Shodham
← Home

Privacy Notice

Effective date: 1 April 2025. Last updated: May 2026.

1. Data Controller

Shodham (operated by Mind Excellence Technologies LLP) is the data fiduciary under the Digital Personal Data Protection Act 2023 (DPDP Act). Contact: privacy@shodham.com

2. What data we collect

  • Name, email address, and date of birth (for age determination)
  • Grade level and school name
  • Assessment responses (psychometric and career interest)
  • Parent or guardian name, email address, and phone number (if student is under 18)
  • IP address and browser information at the time of consent

3. Purpose of processing

  • To deliver career guidance and assessment services
  • To match career interests based on assessment results
  • To generate personalised career reports
  • To facilitate counsellor-student sessions
  • To comply with the DPDP Act 2023 (parental consent for minors)

4. Parental consent (students under 18)

In compliance with Section 9 of the DPDP Act 2023, we require verifiable parental consent before processing personal data of minors. Parents may withdraw consent at any time by writing to us. Withdrawal of consent will result in deactivation of the student account.

5. Data retention

Assessment data and reports are retained for the duration of the student's active enrolment plus 3 years. Parent consent records are retained for 7 years as required by applicable law. You may request deletion at any time.

6. Your rights under the DPDP Act 2023

  • Right to access the personal data we hold about you
  • Right to correction of inaccurate data
  • Right to erasure of your data
  • Right to withdraw consent (for minors: parent may withdraw)
  • Right to nominate a person to exercise rights on your behalf
  • Right to grievance redressal

To exercise any right, contact privacy@shodham.com. We will respond within 30 days.

7. Data security

All data is encrypted in transit (TLS 1.2+) and at rest. Passwords are stored as bcrypt hashes and are never stored in plain text. OTP codes are one-time use and expire after 10 minutes.

8. Third-party processors

  • Email delivery: Resend (resend.com) — used to send verification and consent emails
  • Database hosting: Railway.app — encrypted at rest
  • Payment processing: Razorpay — for paid plan purchases (card details never stored by Shodham)

9. Grievance officer

Grievance Officer, Shodham Email: grievance@shodham.com Response time: 30 days

This privacy notice is provided in compliance with the DPDP Act 2023 (India). It may be updated periodically. Continued use of the platform constitutes acceptance. For questions: privacy@shodham.com