Legal

Privacy Policy

How Gradify Labs collects, uses, and protects your information — in plain language.

Last updated: June 25, 2026

This Privacy Policy explains how Gradify Labs LLP ("Gradify", "we", "our", or "us"), incorporated in India and headquartered in Udaipur, Rajasthan, collects, uses, shares, and protects information in relation to our blockchain-based academic credential platform and related services.

It is designed to comply with India's Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and SPDI Rules, 2011, and — where applicable — the EU/UK GDPR. By using our services you agree to the handling of information described here.

This Privacy Policy is incorporated into our Terms & Conditions. Additional rights may apply depending on your jurisdiction, as outlined below.

Legal Framework

Gradify Labs LLP acts as a Data Fiduciary and you are the Data Principal whose personal data we process. This policy is governed by the laws of India and, where applicable, the data-protection laws of your jurisdiction:

  • Digital Personal Data Protection Act, 2023 (DPDP Act) and the rules made under it
  • Information Technology Act, 2000 and the SPDI Rules, 2011
  • EU/UK GDPR — for users in the European Economic Area and the United Kingdom

We process personal data only for lawful purposes, on the basis of your consent or other legitimate uses permitted by law, and never beyond what is necessary for the purpose notified to you.

What We Collect

  • Identity & contact: name, email, phone, address, login credentials, and — only where required for verification — government ID numbers.
  • Academic data: transcripts, degrees, diplomas, certificates, and student IDs.
  • Blockchain data: wallet addresses, cryptographic hashes, digital signatures, and on-chain verification records.
  • Technical data: IP address, device and browser information, and platform usage.

We collect this directly from you, from partner educational institutions, through cookies, and from public blockchain networks. We collect only what is necessary to deliver our credential services.

How We Use It

We use your information to:

  • Issue, manage, and verify digital academic credentials between institutions, students, and employers.
  • Operate your account and provide support, security notices, and service updates.
  • Improve, secure, and monitor the platform, and prevent fraud.
  • Comply with our legal and regulatory obligations.

Our lawful bases are your consent, performance of our contract with you, our legitimate interests, and legal compliance. You may withdraw consent at any time (see Your Rights).

Blockchain note: data written to a public blockchain is immutable and cannot be deleted. We minimise on-chain personal data and store only cryptographic hashes wherever possible.

Data Security

We apply reasonable security safeguards as required under the DPDP Act and the SPDI Rules, including encryption in transit and at rest, access controls, multi-factor authentication, and regular security testing.

No system is perfectly secure. Blockchain transactions are publicly visible and wallet addresses may be linked to identities — you remain responsible for safeguarding your own private keys and wallet credentials. In the event of a personal-data breach, we will notify the Data Protection Board of India and affected users as required by law.

Sharing & Disclosure

We share personal data only when necessary, with:

  • Processors (Data Processors): hosting, analytics, communication, and security providers acting on our instructions under contract.
  • Institutions & employers: with your consent, for credential verification.
  • Authorities: to comply with law, court orders, or lawful government requests, or to prevent fraud and protect rights and safety.
  • Successors: in a merger, acquisition, or asset sale, with prior notice to you.

Where data is transferred outside India, we do so only to jurisdictions permitted under the DPDP Act and with appropriate safeguards. We do not sell your personal data.

Your Rights

Subject to applicable law, you have the right to:

  • Access a summary of the personal data we process about you.
  • Correct, complete, or update inaccurate or incomplete data.
  • Erase your personal data, and withdraw consent at any time (off-chain data only — immutable blockchain records cannot be erased).
  • Grievance redressal — a readily available means to raise complaints with us.
  • Nominate another person to exercise your rights in the event of death or incapacity (DPDP Act, s.14).
  • Object, restrict, or port your data where GDPR applies.

To exercise any right, email contact@gradifytech.com. We respond within the timeframes required by law. You must provide accurate information and not exercise these rights in bad faith.

Children's Data

Where we knowingly process the personal data of a child (under 18 in India) or a person with a guardian, we obtain verifiable consent from the parent or lawful guardian as required by the DPDP Act. We do not undertake tracking, behavioural monitoring, or targeted advertising directed at children.

Cookies

We use cookies to operate and improve the platform:

  • Essential — security, sessions, and account access (cannot be disabled).
  • Analytics — understanding how the platform is used.
  • Functionality — remembering your preferences.

You can refuse or delete cookies in your browser settings, though disabling essential cookies may impair functionality.

Retention

We keep personal data only as long as necessary for the purpose collected or as required by law:

  • Account & transaction records: while active, then up to 7 years for legal compliance.
  • Educational credential records: retained to preserve verification integrity.
  • Communications: up to 3 years; technical logs: up to 1 year.

Off-chain data is deleted or anonymised once no longer needed. Immutable on-chain data (typically only hashes) cannot be deleted.

Changes

We may update this policy and will revise the "Last updated" date above. Material changes will be notified by email or a prominent notice on our website. Continued use after changes take effect constitutes acceptance.

Grievances & Contact

For privacy questions, to exercise your rights, or to raise a complaint, contact our Grievance Officer:

  • Grievance Officer / Data Fiduciary: Gradify Labs LLP
  • Email: contact@gradifytech.com (subject: "Data Protection – [request type]")
  • Registered address: Udaipur, Rajasthan 313001, India

We acknowledge grievances promptly and respond within the timeframes prescribed by law. If you remain unsatisfied, you may escalate to the Data Protection Board of India, or — for GDPR users — your local supervisory authority.

Questions about your data?

Reach out to us directly — we aim to respond to all data-related enquiries within 48 hours.