Privacy Policy

1. Who we are

This Privacy Policy is issued by Techclick Infosec Private Limited ("Techclick", "we", "our", "us"), a company incorporated in India. We operate the Techclick learning platform for cybersecurity and IT training.

• Operator: Techclick Infosec Pvt Ltd
• Primary contact: support@techclick.in
• Website: techclick.in
• Learning platform: ai.techclick.in

2. Scope of this policy

This policy applies to the following Techclick products and services (collectively, the "Services"):

• Techclick Android app — package in.techclick.app, distributed via Google Play by Techclick Infosec Pvt Ltd.
• ai.techclick.in — the web learning platform that the Android app wraps and that runs on web browsers.
• exam.techclick.in — certification practice and exam platform.
• Other *.techclick.in tools and pages you access while signed in with your Techclick account.

By installing the Techclick app or signing in to any Service, you confirm that you have read and understood this Privacy Policy.

3. Data we collect

3.1 Information you give us directly

• Account data: name, email address, phone number, college / company name (where you choose to share it), profile picture (optional).
• Authentication data: password (stored only as a bcrypt hash, never in plaintext), one-time passwords (OTP) sent to your email, and — if you enable it — Time-Based One-Time Password (TOTP) 2FA secret.
• Course interaction: enrolments, lesson progress, quiz answers, exam attempts and scores, assignment submissions.
• Support data: messages you send to support@techclick.in or via the in-app chat assistant.

3.2 Information collected automatically

• Device & session identifiers: a pseudonymous device fingerprint (tc_device_id) and a session token cookie (tc_sso). These let us recognise your device across sessions and enforce the device-limit policy described in your plan.
• IP address: recorded for security, abuse prevention, and to enforce the "one public IP = one device slot" policy. IPv6 addresses are collapsed to the /64 prefix.
• Device & technical info: Android version, app version, device model, screen size, language, time zone, network type (Wi-Fi/cellular — not the carrier name).
• Diagnostics: crash logs, error reports, performance traces, basic usage events (e.g. "blog opened", "quiz submitted"). These are used to fix bugs and improve the product. We do not link diagnostic events to your name in our analytics views.

3.3 Information from third parties

• Payments: when you pay for a course, the payment processor (Razorpay or Cashfree) confirms transaction status to us. We receive the order ID, plan, amount, payment method type (UPI / card / netbanking) and verification signature — we do not receive your full card number, CVV, UPI PIN, or banking credentials.

3.4 Data we do not collect

The Techclick Android app does not request and does not access:

• Precise or approximate location (no ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION).
• Camera, microphone, or audio recording.
• Contacts, SMS, call logs, or phone state.
• Photos, videos or files outside the app's own scoped storage.
• Health, fitness, calendar or biometric data.
• Advertising IDs — the app contains no third-party advertising SDK.

The complete list of Android permissions the app declares is: INTERNET, ACCESS_NETWORK_STATE, POST_NOTIFICATIONS, FOREGROUND_SERVICE, FOREGROUND_SERVICE_MEDIA_PLAYBACK, WAKE_LOCK.

4. Why we collect it

We process your data only for the purposes listed below, and only on the legal bases of (i) performance of our contract with you, (ii) your consent, (iii) compliance with law, or (iv) our legitimate interest in operating and securing the Services.

• Account creation & sign-in — email, password, OTP, TOTP.
• Delivering the course you bought — enrolment, progress, quiz scores, certificates.
• Securing your account — IP, device fingerprint, login events, anomaly detection. A login from a new IP / device or an unusual pattern may be flagged as a security event.
• Processing payments — routing your order to Razorpay or Cashfree and reflecting the result in your account.
• Transactional communication — verification emails, payment receipts, course updates, exam notifications, refund confirmations.
• Customer support — responding to your queries on email, in-app chat, or WhatsApp.
• Improving the product — aggregated, non-identifying usage analytics and crash reports.
• Legal compliance — tax invoices, fraud prevention, responding to lawful requests.

We do not sell your personal data, and we do not use your data to train third-party advertising models.

