Prelimz Logo
Profile Picture

Privacy Policy - Prelimz
Effective Date: 01/06/2025
Last updated : 16/01/2026

Prelimz Edu (“Prelimz”, “we”, “us”, or “our”), a Udyam-registered enterprise, operates the web application available at https://prelimz.com (the “Application” or “Platform”) through which it provides mainly educational and other related services (the “Services”). The Application and the Services are collectively referred to herein as the “Platform and Services”.

This Privacy Policy (the “Policy”) explains the categories of data we collect when you access or use the Platform, how such data, including your Personal Data, is collected, used, handled, stored, secured, and shared, the purposes for which such data is processed, and the privacy rights and choices available to you in relation to the Services.

By accessing the Platform or using the Services, you confirm that you have read and understood this Privacy Policy. Where required under applicable law, you consent to the collection and processing of your Personal Data in accordance with this Policy. If you do not agree with the terms of this Policy, you must not access or use the Platform or the Services.

This Policy should be read in conjunction with our Terms and Conditions and any other policies published on the Platform.

A. Collection of Data

We collect and process certain personal data, non-personal data, usage data, technical data, and aggregated or anonymized information, as further described in this Policy, in connection with the operation, improvement, and security of the Platform.

We collect and process the personal data of users who are natural persons (“Data Principals”) only in accordance with the Digital Personal Data Protection Act (DPDPA) and for lawful purposes. Prelimz is the Data Fiduciary of the Personal Data that it collects and processes in connection with the use of the Platform and the provision of the Services.

For clarity, we divide the information relating to the collection and processing of data into two main categories: A.1. Personal Data You Provide Directly, and A.2. Automatically Collected Data, as described in detail below in this Policy.

A.1. Personal Data You Provide Directly

Under the Digital Personal Data Protection Act “Personal Data” refers to any digital information about an individual who is identifiable by or in relation to such data. For the purposes of this Platform, this includes information such as your name, email address, profile information, and certain online identifiers (such as a Google account identifier), to the extent such information is processed in connection with registration or use of the Platform.

This definition does not include information that you have voluntarily made publicly available, to the extent such information is excluded from the scope of Personal Data under applicable law.

Prelimz follows the principle of Data Minimization. We collect only the minimum personal data necessary to provide our Services, authenticate users, process payments, ensure security, and comply with legal obligations. We do not intentionally collect or store categories of data that are commonly understood as sensitive, such as your financial credentials (e.g., credit card numbers), health information, biometric data, or precise geolocation. Furthermore, in line with our security design, Prelimz does not handle or store end-user account passwords for authentication, as user authentication is performed through third-party identity providers.

A.1.i. Personal Data Obtained While Registering or Signing In

Some parts of the Platform require registration to access certain features, such as creating and managing your account, authenticating you on the Platform, providing access to paid or restricted content, and communicating important service-related information including account updates and notices.

Consistent with data minimization, Prelimz does not handle, process, or store user passwords or login credentials. Instead, we use Google Sign-In, a third-party identity provider (IdP) that authenticates users via an OAuth-based Single Sign-On (SSO) mechanism. Google Sign-In uses secure authorization protocols to verify and validate a user’s identity, and only shares limited account information with Prelimz in accordance with the permissions granted by you through the Google OAuth consent flow.

Specifically, when you sign in through Google Sign-In using your Google Account, we receive only the following data from Google:

  • A unique user identifier;
  • Email address;
  • First name;
  • Last name;
  • Profile picture URL (if available).

As permitted under the Digital Personal Data Protection Act, 2023 and applicable rules made thereunder, personal data may be processed for a lawful purpose based on the consent of the Data Principal; accordingly, if you choose to sign in using your Google Account, you authorize us to receive the limited information described above from your Google Account, which is necessary to enable this sign-in functionality. You may manage or revoke this access at any time through your Google Account Security Settings, by removing Prelimz from your connected applications.

A.1.ii. Data About Actions You Take

We may process limited data about how you interact with the Platform while using the Services. This includes actions such as visiting pages, navigating between different pages of the website, interacting with various features, setting preferences, and engaging with educational content (for example, attempting or solving questions and submitting your responses to multiple-choice questions). Such data is linked to a user account only to the extent required to provide continuity of Services.

Given the nature of the Platform as an educational and assessment-based service, we necessarily collect and process certain user inputs, such as your responses to questions, in order to evaluate your performance, display correct and incorrect answers, calculate scores, track accuracy, and present learning-related analytics and progress reports. Such processing is undertaken as a legitimate use and for a lawful purpose reasonably expected by users in the context of the Services, and is limited to what is required to provide these educational features.

