Privacy Policy

Effective date: 25 May 2026  ·  Last updated: 25 May 2026

This Privacy Policy explains how Professor's Note ("we", "us", or "our") collects, uses, stores, shares, and protects personal data when you visit https://professorsnote.com or use our learning platform, mobile-friendly website, APIs, and related services (collectively, the "Platform").

We are committed to handling personal data responsibly and in accordance with applicable laws, including the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as amended from time to time.

By using the Platform, you acknowledge that you have read this Privacy Policy. Where consent is required by law, we will obtain it separately for specific processing activities.

1. Data controller

The data controller responsible for your personal data is:

• Professor's Note
• Website: https://professorsnote.com
• Email: support@professorsnote.com
• Country of operation: India

2. Definitions

• Personal data means any data about an individual who is identifiable by or in relation to such data.
• Processing means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
• Data principal means you — the individual to whom personal data relates.
• Data processor means a third party that processes personal data on our instructions.
• Service means the Platform and all features accessible through your Account or as a visitor.

3. Personal data we collect

Depending on how you interact with the Platform, we may collect the following categories of personal data:

3.1 Account and identity data

• Full name
• Email address
• Password (stored only as a secure cryptographic hash — we never store plain-text passwords)
• Account role (for example, learner or administrator)
• Profile preferences you choose to provide

3.2 Transaction and billing data

• Order history, receipts, and product purchased (courses, book subscriptions, services)
• Payment status, amount in INR, and transaction references
• Limited billing metadata supplied by our payment partner (for example, payment method type — we do not store full card numbers or UPI PINs)

3.3 Usage and access data

• Course enrolments, access grants, and subscription status
• Pages viewed, search queries, and catalogue interactions
• Device type, browser type, operating system, and approximate location derived from IP address
• IP address, timestamps, and diagnostic logs for security and performance

3.4 Communications and support data

• Messages you send via contact forms, email, or feedback channels
• Support tickets and correspondence with our team

3.5 User-generated content

• Course reviews, ratings, and feedback you submit
• Any other content you voluntarily post on the Platform

3.6 Notification data

• In-platform notifications related to orders, access, announcements, or account activity
• Email delivery metadata where we send service or promotional messages

3.7 Data we do not intentionally collect

We do not require you to provide sensitive personal data such as biometric identifiers, health records, or government ID numbers to use the Platform. Please do not submit such information unless we explicitly request it for a lawful purpose.

4. How we collect data

We collect personal data when you:

• register for an Account or update your profile;
• purchase a Course, book subscription, or service;
• access enrolled content or use dashboard features;
• submit reviews, feedback, or support requests;
• subscribe to announcements or marketing (where offered);
• interact with cookies, local storage, or similar technologies;
• communicate with us by email, phone, or contact forms.

We may also receive limited data from payment processors (such as Razorpay) to confirm transaction status and prevent fraud.

5. Legal bases for processing

We process personal data on one or more of the following bases, as applicable under Indian law and general privacy principles:

• Consent — where you have given clear consent, for example for optional marketing emails or non-essential cookies.
• Contract — to create and manage your Account, deliver purchased Digital Products, and provide customer support.
• Legal obligation — to comply with tax, accounting, anti-fraud, or regulatory requirements.
• Legitimate interests — to secure the Platform, prevent abuse, improve services, and understand aggregate usage, balanced against your rights.

Where consent is the basis, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

6. How we use personal data

We use personal data to:

• provide, operate, and maintain the Platform;
• authenticate users and manage Account security;
• process payments and fulfil Orders;
• grant, monitor, and revoke access to Courses, books, and subscriptions;
• send transactional communications (receipts, access confirmations, security alerts);
• respond to enquiries and resolve support issues;
• moderate reviews and enforce our Terms and Conditions;
• display aggregated government job notices and platform announcements;
• analyse usage trends and improve content, performance, and user experience;
• detect, investigate, and prevent fraud, abuse, or security incidents;
• comply with legal obligations and defend legal claims.

7. Cookies and local storage

We use cookies and browser local storage to operate the Platform effectively.

7.1 Strictly necessary storage

We store authentication session data (including JWT access tokens) in your browser's local storage under the key pn:auth:v1 so you remain signed in across pages. This is essential for Account functionality. Session and security cookies may also be used by our web server.

7.2 Functional and preference storage

We may remember theme preferences (light/dark mode) and similar UI settings to improve your experience.

7.3 Analytics

We may use privacy-conscious analytics to understand traffic patterns. Where non-essential analytics or advertising cookies are used, we will request consent where required by law.

7.4 Your choices

Most browsers allow you to block or delete cookies and local storage. If you disable strictly necessary storage, sign-in and purchased-content access may not work correctly. Refer to your browser settings for controls.