5. Google Play Data Safety summary

For transparency with users on the Google Play Store, the table below mirrors the disclosures we make in Play Console → App content → Data safety:

Category	Collected	Shared with third parties	Purpose
Name	Yes (optional)	No	Account, certificates
Email address	Yes	Brevo (email delivery only)	Auth, transactional email
Phone number	Yes (optional)	No	Account recovery, support
User ID	Yes	No	Account, progress sync
Payment info	Processed by Razorpay / Cashfree; we store only order metadata	Razorpay, Cashfree	Payments
App activity (course / quiz / blog interactions)	Yes	No	Deliver the course, track progress
App info & performance (crash logs, diagnostics)	Yes	No	Bug fixing, stability
Device or other IDs (pseudonymous tc_device_id)	Yes	No	Security, device-limit policy
Location, contacts, SMS, photos, audio, files, health, calendar	No	No	Not collected
Advertising ID	No	No	App contains no ad SDK

Data is encrypted in transit using HTTPS / TLS 1.2+. You can request a copy or deletion of your data at any time (see §10).

6. Third-party services we use

We use a small, audited set of third-party processors. Each one only receives the data needed for its specific function, under a contractual data-processing agreement.

Service	Role	Data it sees
Cloudflare, Inc.	CDN, application hosting (Workers), DDoS protection, edge AI inference	Request metadata, IP, encrypted session cookie
Brevo (Sendinblue)	Transactional email delivery (OTP, receipts)	Email address, message body
Razorpay Software Pvt Ltd	Payment processing (India)	Order ID, amount, name, email, phone
Cashfree Payments India Pvt Ltd	Alternative payment processing (India)	Order ID, amount, name, email, phone
Google LLC — Firebase Cloud Messaging	Push notifications (Android only, opt-in)	FCM device token
Google LLC — Play Integrity / Play Services	App integrity attestation (Android only)	Standard Play Services telemetry per Google's policy
Yandex Cloud (Object Storage)	Hosts recorded lecture videos for some courses (streamed via signed URLs)	Request metadata for video chunks
Microsoft Corporation (SharePoint)	Hosts recorded lecture videos for the Zscaler / Palo Alto SharePoint-backed courses	Request metadata for video chunks

We do not use Google Analytics, Facebook Pixel, advertising SDKs, attribution SDKs, or session-replay tools in the Techclick Android app.

7. When we share your data

We share personal data only:

• With the processors listed in §6, for the purposes listed there.
• When you explicitly direct us to (e.g. when you ask us to issue an invoice in a company's name).
• When required by law, court order, or a lawful request from an Indian or foreign authority with valid jurisdiction.
• In connection with a merger, acquisition, or sale of assets — in which case we will give you advance notice and an opportunity to delete your account.

We do not sell your personal data and we do not use it for cross-context behavioural advertising.

8. How we protect your data

• In transit: all traffic between the Techclick app and our servers is encrypted with HTTPS / TLS 1.2 or higher.
• At rest: passwords are hashed using bcrypt (cost 10). Session tokens are kept in HTTP-only, secure, SameSite=Strict cookies and in Cloudflare KV with bounded TTL.
• Access control: only a small number of authorised Techclick administrators can access production data, and only on a need-to-know basis. Admin access is logged.
• Hardening: the app pins to ai.techclick.in via a verified Android App Links assetlinks file. Server-side rate limits protect login and OTP endpoints.
• No insecure local storage: the app does not store your password, OTP, or JWT in shared storage; session state is kept in encrypted cookies managed by the WebView and Android's protected app sandbox.

No system is perfectly secure. If you discover a vulnerability, please report it responsibly to support@techclick.in.

9. How long we keep it

• Active account data — kept while your account exists.
• Course progress & certificates — kept while your account exists, so you can re-download proof of completion.
• Payment records & tax invoices — kept for 8 years as required by the Indian Income Tax Act and GST law, even after account deletion.
• Security logs (login events, IPs) — kept for up to 180 days.
• Crash / diagnostic logs — kept for up to 90 days.
• Support tickets & email correspondence — kept for up to 3 years.

