt-out.
• Compliant with DPDP Act and IT Rules, 2021.

B. WhatsApp Communications

• Explicit consent is required for WhatsApp messages.
• Consent managed via account settings.
• Messages may include account notifications, platform updates, and offers.
• Consent can be withdrawn anytime or by replying STOP.
• Compliant with TRAI WhatsApp business guidelines.

C. SMS and Other Communications

• Marketing SMS sent only with consent.
• Transactional SMS sent regardless of consent.
• Compliant with TRAI DND regulations.

A. Cloud Infrastructure Transfers

• Data is hosted on Amazon Web Services (AWS), primarily in the Mumbai region.
• AWS may transfer data to other regions for backup and disaster recovery.
• All international transfers are protected through encryption and contractual safeguards.

B. AI Service Provider Transfers

• Prompts and usage data may be processed by AI providers outside India.
• Transfers are governed by Data Processing Agreements.
• Use of AI features implies acknowledgment of such transfers.

C. User Consent for International Transfer

• By using MeritRanker, you consent to international data transfers.
• If you do not consent, discontinue use of AI-powered features.

Company Information

• Company Name: Bytech Minds PVT LTD
• Platform: MeritRanker
• Registered Office: India
• Country of Operation: India

Contact Channels

• General Inquiries: info@meritranker.com
• Support: support@meritranker.com
• Privacy Requests: privacy@meritranker.com
• Website: Contact Page
• Response Time: 7–10 business days

Data Protection Officer

• Title: Data Protection Officer
• Email: dpo@meritranker.com
• Availability: Mon–Fri, 9 AM – 6 PM IST
• Purpose: DPDP requests and privacy complaints