Skip to content
Nexigrate

Privacy

Privacy Policy

Effective date: 23 May 2026 · Compliant with the Digital Personal Data Protection Act, 2023 (India).

This policy explains what personal data Nexigrate (“we”, “us”) collects about you, why we collect it, how we use and protect it, and the rights you have under the Digital Personal Data Protection Act, 2023 (the “DPDP Act”). It applies to nexigrate.com, app.nexigrate.com, and our APIs.

1. Data we collect

When you join the waitlist

  • Email address.
  • Exam you are preparing for.
  • Anonymous, aggregated visit metrics (no third-party trackers).

When you sign in to the app

  • Authoritative identifiers from your Google account: name, email, profile photo URL.
  • Phone number, if you sign in via OTP.
  • Sign-in timestamps and the auth provider used.

As you use the app

  • The exam, class, and board you choose during onboarding.
  • MCQ sessions: the questions shown, the answers you picked, your score, and the timestamp of each attempt.
  • Credit ledger entries (awards and spends) that drive your balance.
  • Feedback and bug reports you send us, with the technical context attached (browser, page, time).

When you pay

  • Subscription plan, billing interval, and amount.
  • Razorpay order ID, payment ID, and signature for verification.
  • We do not store full card numbers, CVVs, UPI VPAs, or bank account numbers. Razorpay handles those directly.

2. Why we collect it (the “purposes”)

  • To create your account and let you sign in across devices.
  • To pick a daily MCQ set tailored to your target exam.
  • To award and spend credits, run the streak counter, and compute your progress.
  • To process payments and provide receipts.
  • To prevent abuse, fraud, and harm to other users.
  • To improve the product, including by aggregating anonymous accuracy data per chapter.
  • To meet our legal obligations (tax records, lawful requests from authorities).

3. Where data is stored

Your account, MCQ sessions, and credit ledger live in Cloud Firestore in the asia-south1 (Mumbai) region. Authentication is handled by Firebase Auth. Static assets are delivered from Cloudflare’s global CDN. Waitlist emails are stored in Cloudflare KV in the India region. Payments are processed by Razorpay under their privacy policy. All data in transit is encrypted with TLS 1.2+; at rest, Firestore encrypts data with Google-managed keys.

4. Who we share data with

We share the minimum data necessary with the following processors:

  • Google Cloud — Firestore database and Firebase Auth, in the Mumbai region.
  • Cloudflare — DNS, CDN, marketing site hosting, waitlist KV.
  • Razorpay — payment processing only.
  • Resend — transactional email delivery (waitlist, receipts).

We do not sell, rent, or trade your personal data. We do not run third-party advertising trackers on this site.

5. How long we keep data

  • Account profile: while your account is active, plus 90 days after deletion to allow account-recovery requests.
  • MCQ sessions and credit ledger: as long as your account is active. After deletion, we keep an anonymised copy for aggregate analytics.
  • Payment records: 8 years, as required by Indian tax law.
  • Waitlist emails: until you ask us to remove them.

6. Your rights under the DPDP Act

  • Access: ask us for a copy of the personal data we hold about you.
  • Correction: ask us to fix data that is wrong or incomplete.
  • Erasure: ask us to delete your account and the data attached to it (we will explain what we are required to keep for legal reasons).
  • Grievance redressal: write to us if you feel your rights have been violated. We will respond within 30 days.
  • Nominate: in case of incapacitation or death, you can nominate another individual to exercise your rights. Email us if you want to register a nomination.

7. Children

Many of our users are minors. We comply with the Digital Personal Data Protection Act, 2023 in how we handle personal data of users under 18, and we do not run behavioural advertising or third-party tracking on the Service for any user, minor or adult. Children should use Nexigrate with the knowledge of a parent or legal guardian. If you are a parent and want to review or delete the data on your child's account, please email us and we will help.

8. Cookies

We use a small number of strictly necessary cookies and localStorage entries to keep you signed in and to remember your last result. We do not run advertising or third-party tracking cookies.

9. Changes

We may update this policy from time to time. Material changes will be announced on this page and, where relevant, by email at least 7 days before they take effect.

10. Contact and grievance officer

Privacy questions and DPDP requests: hello@nexigrate.com. We will acknowledge within 3 working days and resolve within 30 days where possible. Until we appoint a separate Data Protection Officer, the founder serves as the grievance officer reachable at the same address.