Privacy

Privacy Policy

Last updated: 12 May 2026 · v3.2 · DPDP-aligned

NIGOC NINETECH PRIVATE LIMITED ("NIGOC", "we") is the data fiduciary for personal data collected through this website and the NIGOC counselor platform. We operate under the laws of India, in particular the Digital Personal Data Protection Act 2023 ("DPDP Act") and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011.

1. Who we are

NIGOC NINETECH PRIVATE LIMITED · CIN U85500OD2024PTC047156 · Registered office 1st Floor, Plot No 738/3389/3414, Mouza Darada, Basta, Baleswar District, Odisha 756022, India · GSTIN 21AAJCN9508L1Z6.

2. What personal data we collect

2.1 At signup

Name, date of birth, school/college board, current grade, predicted board %.
Mobile number (used as login + WhatsApp counseling channel).
Email of student and, when student is a minor, of parent / legal guardian.
Preferred language for counseling (one of 22 Indian languages).
Home district / state (used for state-scholarship matching).

2.2 During counseling

Conversation transcripts with the AI counselor (text + voice).
Uploaded documents — board mark-sheets, draft SOPs, Aadhaar / caste / EWS / domicile certificates strictly for verification, scholarship application forms.
Entrance-exam scores reported by the student (and verified against the candidate-side portal when permission granted).

2.3 Technical telemetry

IP address (for fraud prevention only; not used for behavioural advertising).
Device type, OS version, browser version.
Coarse geolocation derived from IP (state-level, never finer).

3. Why we process it (lawful purposes under §4 DPDP)

Service delivery — to provide the counseling, scholarship matching, document checklist, deadline reminders and interview rehearsal that the student requested.
Compliance — to comply with Indian law, including responding to court / DPDP Board orders.
Safety — to detect fraud, abuse, and any indication that a student is at imminent personal risk (per §9 DPDP "specified legitimate uses").
De-identified research — to study college-access outcomes in collaboration with Indian universities, after irreversibly de-identifying records.

4. Consent & consent withdrawal

We obtain free, specific, informed, unconditional and unambiguous consent at signup, in the language the student chose. When the data principal is a minor (below 18), we additionally obtain verifiable parental consent before processing any data.

Consent can be withdrawn at any time by writing to grievance@nigoc.com or via the in-app "Delete my account" flow. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

5. Data residency & processors

All NIGOC student data is stored exclusively in AWS Asia Pacific (Mumbai) — ap-south-1. We do not replicate, mirror or back up any student data outside India.

NIGOC engages the following processors, each under written agreement aligned with §8(5) DPDP:

Amazon Web Services India Pvt Ltd (cloud hosting, storage, inference, voice services in ap-south-1)
Anthropic PBC (LLM inference; data not retained per Anthropic's enterprise terms)
Google Cloud India Pvt Ltd (analytics and high-throughput fallback inference in asia-south1 Mumbai)
Cloudflare India Pvt Ltd (CDN and DDoS protection for this website)

NIGOC will publish any change to this list at least 14 days before it takes effect.

6. Retention

Active accounts — for as long as the student keeps the account open.
Closed accounts — 18 months from closure, then irreversibly purged.
Verification documents — 90 days after the related scholarship / admission decision, then irreversibly purged.
Counselor conversation transcripts — up to 24 months from last interaction, for service-quality review.
Aggregated, de-identified statistics — retained indefinitely.

7. Your rights (§11-14 DPDP)

Right of access — request a copy of personal data we hold about you.
Right of correction or completion of inaccurate or incomplete data.
Right of erasure — "delete my account" purges per §6 above.
Right to nominate, in case of death or incapacity of the data principal.
Right to grievance redressal — see §10 below.

To exercise any right, write to grievance@nigoc.com. We respond within 7 working days; we resolve within 15 working days.

8. Cookies & tracking

This website uses one strictly-necessary cookie to hold your language preference. We do not use third-party advertising cookies, fingerprinting, or cross-site tracking. Our analytics provider (Cloudflare Web Analytics) is privacy-preserving and does not set cookies.

9. Security

NIGOC applies the security practices defined under the IT Rules 2011 and the CERT-In Directions 2022:

TLS 1.3 for all transit; AES-256 at rest in AWS KMS.
Mandatory 2FA for all NIGOC operator accounts that touch student data.
Quarterly penetration testing by an Indian CERT-In empanelled auditor.
Audit logs retained for 180 days as required by CERT-In Direction 4(iv).

10. Grievance officer

Pursuant to §10 DPDP and Rule 3(2) of the IT (Intermediary Guidelines) Rules 2021:

Name: Niranjan Sethi
Designation: Director / Data Protection Officer
Email: grievance@nigoc.com
Phone: +91 89261 67598 (Mon-Sat 10:00-19:00 IST)
Postal address: Grievance Officer, NIGOC NINETECH PRIVATE LIMITED, 1st Floor, Plot No 738/3389/3414, Mouza Darada, Basta, Baleswar District, Odisha 756022, India

11. Children's data

A substantial share of our user base is below 18. For users below 18 (or, where applicable, below the age of guardianship under their relevant personal law), NIGOC processes data only after verifiable parental consent. We do not track behavioural data of children. We do not show targeted advertising to children.

12. Changes to this policy

Material changes will be notified to registered users via email + an in-app banner at least 14 days before they take effect. Version history is available on request.

13. Disputes

This policy is governed by the laws of India. Any dispute will be adjudicated by the courts of Baleswar, Odisha, save where DPDP Board jurisdiction is specifically invoked.