Privacy Policy

We collect several types of information to provide and improve our blockchain-based educational credential services. The information we collect may include:

Categories of Personal Information We Collect

1. Identifiers

Including but not limited to:

• Full name and preferred name
• Email address and phone number
• Physical address and postal code
• Institutional email addresses
• Blockchain wallet addresses
• Government-issued identification numbers (when required for verification)
• Login credentials and account identifiers

2. Educational and Professional Information

• Academic transcripts and certificates
• Degree and diploma information
• Educational institution details
• Student identification numbers
• Professional certifications and licenses
• Employment history and job titles
• Skills and competency assessments

3. Technical and Usage Information

• Internet Protocol (IP) addresses
• Device identifiers and characteristics
• Browser type, version, and language preferences
• Operating system information
• Pages visited and time spent on our platform
• Click-through rates and user interaction data
• Referral URLs and search terms

4. Blockchain and Cryptographic Data

• Digital signatures and cryptographic hashes
• Smart contract interaction records
• Transaction histories and timestamps
• Verification status and authentication records
• NFT metadata and token information

5. Communication and Support Data

• Customer service interactions and support tickets
• Email communications and responses
• Feedback, surveys, and user-generated content
• Recording of customer support calls (with consent)

Sources of Information

We collect information from the following sources:

• Directly from you: When you register, update your profile, or interact with our services
• Educational institutions: Partner universities and colleges that use our platform
• Third-party services: Analytics providers, payment processors, and integration partners
• Automated technologies: Cookies, web beacons, and similar tracking technologies
• Public blockchain networks: Publicly available transaction and smart contract data
• Government databases: For identity verification and compliance purposes

We process your personal information for legitimate business purposes, with your consent, to fulfill contractual obligations, and to comply with legal requirements. The specific purposes include:

Core Service Operations

• Providing and maintaining our blockchain-based credential verification platform
• Creating, issuing, and managing digital academic certificates and NFTs
• Facilitating credential verification between institutions, employers, and students
• Processing user registrations and account management
• Enabling secure authentication and access control

Communication and Support

• Responding to your inquiries and providing customer support
• Sending service-related notifications and updates
• Communicating about platform features, security updates, and policy changes
• Providing technical assistance and troubleshooting

Platform Improvement and Analytics

• Analyzing usage patterns to improve user experience and platform functionality
• Conducting research and development for new features and services
• Monitoring platform performance and detecting technical issues
• Generating statistical and analytical reports (in anonymized form)

Security and Fraud Prevention

• Detecting, preventing, and investigating fraudulent activities
• Protecting the security and integrity of our platform and user data
• Preventing unauthorized access and cyber security threats
• Conducting security audits and assessments

Legal and Regulatory Compliance

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities
• Enforcing our terms of service and other agreements
• Protecting our legal rights and interests

Business Operations

• Managing business relationships with institutional partners
• Processing payments and managing billing
• Conducting business analytics and performance metrics
• Planning and executing business development initiatives

Legal Basis for Processing (Indian and International Users)

Under Indian data protection laws and international standards, we process your personal information based on:

• Consent: When you have given clear consent for specific processing activities
• Contractual necessity: To perform our services as outlined in our terms of service
• Legitimate interests: For business operations that don't override your privacy rights
• Legal compliance: To meet our legal and regulatory obligations
• Vital interests: To protect your safety or the safety of others

Data Retention Principles

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods vary based on:

• The type of information and its sensitivity
• Legal and regulatory requirements in your jurisdiction
• The purposes for which the information was collected
• Our legitimate business interests

Please note that due to the immutable nature of blockchain technology, certain data recorded on public blockchains cannot be deleted. However, we minimize the personal data stored directly on the blockchain and use privacy-preserving techniques where possible.

The security of your data is important to us. We strive to use commercially acceptable means to protect your personal information. Our security measures include:

• Encryption of sensitive data
• Regular security assessments and audits
• Access controls and authentication procedures
• Secure storage of off-chain data
• Employee training on data protection

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Blockchain Security

Our platform leverages blockchain technology, which provides inherent security benefits through its distributed and immutable nature. However, users should be aware that:

• Blockchain transactions are publicly visible
• Wallet addresses can potentially be linked to identities
• Users are responsible for securing their private keys and wallet credentials

We may share your personal information in the following circumstances and with the following types of recipients:

Service Providers and Business Partners

We may share your information with trusted third-party service providers who assist us in operating our platform:

• Cloud hosting providers: For secure data storage and platform infrastructure
• Payment processors: For billing and subscription management
• Analytics services: For platform performance monitoring and user experience improvement
• Customer support tools: For providing technical assistance and support
• Security services: For fraud detection and cybersecurity protection
• Email and communication services: For sending notifications and updates

Educational Institutions and Employers

With your explicit consent, we may share credential information with:

• Educational institutions for verification purposes
• Potential employers requesting credential verification
• Professional licensing bodies and certification authorities
• Academic research institutions (in anonymized form)

Legal and Regulatory Disclosures

We may disclose your information when required by law or to protect our rights:

• To comply with legal obligations, court orders, or regulatory requirements
• To respond to lawful requests from government authorities
• To protect the rights, property, or safety of Gradify, our users, or others
• To prevent fraud, security breaches, or other illegal activities
• In connection with legal proceedings or investigations

Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your personal information may be transferred as part of the business transaction. We will provide notice before your personal information becomes subject to a different privacy policy.

