Privacy Policy
Effective Date: April 20, 2026
Introduction
IMEC NETWORK ("we," "our," "us"), with offices in Delhi, India, is committed to protecting your privacy in compliance with India's Digital Personal Data Protection Act, 2023 (DPDP Act), Information Technology Act, 2000, and relevant IT Rules. This Policy explains how we collect, use, disclose, secure, and manage personal data when you use https://imec-rho.vercel.app/ ("Services").
Information We Collect
a. Personal Information (as defined under DPDP Act)
- Name, email address, phone number (provided during signup or contact forms)
- Account credentials (username, password—hashed)
- Payment details (if processed via third-party gateways like Razorpay/Stripe)
b. Non-Personal/Technical Information
- IP address, browser type/version, device ID, operating system
- Pages visited, time spent, clickstream data, usage patterns
- Cookies, local storage data for session management and preferences
How We Use Information
We process data only for legitimate purposes:
- Provide, maintain, and improve Services (e.g., user authentication, data processing features)
- Communicate via email notifications, support responses, or updates
- Analyze usage trends to optimize performance and develop new features
- Detect/prevent fraud, security threats, or abuse
- Comply with legal obligations (e.g., tax records, court orders)
Cookies and Tracking Technologies
We use essential cookies for login/session functionality, analytics cookies (e.g., Google Analytics or Vercel Analytics) for traffic insights, and optional performance cookies. Manage preferences:
- Browser settings (e.g., Chrome: Settings > Privacy > Cookies)
- Cookie consent banner on first visit (opt-in/opt-out)
Data Sharing and Disclosure
We do not sell, rent, or trade personal data. Disclosures are limited to:
- Trusted service providers (e.g., Vercel for hosting, cloud storage like AWS/GCP) under strict contracts
- Law enforcement/government authorities with valid legal requests
- Business transfers (e.g., merger/acquisition, with notice)
Data Security
We implement industry-standard measures: AES-256 encryption for data at rest/transit, access controls (RBAC), regular security audits, and compliance with ISO 27001 principles. However, absolute security cannot be guaranteed over the internet.
Data Retention
Personal data is retained only as necessary: active accounts (until deletion request), logs (90 days), backups (1 year). Upon request or account closure, data is securely deleted or anonymized.
Your Rights under DPDP Act
As a Data Principal, you can:
- Access, correct, or erase your data (via account dashboard or email)
- Withdraw consent anytime (stops further processing)
- File grievances with our Data Protection Officer; resolution within 30 days
- Nominate a lawful guardian for rights exercise (if incapacitated)
Third-Party Services
Integrations like analytics (Google), payments (Stripe), or hosting (Vercel) have separate policies. We ensure they meet equivalent protection standards via Data Processing Agreements.
Children's Privacy
Services are not directed at children under 18. We do not knowingly collect their data. Parents/guardians: contact us to request deletion.
Cross-Border Data Transfers
Data may be processed in India or EU/US providers (with Standard Contractual Clauses for adequacy).
Updates to This Policy
Changes will be posted here with a new effective date. Material updates trigger email notification to registered users.