10. Account & data deletion

10.1 In-app deletion (Android)

1. Open the Techclick app and sign in.
2. Go to Profile → Settings → Delete account.
3. Confirm. Your account is queued for deletion immediately and finishes within 7 days.

10.2 Web-based deletion (no install required)

Visit ai.techclick.in/account/delete and follow the on-page instructions. This page accepts requests even if you no longer have the app installed.

10.3 What gets deleted

• Your profile, name, email, phone, profile picture.
• Your password hash, TOTP secret, device fingerprints, active sessions.
• Your quiz answers, exam attempts and personalised progress markers.

10.4 What we may retain (and why)

• Tax invoices and payment records — required by Indian tax law for 8 years.
• Anonymised, aggregated analytics that can no longer be linked back to you.
• Security logs needed to defend against ongoing abuse, for up to 180 days.

Deletion is irreversible — we will not be able to restore your course history or certificates afterwards.

11. Your rights (India DPDP, EU GDPR, UK GDPR)

Depending on where you live, you have some or all of the following rights:

• Right to access — ask us for a copy of the personal data we hold about you.
• Right to correction — ask us to fix inaccurate data (most fields you can edit yourself in Profile).
• Right to erasure — ask us to delete your data (see §10).
• Right to data portability — ask us to export your data in a structured, machine-readable format.
• Right to withdraw consent — e.g. unsubscribe from marketing emails (every marketing email has a one-click unsubscribe link).
• Right to object & restrict processing — ask us to stop or limit processing in specific cases.
• Right to nominate (India DPDP) — nominate another individual to exercise these rights on your behalf in case of incapacity or death.
• Right to complain — lodge a complaint with the Data Protection Board of India (once notified) or your local supervisory authority.

To exercise any of these rights, email support@techclick.in from the address registered on your account. We respond within 30 days.

12. Children & minimum age

Techclick is a professional cybersecurity / IT training platform aimed at college students and working adults. It is not directed to children under 13, and we do not knowingly collect data from children under 13. Users between 13 and 18 should use the Services only with the consent and supervision of a parent or legal guardian.

If you believe a child under 13 has provided us personal data, please contact support@techclick.in and we will delete that data promptly.

13. International data transfers

Some of our processors (Cloudflare, Brevo, Google, Microsoft, Yandex) operate servers outside India. When we transfer your data to them, we rely on contractual safeguards (Standard Contractual Clauses or equivalent) and on the processor's own certifications (ISO 27001, SOC 2 Type II, etc.). The legal basis for transfer in India is your consent and our contractual necessity to provide the Services.

14. Cookies & local storage

We use a small number of strictly necessary cookies and local-storage entries:

• tc_sso — HTTP-only signed session cookie (required to keep you signed in).
• tc_device_id — pseudonymous device fingerprint (security & device-limit enforcement).
• tc_plan — HMAC-signed plan / entitlement cookie on paid features.
• Theme & UI preferences (no personal data).

We do not use tracking cookies, advertising cookies, or third-party analytics cookies in the Android app.

15. Push notifications

If you grant the POST_NOTIFICATIONS permission, we may send you push notifications for: class reminders, assignment due dates, exam results, payment receipts, and important account / security alerts. You can revoke this permission at any time in Android's Settings → Apps → Techclick → Notifications; revoking it does not affect your account or your access to courses.

16. Changes to this policy

We may update this policy from time to time. When we do, we will (a) update the "Effective date" at the top of this page, (b) post a notice inside the app and at ai.techclick.in/privacy, and (c) for material changes, ask you to re-confirm before continuing to use the Services.

17. Contact & grievance officer

For any privacy, data-protection or grievance-related question, contact:

• Data Grievance Officer: Techclick Infosec Pvt Ltd
• Email: support@techclick.in
• Web: techclick.in

We acknowledge grievances within 48 working hours and resolve them within 30 days, in line with India's Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the Digital Personal Data Protection Act, 2023.