We process this data to operate and improve the Platform, enhance user experience, and ensure service functionality, in a manner reasonably expected by users and proportionate to the purpose of providing the Services. We do not use this information for profiling, advertising, marketing, or behavioral analysis beyond what is strictly necessary to deliver the Services.

A.1.iii. Personal Data Obtained While Establishing Contact

There may be times when you wish to communicate with Prelimz, such as to submit feedback, raise a query, or register a complaint, including through the contact form available on the Platform, by email, or by phone.

In such cases, we may process the personal data and other information you voluntarily provide, which may include your name, email address, phone number (if provided), and the contents of your communication, for the lawful purpose of responding to your request, resolving issues, or providing support, as a legitimate use reasonably expected by users when contacting us.

A.1.iv. Personal Data Obtained While Interacting with the Payment Processor Services (PSPs)

Certain Services on the Platform are offered on a paid or subscription basis. As the Platform offers paid Services, it is necessary for us to facilitate secure online payments. Given the complexity, regulatory requirements, and security standards involved in payment processing, Prelimz does not operate its own payment gateway and instead relies on established, industry-recognized third-party payment processors to process payments on our behalf.

To facilitate such payments, Prelimz relies on the third-party payment processor Razorpay, which operates independently as a separate data fiduciary and is governed by its own terms and privacy policies.

Here are the direct links to the terms and privacy policy of our current payment processor, Razorpay:

When you initiate a payment, Razorpay may collect certain personal and billing-related information directly from you as part of the checkout process. This may include details such as your email address, mobile number, and state of residence, which are required for transaction processing, invoice generation, and compliance with applicable tax laws, including Goods and Services Tax (GST).

To the extent permitted and required under applicable law, certain limited billing and transaction-related information (limited to transaction identifiers, payment status, invoice details, and amounts) collected by Razorpay may be shared with Prelimz as necessary for (i) compliance with applicable laws (including tax and financial regulations), and (ii) related operational purposes strictly necessary for compliance and internal record-keeping, such as bookkeeping, accounting, and audit requirements.

Prelimz does not collect, store, or process sensitive financial information such as card numbers, CVV, UPI IDs, or bank account details. All sensitive payment information is processed securely by Razorpay in accordance with its applicable privacy and security practices. Prelimz does not use transaction-related personal data for marketing, advertising, or profiling purposes.

The processing of transaction-related personal data is necessary to provide the paid Services requested by you, manage subscriptions, handle refunds or cancellations (where applicable), maintain transaction records, and comply with applicable legal and tax obligations.

A.2. Automatically Collected Data

When you access or use the Platform, certain technical information may be collected automatically to ensure the proper functioning, security, and performance of the Services. This information may be processed by Prelimz's application, or by the third-party services and infrastructure necessary to deliver the Platform.

A.2.i. Data Automatically Collected or Processed by Prelimz

In line with our data minimization principle, Prelimz's core application does not log, store, or use detailed device identifiers, persistent tracking identifiers, or user-attributable Internet Protocol (IP) addresses for advertising, marketing, or external profiling purposes.

For the essential operation of the Platform, our application collects only limited, strictly necessary technical information. This primarily includes anonymous session identifiers used to maintain your login state and ensure platform security.

A.2.i.a. Usage Analytics for Service Improvement:

Prelimz may collect limited, non-invasive usage information, such as the specific pages or endpoints accessed, timestamps of access, and basic interaction events. This data is collected solely for the purposes of understanding feature usage, improving platform performance, detecting errors, and enhancing service reliability. The legal basis for this processing is our legitimate use in maintaining and improving our Services.

Such usage data is collected in a proportionate manner and is not used for advertising, marketing, or profiling. Where such data is linked to a user account, it is processed only to the extent necessary to provide continuity of Services and improve the educational features of the Platform. For broader analytical purposes, this data is aggregated or anonymized to prevent identification of individual users.

A.2.i.b. Infrastructure & Security-Level Processing:

To provide and secure the Services, our underlying technical infrastructure (including servers, networks, and security systems) inherently receives connection data, such as IP addresses, as part of standard internet communication. This data may be processed transiently for:

  • Delivering network traffic and maintaining service stability.
  • Protecting the Platform and its users from security threats, abuse, and unauthorized access (e.g., through automated threat detection and firewall systems).

Prelimz does not access, use, or store these infrastructure-level logs for advertising, marketing, user profiling, or any purpose beyond immediate operational and security needs.

A.2.i.c. Cookies Used by Prelimz

Prelimz uses a minimal number of first-party cookies strictly for functional purposes: a Session Cookie and Preference Cookies. These cookies do not contain advertising identifiers, tracking pixels, or profiling information, and are never shared with third parties for marketing purposes.