Consent-Based Sharing

We may share your information for other purposes when we have your explicit consent to do so. You can withdraw your consent at any time by contacting us.

International Data Transfers

As a global platform, your personal information may be transferred to and processed in countries other than India. When we transfer your data internationally, we ensure appropriate safeguards are in place, including:

• Adequacy decisions from relevant data protection authorities
• Standard contractual clauses approved by regulatory bodies
• Binding corporate rules for intra-group transfers
• Certification schemes and codes of conduct

Data Minimization and Purpose Limitation

We only share the minimum amount of personal information necessary for the specific purpose, and we require all recipients to protect your information and use it only for the intended purposes.

Depending on your location, you may have certain rights regarding your personal information, including:

• Right to Access: You have the right to request copies of your personal information.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure: You have the right to request that we erase your personal information, under certain conditions. Note that blockchain data cannot be erased due to the immutable nature of the technology.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal information, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

If you wish to exercise any of these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within the timeframe required by applicable law.

We use cookies and similar tracking technologies to track activity on our service and hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags, and scripts to collect and track information and to improve and analyze our service.

We use the following types of cookies:

• Essential Cookies: Required for the operation of our platform. They enable core functionality such as security, network management, and account access.
• Analytics Cookies: Allow us to analyze how users interact with our platform, helping us improve functionality and user experience.
• Functionality Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

We retain your personal information for different periods depending on the type of information, the purposes for which it is used, and applicable legal requirements.

General Retention Principles

• Account Information: Retained while your account is active and for 7 years after closure for legal compliance
• Educational Records: Retained permanently to maintain credential verification integrity
• Transaction Records: Retained for 7 years for financial and legal compliance
• Communication Records: Retained for 3 years for customer service and legal purposes
• Technical Logs: Retained for 1 year for security and performance monitoring
• Marketing Data: Retained until you withdraw consent or for 2 years of inactivity

Legal and Regulatory Requirements

In some cases, we may be required to retain information for longer periods to comply with:

• Indian tax laws and financial regulations
• Educational accreditation requirements
• Anti-money laundering and fraud prevention laws
• Litigation hold requirements
• Government audit and investigation requests

Blockchain Data Considerations

Due to the immutable nature of blockchain technology:

• Data recorded on public blockchains cannot be deleted or modified
• We minimize personal data stored directly on the blockchain
• We use privacy-preserving techniques such as hashing and encryption
• Off-chain personal data can be deleted upon request

Data Deletion Process

When we delete your personal information:

• We permanently remove data from our active systems
• We securely overwrite data on storage devices
• We notify relevant service providers to delete their copies
• We maintain deletion logs for compliance purposes

Anonymization and Pseudonymization

Where possible, we may anonymize or pseudonymize your data instead of deletion to:

• Preserve statistical and analytical value
• Maintain research and development capabilities
• Support platform security and fraud prevention

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to contact our Data Protection Officer, please reach out to us:

General Contact Information

• Company: Gradify Technology Private Limited
• Email: contact@gradifytech.com
• Support Email: support@gradifytech.com
• Website: https://gradifytech.com

Registered Office Address

Gradify Technology Private Limited
Udaipur, Rajasthan 313001
India

Data Protection Officer

For specific privacy and data protection matters:

• Email: contact@gradifytech.com
• Subject Line: "Data Protection Inquiry - [Your Request Type]"

Response Timeframes

We are committed to responding to your privacy-related inquiries promptly:

• General inquiries: Within 48 hours
• Data access requests: Within 30 days
• Data deletion requests: Within 30 days
• Urgent security matters: Within 24 hours

Regulatory Authorities

If you are not satisfied with our response to your privacy concerns, you have the right to contact:

• In India: Ministry of Electronics and Information Technology (MeitY)
• Website: https://www.meity.gov.in/
• For EU residents: Your local data protection authority

When Contacting Us

To help us process your request efficiently, please include:

• Your full name and email address associated with your account
• A clear description of your request or concern
• Any relevant account or transaction identifiers
• Proof of identity (for data access or deletion requests)