Shodham — Privacy Notice

Shodham (operated by the platform operator) is the data fiduciary under the Digital Personal Data Protection Act 2023 (DPDP Act). Contact: privacy@shodham.in

• Name, email address, and date of birth (for age determination)
• Grade level and school name
• Assessment responses (psychometric and career interest)
• Parent or guardian name, email address, and phone number (if student is under 18)
• IP address and browser information at the time of consent

• To deliver career guidance and assessment services
• To match career interests based on assessment results
• To generate personalised career reports
• To facilitate counsellor-student sessions
• To comply with the DPDP Act 2023 (parental consent for minors)

In compliance with Section 9 of the DPDP Act 2023, we require verifiable parental consent before processing personal data of minors (individuals under 18 years of age). Parents may withdraw consent at any time by writing to us. Withdrawal of consent will result in deactivation of the student account.

Assessment data and reports are retained for the duration of the student's active enrolment plus 3 years. Parent consent records are retained for 7 years as required by applicable law. You may request deletion at any time.

• Right to access the personal data we hold about you
• Right to correction of inaccurate data
• Right to erasure of your data
• Right to withdraw consent (for minors: parent may withdraw)
• Right to nominate a person to exercise rights on your behalf
• Right to grievance redressal

To exercise any right, contact privacy@shodham.in. We will respond within 30 days.

All data is encrypted in transit (TLS 1.2+) and at rest. Passwords are stored as bcrypt hashes and are never stored in plain text. OTP codes are one-time use and expire after 10 minutes.

• Email delivery: Resend (resend.com) — used to send verification and consent emails
• Database hosting: Railway.app — encrypted at rest

Name: Grievance Officer, Shodham
Email: grievance@shodham.in
Response time: 30 days