  • Session Cookie: Essential to perform our contract with you by maintaining your login state. It expires after a limited period.
  • Preference Cookies (langPref, darkMode): Set based on your explicit choice to remember your language and display theme for a consistent experience. These are not required for the basic Services to function. The legal basis for processing these cookies is performance of contract (Session Cookie) and consent (Preference Cookies).

You can manage or disable these cookies at any time through your browser settings. Please note that disabling the Session Cookie will log you out and prevent access to your account.

A.2.ii. Data Automatically Collected by Third-Party Services

During payment transactions, third-party payment service providers such as Razorpay may place cookies or similar technologies that are necessary to process payments securely and prevent fraud. These cookies are governed by the privacy policies of the respective payment service providers, and Prelimz does not access or control such cookies.

A.2.ii.a. Payment Processor Services (PSPs):

During transactions, providers like Razorpay collect necessary information, including payment details and IP addresses, to process payments securely and prevent fraud. Prelimz does not access or store sensitive payment credentials from this process.

A.2.ii.b. Hosting and Infrastructure Providers:

Our Platform is hosted on virtual private servers (VPS) provided by Hostinger, whose data center for our services is currently located in Mumbai, India. Hostinger acts as our infrastructure and hosting service provider and processes certain technical data strictly necessary to deliver, secure, and maintain the hosting environment.

In the course of providing infrastructure services, Hostinger may process:

  • Network and connection data such as source IP addresses, timestamps, and basic traffic metadata required to route requests to our servers and protect against abuse (for example, intrusion attempts, denial-of-service attacks, or other suspicious activity).
  • Server performance and operational metrics such as CPU, memory, storage, and bandwidth usage, system logs, and security events necessary to maintain reliability, availability, and security of the VPS.

Hostinger does not have routine access to the content you submit within the Platform (such as your account details, learning data, or test responses). Such content remains under the control of Prelimz and is stored and processed within our VPS environment.

For further details on how Hostinger processes data in its capacity as an infrastructure provider, please refer to Hostinger’s Privacy Policy, available at: https://www.hostinger.com/legal/privacy-policy.

For details on how these third parties handle data, please consult their respective privacy policies.

B. Use of Your Personal Data

Prelimz uses the personal data described in Section A only for specific, explicit, and lawful purposes that are directly connected to the operation of the Platform and the provision of the Services. Personal data is processed in accordance with the Digital Personal Data Protection Act (DPDPA), and only to the extent reasonably necessary to achieve the purposes described below.

We do not use personal data for purposes that are incompatible with the purposes for which it was collected, unless permitted or required under applicable law.

B.1. Core Services and Account Management Purposes

Prelimz processes personal data for the purpose of creating, maintaining, and managing user accounts, authenticating users, and providing access to the Platform and its features.

This includes processing limited information received through Google Sign-In (such as your name, email address, and profile information) to uniquely identify you, enable secure access, and ensure continuity of services across sessions.

Legal basis: Performance of a contract with you (to provide the Services you request).

B.2. Payment, Subscription, and Financial Management Purposes

Where you choose to access paid or subscription-based Services, Prelimz processes limited transaction and billing-related information to enable payment processing through third-party payment services providers, manage subscriptions and renewals, issue invoices, maintain accounting and financial records, and comply with applicable tax, audit, and financial laws, including Goods and Services Tax (GST) requirements.

Prelimz does not use transaction or billing information for marketing or unrelated purposes.

Legal basis: Performance of a contract (to provide paid Services) and compliance with legal obligations.

B.3. Communication and Support Purposes

Prelimz may process personal data to communicate with you regarding account-related notices, services updates or changes, security-related alerts, responses to queries, feedback, or complaints, and customer support interactions initiated by you.

Such communications are limited to what is necessary to provide the Services and support your use of the Platform.

Legal basis: Performance of a contract and processing reasonably necessary to provide the Services and ensure platform security.

B.4. Platform Operation, Security, and Improvement

Prelimz processes limited technical and interaction-related data to operate and maintain the Platform, ensure system security and integrity, prevent misuse, fraud, or unauthorized access, troubleshoot technical issues, and improve functionality and user experience based on aggregated insights.

This processing does not involve user profiling beyond what is necessary for services delivery and does not rely on detailed tracking or in-house analytics systems.

Legal basis: Processing reasonably necessary for the lawful purpose of operating, securing, and improving the Platform, as permitted under the Digital Personal Data Protection Act.

B.5. Use of Third-Party Services Providers

Certain services integrated into the Platform involve third-party services providers that process personal data either on behalf of Prelimz to enable core functionality or independently as separate data fiduciaries, strictly for the purposes of providing their respective services.

Such third-party services providers currently include identity authentication services such as Google Sign-In (IdP + OAuth + SSO) and payment processing services such as Razorpay. These services providers process personal data in accordance with their own applicable privacy policies and legal obligations.

