Gradify Labs
GradifyLabs
Legal

Privacy Policy

How Gradify Labs collects, uses, and protects your information — in plain language.

Last updated: November 23, 2025
Information CollectionHow We Use DataData SecurityData SharingYour RightsCookiesData RetentionContact Us

This Privacy Policy explains how Gradify Labs LLP ("Gradify", "we", "our", or "us"), incorporated in India and headquartered in Udaipur, Rajasthan, collects, uses, shares, and protects information in relation to our blockchain-based academic credential platform and related services.

This policy is designed to comply with applicable Indian laws including the Information Technology Act, 2000, and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as well as international data protection standards. By using our services, you agree to the collection and use of information in accordance with this policy.

This Privacy Policy applies to all users of our platform and is incorporated into our Terms of Service. Additional rights may apply for users in specific jurisdictions as outlined below.

Information Collection

We collect several types of information to provide and improve our blockchain-based credential services:

1. Identifiers

  • Full name and email address
  • Phone number and postal address
  • Blockchain wallet addresses
  • Government-issued identification numbers (when required for verification)
  • Login credentials and account identifiers

2. Educational & Professional Information

  • Academic transcripts and certificates
  • Degree, diploma, and graduation details
  • Student identification numbers
  • Professional certifications and licences

3. Technical & Usage Information

  • IP addresses and device identifiers
  • Browser type, version, and language
  • Pages visited and interaction data on our platform

4. Blockchain & Cryptographic Data

  • Digital signatures and cryptographic hashes
  • Transaction histories and timestamps
  • Verification status and on-chain authentication records

Sources of Information

  • Directly from you: When you register, update your profile, or use our services
  • Educational institutions: Partner universities and colleges using our platform
  • Automated technologies: Cookies, web beacons, and similar technologies
  • Public blockchain networks: Publicly available transaction and smart contract data

How We Use Your Information

We process your information for legitimate business purposes, with your consent, to fulfil contractual obligations, and to meet legal requirements.

Core Service Operations

  • Providing and maintaining our blockchain credential platform
  • Creating, issuing, and managing digital academic certificates
  • Facilitating credential verification between institutions, employers, and students
  • Processing registrations and managing accounts

Communication & Support

  • Responding to enquiries and providing technical support
  • Sending service notifications, security updates, and policy changes

Platform Improvement & Analytics

  • Analysing usage patterns to improve functionality and UX
  • Monitoring platform performance and detecting technical issues
  • Generating statistical reports in anonymised form

Security & Fraud Prevention

  • Detecting and preventing fraudulent activities
  • Protecting the security and integrity of our platform
  • Conducting security audits and assessments

Legal Basis for Processing

  • Consent: Where you have given clear consent
  • Contractual necessity: To perform services as outlined in our terms
  • Legitimate interests: For business operations that don't override your privacy rights
  • Legal compliance: To meet our regulatory obligations

Blockchain note: Due to the immutable nature of blockchain technology, certain data recorded on public blockchains cannot be deleted. We minimise the personal data stored directly on-chain and use privacy-preserving techniques wherever possible.

Data Security

We implement commercially reasonable security measures to protect your personal information:

  • Encryption of sensitive data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and multi-factor authentication
  • Secure storage of all off-chain data
  • Employee training on data protection and handling

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially acceptable means, absolute security cannot be guaranteed.

Blockchain Security Considerations

  • Blockchain transactions are publicly visible on-chain
  • Wallet addresses can potentially be linked to identities
  • Users are responsible for securing their own private keys and wallet credentials

Data Sharing and Disclosure

We may share your personal information in the following circumstances:

Service Providers

  • Cloud hosting providers: For secure data storage and infrastructure
  • Analytics services: For platform performance monitoring
  • Email & communication services: For sending notifications and updates
  • Security services: For fraud detection and protection

Educational Institutions & Employers

With your explicit consent, credential information may be shared with:

  • Educational institutions for verification purposes
  • Employers requesting credential verification
  • Professional licensing bodies and certification authorities

Legal & Regulatory Disclosures

  • To comply with legal obligations, court orders, or regulatory requirements
  • To respond to lawful requests from government authorities
  • To protect the rights, property, or safety of Gradify Labs, our users, or others
  • To prevent fraud, security breaches, or other illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the business transaction. We will provide notice before your information becomes subject to a different privacy policy.

Data Minimisation

We share only the minimum amount of personal information necessary for each specific purpose, and require all recipients to protect your information and use it only for the stated purpose.

Your Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Right to Access: Request copies of your personal information we hold.
  • Right to Rectification: Request correction of inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your personal information under certain conditions. Note: blockchain data cannot be erased due to the immutable nature of the technology.
  • Right to Restrict Processing: Request restriction of processing under certain conditions.
  • Right to Object: Object to our processing of your information under certain conditions.
  • Right to Data Portability: Request transfer of your data to another organisation or directly to you.

To exercise any of these rights, contact us at contact@gradifytech.com. We will respond within the timeframe required by applicable law.

Cookies Policy

We use cookies and similar tracking technologies to operate and improve our platform. Cookies are small data files stored on your device that help us identify you across sessions.

Types of Cookies We Use

  • Essential Cookies: Required for platform operation — security, network management, and account access. Cannot be disabled.
  • Analytics Cookies: Analyse how users interact with our platform to improve functionality and experience.
  • Functionality Cookies: Enable personalisation features such as remembering your preferences.

You can instruct your browser to refuse all cookies or to notify you when a cookie is being sent. Disabling essential cookies may impair platform functionality.

Data Retention and Deletion

We retain your personal information only as long as necessary for the purposes it was collected, including legal, accounting, or reporting requirements.

Retention Periods

  • Account Information: While your account is active and 7 years after closure
  • Educational Records: Retained permanently to maintain credential verification integrity
  • Transaction Records: 7 years for financial and legal compliance
  • Communication Records: 3 years for customer service and legal purposes
  • Technical Logs: 1 year for security and performance monitoring
  • Marketing Data: Until you withdraw consent, or 2 years of inactivity

Blockchain Data

  • Data recorded on public blockchains cannot be deleted or modified
  • We minimise personal data stored directly on-chain
  • We use privacy-preserving techniques such as hashing
  • Off-chain personal data can be deleted upon valid request

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date at the top.

You are advised to review this Privacy Policy periodically. Changes take effect when posted. If we make material changes, we will notify you via the email address on your account or through a prominent notice on our website.

Contact Us

For questions about this Privacy Policy, to exercise your rights, or for data protection matters:

General Contact

  • Legal entity: Gradify Labs LLP
  • Email: contact@gradifytech.com
  • Website: https://gradifytech.com
  • Registered address: Udaipur, Rajasthan 313001, India

Data Protection Enquiries

  • Email: contact@gradifytech.com
  • Subject line: "Data Protection Inquiry – [Your Request Type]"

Response Timeframes

  • General enquiries: Within 48 hours
  • Data access or deletion requests: Within 30 days
  • Urgent security matters: Within 24 hours

Regulatory Authorities

If you are not satisfied with our response, you may contact:

  • India: Ministry of Electronics and Information Technology (MeitY) — meity.gov.in
  • EU residents: Your local data protection authority

Questions about your data?

Reach out to us directly — we aim to respond to all data-related enquiries within 48 hours.