NEW RI-2027 coming soon — Enrolment opens 1 September 2026 Get Notified →
Home R&D Projects Publications
Research Intake ▾
Services Community About Donate
Legal

Privacy Policy

Last updated: 25 May 2026  ·  Effective: 25 May 2026

1. Data Controller

Gudsky Research Foundation ("Gudsky", "we", "us") is the data controller responsible for personal data collected through gudsky.org. We are a Section 8 non-profit company registered in India and are committed to protecting your privacy in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and applicable provisions of India's data protection framework.

By using our Site or services, you consent to the practices described in this Privacy Policy.

2. Data We Collect

2.1 Information You Provide

  • Contact Form: Name, email address, phone number (optional), and message content.
  • Research Intake Registration: Name, email, phone, academic institution, degree level, area of research interest, and statement of purpose.
  • VRC Membership / Enquiry: Name, email, institutional affiliation, and membership tier preference.
  • Donations: Name, email, and amount. Payment details are processed by our payment gateway and are not stored on our servers.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, time spent, referring URLs, and browser type — collected via server logs and analytics tools.
  • Session Data: PHP session identifiers used to maintain your session while navigating the Site.
  • IP Address: Collected for security, rate-limiting, and analytics purposes.

2.3 Sensitive Personal Data

We do not intentionally collect sensitive personal data such as financial information (beyond donation amounts), biometric data, health records, or government ID numbers through our forms. Please do not submit such information unless specifically requested.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Service Delivery: To process registrations, respond to enquiries, deliver programme access, and send relevant communications.
  • Communications: To send programme updates, announcements, and newsletters. You may opt out at any time.
  • Security: To detect, prevent, and respond to fraud, abuse, or unauthorised access.
  • Analytics: To understand how the Site is used so we can improve our services.
  • Legal Compliance: To comply with applicable Indian laws and regulatory requirements.
  • Donations: To process contributions and issue receipts/certificates as required.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

4. Cookies & Tracking

Our Site uses the following types of cookies:

TypePurposeDuration
Session CookieMaintains your PHP session, CSRF token, and flash messagesBrowser session
Preference CookieStores your cookie consent choice1 year
Analytics CookieCollects anonymised usage data (if analytics enabled)Up to 2 years

You can control cookies through your browser settings. Disabling session cookies may affect Site functionality. You can withdraw consent for non-essential cookies at any time by clearing your browser's local storage or cookies.

5. Data Sharing & Disclosure

We may share your data with:

  • Service Providers: Trusted third-party providers (email delivery, payment processing, hosting) who process data on our behalf under data processing agreements.
  • Research Partners: Where you participate in a collaborative programme with an institutional partner (e.g., a university), we may share programme-related information with that institution.
  • Legal Obligations: Where required by Indian law, court order, or lawful authority.

We do not transfer personal data outside India except where necessary for service delivery (e.g., cloud hosting) and only where appropriate safeguards are in place.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Contact form submissions: 2 years from date of receipt.
  • Programme participant records: 5 years from end of programme, or as required by law.
  • Donation records: 7 years, as required under Indian financial regulations.
  • Server logs: 90 days on a rolling basis.

Upon expiry of the applicable retention period, data is securely deleted or anonymised.

7. Security

We implement reasonable technical and organisational security measures to protect your personal data, including HTTPS encryption, CSRF protection on all forms, rate limiting on form submissions, and access controls on administrative systems.

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security and are not liable for breaches caused by events beyond our reasonable control.

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify affected individuals as required by applicable law.

8. Your Rights

Under applicable Indian data protection law, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your data, subject to legal retention obligations.
  • Withdrawal of Consent: Withdraw consent for communications or non-essential data processing at any time.
  • Grievance Redressal: Lodge a complaint with our Grievance Officer (see Section 11).

To exercise any of these rights, email us at privacy@gudsky.org. We will respond within 30 days.

9. Children's Privacy

Our services are intended for individuals aged 16 years and above. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If we become aware that we have collected data from a child under 16 without appropriate consent, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For significant changes, we will notify registered users by email. Your continued use of the Site after the posting of changes constitutes your acceptance of the revised Policy.

11. Grievance Officer

In accordance with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, Gudsky Research Foundation has designated a Grievance Officer to address complaints and concerns regarding personal data and site content.

Grievance Officer
Grievance Officer — Gudsky Research Foundation
Email: grievance@gudsky.org
Postal: Gudsky Research Foundation, India

Complaints will be acknowledged within 24 hours and resolved within 15 days of receipt, as required by applicable law.

If you are not satisfied with the resolution provided by the Grievance Officer, you may approach the appropriate regulatory authority under Indian law.