Nalanda Club

Privacy Policy

How we collect, use, and protect your information at Nalanda Club.

This Privacy Policy explains what information Nalanda Club collects, how we use and share it, and the controls you have. It applies to all users of the Platform — students, teachers, institutes, and visitors.

1 Information We Collect

1.1 Information You Provide

  • Account data — name, email, phone number, password (stored hashed), role (student/teacher/institute).
  • Profile data — profile picture, cover photo, bio, location, date of birth, education history, certifications, awards, projects, and skills.
  • Content you create — posts, comments, reactions, saved posts, forum questions and answers, reviews, teacher notes, mock tests, marketplace listings and offers, messages in direct or institute group chat.
  • Institute data — institute name, subdomain, logo, description, member list, notices, and custom website content.
  • Communications — messages you send to us, feedback, and contact-form submissions.

1.2 Information Collected Automatically

  • Usage data — pages visited, features used, time spent, and interaction patterns.
  • Device & connection data — browser type, operating system, IP address, approximate location from IP, device identifiers.
  • Security data — login attempts, lockout events, activity logs, and security events.
  • Reading progress — for teacher notes, we track your reading position so you can resume later.
  • Cookies & local storage — session tokens, theme preference (light/dark), sidebar state, and similar settings.

1.3 Information From Third Parties

  • Push notifications — if you enable mobile/web push, we register a device token with Firebase Cloud Messaging to deliver notifications.
  • Media hosting — images and files you upload are stored with our media provider (e.g. Cloudinary).

2 How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Platform.
  • Create and manage your account; authenticate you; secure your session.
  • Display your profile, posts, reviews, and content to the audience defined by your privacy settings.
  • Deliver notifications you opt into — web, email, and mobile push — for messages, follows, reactions, mentions, and institute activity.
  • Enable messaging, forum participation, marketplace transactions, and institute workflows.
  • Moderate content, prevent abuse, and enforce our Terms & Conditions.
  • Detect and mitigate fraud, account compromise, and security threats (via rate limits, login-attempt tracking, and 2FA/OTP).
  • Analyse usage patterns to improve features and performance.
  • Respond to support requests and legal obligations.

3 Information Sharing

We do not sell your personal information. We share information only in the following situations:

  • Public content — posts, reviews, forum answers, marketplace listings, and public profile fields are visible to other users and, where applicable, unauthenticated visitors.
  • Institute visibility — if you join an institute, the institute's admins can see your membership details and activity in their group chat and notices.
  • Messaging — recipients of your direct or group messages can read and retain your messages per platform rules.
  • Service providers — hosting, email delivery, push notifications (Firebase), media storage, analytics, and similar vendors who process data under contract on our behalf.
  • Legal requirements — we may disclose information when required by law, legal process, or to protect our rights, users, or the public.
  • Business transfers — if Nalanda Club is involved in a merger, acquisition, or sale of assets, information may transfer as part of that transaction. We will notify users of material changes.

4 Data Security

We implement administrative, technical, and physical safeguards to protect your information, including:

  • Password hashing (we never store plaintext passwords).
  • Optional two-factor authentication (2FA) and OTP verification for sensitive actions.
  • Account lockouts after repeated failed login attempts.
  • HTTPS transport, input validation, and standard web-application hardening.
  • Activity and security logging for detection and investigation.

No system is 100% secure. If you believe your account has been compromised, change your password immediately and contact us.

5 Cookies & Local Storage

We use cookies and similar storage to:

  • Keep you signed in across pages (session cookies).
  • Remember preferences (theme, language, layout settings).
  • Protect against request forgery (CSRF tokens).
  • Improve performance (caching).

You can clear cookies or block them via your browser, but some features — notably staying signed in — will stop working.

6 Push Notifications

If you enable push notifications, we register a device token with Firebase Cloud Messaging (FCM) to deliver alerts for messages, follows, reactions, and other events. You can disable push notifications at any time through your browser or device settings, and through your notification preferences on the Platform.

7 Your Rights & Choices

Subject to applicable law, you have the right to:

  • Access — view the data we hold about you through your account.
  • Correction — update inaccurate information in your profile settings.
  • Deletion — delete your account and associated personal data (some data may be retained as required by law or for legitimate business reasons).
  • Export — request a copy of your account data.
  • Object / restrict — manage notification categories, make your profile private, block users, and opt out of non-essential communications.
  • Withdraw consent — for anything based on your consent, at any time.

To exercise these rights, use the relevant controls in your settings or contact us through the Platform.

8 Data Retention

We retain personal data only as long as necessary for the purposes described in this policy or as required by law. When you delete your account, we remove or anonymise your personal information, though some content you posted publicly (such as comments on others' posts) may remain in a de-identified form. Backups are rotated on standard schedules.

9 Children's Privacy

Nalanda Club is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn we have, we will delete it promptly. If you believe a child has given us personal information without consent, please contact us.

10 Third-Party Links & Services

The Platform may contain links to third-party websites, tools, and services (including institute subdomain sites managed by institutes). We are not responsible for the privacy practices of third parties. Review their policies before sharing information with them.

11 Sponsored Content

Some areas of the Platform may show sponsored posts or promotional content, clearly labelled as such. We do not share your personal information with advertisers, and we do not build targeted-advertising profiles. Engagement with sponsored content (for example, dismissing a sponsored post) is logged only to avoid showing you the same item again.

12 International Data Transfers

Your information may be processed in countries other than your own. Where required by law, we use appropriate safeguards for such transfers.

13 Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes, we will notify you through the Platform. Continued use after changes are posted constitutes acceptance of the revised policy.

14 Contact Us

If you have questions about this Privacy Policy or how your data is handled, please reach us through the contact page.