Privacy Policy
How Gradify Labs collects, uses, and protects your information — in plain language.
This Privacy Policy explains how Gradify Labs LLP ("Gradify", "we", "our", or "us"), incorporated in India and headquartered in Udaipur, Rajasthan, collects, uses, shares, and protects information in relation to our blockchain-based academic credential platform and related services.
It is designed to comply with India's Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and SPDI Rules, 2011, and — where applicable — the EU/UK GDPR. By using our services you agree to the handling of information described here.
This Privacy Policy is incorporated into our Terms & Conditions. Additional rights may apply depending on your jurisdiction, as outlined below.
Legal Framework
Gradify Labs LLP acts as a Data Fiduciary and you are the Data Principal whose personal data we process. This policy is governed by the laws of India and, where applicable, the data-protection laws of your jurisdiction:
- Digital Personal Data Protection Act, 2023 (DPDP Act) and the rules made under it
- Information Technology Act, 2000 and the SPDI Rules, 2011
- EU/UK GDPR — for users in the European Economic Area and the United Kingdom
We process personal data only for lawful purposes, on the basis of your consent or other legitimate uses permitted by law, and never beyond what is necessary for the purpose notified to you.
What We Collect
- Identity & contact: name, email, phone, address, login credentials, and — only where required for verification — government ID numbers.
- Academic data: transcripts, degrees, diplomas, certificates, and student IDs.
- Blockchain data: wallet addresses, cryptographic hashes, digital signatures, and on-chain verification records.
- Technical data: IP address, device and browser information, and platform usage.
We collect this directly from you, from partner educational institutions, through cookies, and from public blockchain networks. We collect only what is necessary to deliver our credential services.
How We Use It
We use your information to:
- Issue, manage, and verify digital academic credentials between institutions, students, and employers.
- Operate your account and provide support, security notices, and service updates.
- Improve, secure, and monitor the platform, and prevent fraud.
- Comply with our legal and regulatory obligations.
Our lawful bases are your consent, performance of our contract with you, our legitimate interests, and legal compliance. You may withdraw consent at any time (see Your Rights).
Blockchain note: data written to a public blockchain is immutable and cannot be deleted. We minimise on-chain personal data and store only cryptographic hashes wherever possible.
Data Security
We apply reasonable security safeguards as required under the DPDP Act and the SPDI Rules, including encryption in transit and at rest, access controls, multi-factor authentication, and regular security testing.
No system is perfectly secure. Blockchain transactions are publicly visible and wallet addresses may be linked to identities — you remain responsible for safeguarding your own private keys and wallet credentials. In the event of a personal-data breach, we will notify the Data Protection Board of India and affected users as required by law.
Your Rights
Subject to applicable law, you have the right to:
- Access a summary of the personal data we process about you.
- Correct, complete, or update inaccurate or incomplete data.
- Erase your personal data, and withdraw consent at any time (off-chain data only — immutable blockchain records cannot be erased).
- Grievance redressal — a readily available means to raise complaints with us.
- Nominate another person to exercise your rights in the event of death or incapacity (DPDP Act, s.14).
- Object, restrict, or port your data where GDPR applies.
To exercise any right, email contact@gradifytech.com. We respond within the timeframes required by law. You must provide accurate information and not exercise these rights in bad faith.
Children's Data
Where we knowingly process the personal data of a child (under 18 in India) or a person with a guardian, we obtain verifiable consent from the parent or lawful guardian as required by the DPDP Act. We do not undertake tracking, behavioural monitoring, or targeted advertising directed at children.
Retention
We keep personal data only as long as necessary for the purpose collected or as required by law:
- Account & transaction records: while active, then up to 7 years for legal compliance.
- Educational credential records: retained to preserve verification integrity.
- Communications: up to 3 years; technical logs: up to 1 year.
Off-chain data is deleted or anonymised once no longer needed. Immutable on-chain data (typically only hashes) cannot be deleted.
Changes
We may update this policy and will revise the "Last updated" date above. Material changes will be notified by email or a prominent notice on our website. Continued use after changes take effect constitutes acceptance.
Grievances & Contact
For privacy questions, to exercise your rights, or to raise a complaint, contact our Grievance Officer:
- Grievance Officer / Data Fiduciary: Gradify Labs LLP
- Email: contact@gradifytech.com (subject: "Data Protection – [request type]")
- Registered address: Udaipur, Rajasthan 313001, India
We acknowledge grievances promptly and respond within the timeframes prescribed by law. If you remain unsatisfied, you may escalate to the Data Protection Board of India, or — for GDPR users — your local supervisory authority.