Prelimz selects service providers whose practices are aligned with our privacy standards. However, their independent processing is governed by their own privacy policies.

B.6. Purpose Limitation and Data Protection Commitment

Prelimz does not sell, rent, or trade personal data. Personal data is not used for purposes unrelated to those described in this Policy unless additional consent is obtained where required under applicable law.

We regularly review our data processing activities to ensure they remain limited to the purposes described above and aligned with the principles of data minimization and user protection.

3. Third-Party Services

Google Services

  • Google OAuth – Authentication
  • Google Analytics – Website analytics
  • Google AdSense – Advertising

Google Privacy Policy

Ad Personalization Settings

Razorpay Payment Gateway

All payments made on https://prelimz.com are handled exclusively by Razorpay. Prelimz does not store card or banking details.

Razorpay Privacy Policy

Hosting Provider

Prelimz is hosted on secure cloud-based infrastructure provided by third-party service providers, which are contractually required to implement appropriate security safeguards.

4. Payment Information

Prelimz does not store or process sensitive financial information such as card numbers, bank account details, or UPI credentials on its own servers.

We do store limited transaction-related information, including payment ID, order ID, transaction amount, date and time of payment, and payment status, for purposes such as subscription management, customer support, accounting, and compliance with applicable legal and tax obligations.

All payment transactions are processed securely by our third-party payment gateway provider in accordance with their applicable privacy and security standards.

5. Data Security and Breach Notification

We implement reasonable technical and organizational measures to protect personal data. However, no system can guarantee absolute security.

These measures include, but are not limited to, server-level security and hardening measures designed to protect our infrastructure from unauthorized access and misuse, the use of Secure Socket Layer (SSL) encryption for data transmission, strict access controls to personal data within our organization, and the use of secure third-party authentication mechanisms such as Google Sign-In, which enables users to authenticate without sharing passwords with Prelimz.

While we take reasonable steps to safeguard personal data, you acknowledge that data transmission over the Internet is not completely secure, and we cannot guarantee the security of information transmitted through the Platform.

Data Breach Notification: In compliance with the Digital Personal Data Protection Act in the event of a personal data breach likely to harm your rights, we will notify the Data Protection Board of India and affected users, take remedial measures, and maintain breach records as required by law.

6. Data Retention

This policy establishes guidelines for retaining and disposing of data to ensure compliance with legal and regulatory requirements, support business operations, and manage risk.

Personal data associated with user accounts is generally retained until the user requests deletion of their account or personal data, unless a longer retention period is required or permitted under applicable law (for example, for financial, tax, or legal compliance).

Transaction-related records are retained for up to 7 years, as required under applicable financial and tax laws. Cookies are stored according to browser settings and applicable third-party configurations.

Users may request deletion of their account and associated personal data at any time by contacting our Grievance Officer (details provided in Section 14) or through the designated process available on the Platform.

7. Your Rights Under DPDPA 2023

You may exercise any of the following rights under the DPDPA by submitting a verifiable request to our Grievance Officer using the contact details provided in Section 14:

  • Access your personal data
  • Correct inaccurate information
  • Delete your account and personal data
  • Grievance redressal

8. Children's Privacy and Parental Consent

Prelimz is intended for and directed to users who are at least 16 years of age. We do not knowingly collect personal data from individuals under 16.

If you are under 16, please do not use the Platform or provide any Personal Data to us. If we become aware that we have collected personal data from a user under 16, we will delete such information promptly.

If you believe that we may have collected personal data from or about a child under 16, please contact our Grievance Officer immediately.

10. Cross-Border Data Transfers

Some third-party services may process data outside India. We ensure appropriate safeguards are applied in accordance with the Digital Personal Data Protection Act, 2023.

11. Consent Acknowledgment

By accessing or continuing to use Prelimz, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data. Your personal data is processed based on one or more of the following legal bases as defined under the DPDPA, 2023: (i) your consent (e.g., for Google OAuth); (ii) the necessity for performing our contract with you (e.g., providing paid subscriptions); (iii) our legitimate uses (e.g., platform security and improvement); and (iv) compliance with legal obligations (e.g., retaining financial records).

12. Changes to This Privacy Policy

We reserve the right to revise and/or amend this Privacy Policy at any time. If we make changes, we will post a notification on our homepage for a period of seven (7) days and update the 'Effective Date' at the top of the Privacy Policy page to reflect the current version.

13. Contact Us

- Email: contact@prelimz.com - Contact Page: https://prelimz.com/contact-us - Website: https://prelimz.com

14. Grievance Officer

  • Name: Gajanan N
  • Designation: Grievance Officer
  • Email: gajanan.nav@gmail.com
  • Response Time: Within 30 days