8. Sharing and processors

We do not sell your personal data. We share personal data only as described below:

8.1 Service providers (processors)

We engage trusted third parties to perform functions on our behalf, including:

• Razorpay — payment processing and fraud prevention;
• Hosting and infrastructure providers — website and database hosting;
• Email delivery services — transactional and support email;
• Content delivery networks — performance and asset delivery.

These providers process data only under our instructions and contractual confidentiality and security obligations.

8.2 Legal and safety disclosures

We may disclose personal data if required by law, court order, or government request, or when we believe disclosure is necessary to protect rights, safety, and security, investigate fraud, or respond to an emergency.

8.3 Business transfers

If we undergo a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction. We will notify you where required before your data becomes subject to a different privacy policy.

8.4 Public content

Reviews or feedback you choose to publish may be visible to other users. Do not include personal contact details in public posts unless you intend them to be public.

9. International transfers

Our primary systems are located in India. Some service providers may process data in other countries. Where personal data is transferred outside India, we implement appropriate safeguards — such as contractual protections and security measures — consistent with applicable law.

10. Data retention

We retain personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required by law.

• Account data — retained while your Account is active and for up to 3 years after closure, unless a longer period is required for legal or dispute resolution purposes.
• Transaction records — retained for at least 8 years where required by Indian tax and accounting regulations.
• Support communications — typically retained for up to 2 years after resolution.
• Server logs — typically retained for 90 days to 12 months for security and diagnostics.
• Marketing preferences — retained until you unsubscribe or withdraw consent.

When data is no longer needed, we delete or anonymise it using commercially reasonable methods.

11. Security

We implement administrative, technical, and organisational measures designed to protect personal data, including:

• HTTPS encryption in transit;
• password hashing using industry-standard algorithms;
• role-based access controls for administrative functions;
• JWT-based authentication with token expiry;
• logging and monitoring for suspicious activity;
• restricted access to production databases and secrets.

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security. Please use a strong, unique password and keep your credentials confidential.

If we become aware of a personal data breach likely to affect your rights, we will notify you and relevant authorities as required by applicable law.

12. Your rights and choices

Depending on applicable law, including the DPDP Act, you may have the following rights:

• Access — request confirmation of whether we process your personal data and obtain a copy.
• Correction — request correction of inaccurate or incomplete personal data.
• Erasure — request deletion of personal data where it is no longer necessary or consent is withdrawn, subject to legal retention requirements.
• Withdraw consent — where processing is consent-based, withdraw consent at any time.
• Grievance redressal — lodge a complaint with our Grievance Officer (see Section 18).
• Nomination — under the DPDP Act, you may nominate another individual to exercise your rights in the event of death or incapacity, as prescribed by law.

To exercise your rights, email privacy@professorsnote.com from your registered email address. We may verify your identity before responding. We aim to respond within 30 days, or sooner where required by law.

You may update certain Account details directly from your profile or settings page when signed in.

13. Children's privacy

The Platform is not directed at children under 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe we have collected data from a child under 13, contact us at privacy@professorsnote.com and we will take steps to delete it promptly.

Users aged 13–17 should use the Platform with parental or guardian supervision. Parents and guardians are responsible for monitoring minors' use of the Platform.

14. Marketing communications

We may send promotional emails about new courses, offers, or platform updates if you opt in or where permitted by law based on your existing relationship with us. You may opt out at any time by clicking the unsubscribe link in any marketing email or by contacting support@professorsnote.com.

Transactional and service-related messages (for example, purchase receipts or security alerts) are not marketing messages and may still be sent while you have an Account.

15. Automated processing

We may use automated tools to moderate user reviews, detect fraud, aggregate government job notices from public sources, and monitor system health. We do not make solely automated decisions that produce significant legal or similarly significant effects on you without appropriate human oversight where required by law.

16. Third-party links

The Platform may contain links to third-party websites (including YouTube, government portals, and payment pages). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing personal data.

17. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be posted on this page and, where appropriate, notified by email or prominent notice on the Platform before they take effect.

Your continued use of the Platform after an update constitutes acknowledgement of the revised policy, except where further consent is required by law.

18. Contact and grievance officer

For privacy questions, data subject requests, or complaints:

• Privacy enquiries: privacy@professorsnote.com
• General support: support@professorsnote.com
• Phone: +91 9849486113 (Mon–Sat, 9 AM – 6 PM IST)
• Contact page: professorsnote.com/contact

Grievance Officer (India)

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Grievance Officer for Professor's Note is:

• Name: Grievance Officer, Professor's Note
• Email: grievance@professorsnote.com
• Response timeline: acknowledgement within 24 hours; resolution within 15 days, or as otherwise prescribed by applicable law.

If you are not satisfied with our response, you may have the right to escalate to the Data Protection Board of India or other competent authority once fully constituted and operational under the DPDP Act.