Privacy Policy

ZenZ IAS™ ("we", "us", or "our") is an online UPSC exam preparation platform available at zenzias.com. We help Indian civil services aspirants study more effectively using structured notes, AI-powered tools, and spaced repetition.

For privacy inquiries, contact us at contact@zenzias.com.

We collect the following categories of information:

a. Account Information

• Full name
• Email address
• Profile picture (if signing in with Google — pulled from your Google account)
• Password (if using email/password signup — stored as a secure hash, never in plain text)

b. Study & Usage Data

• Chapters read, topics completed, bookmarks, and notes you create
• Study session duration and timestamps
• Revision queue ratings and spaced repetition scores
• Exam planner data (target date, study goals)
• Subject classifications you set (weak/strong areas)

c. Payment Information

• We do not store your card or bank details. All payment processing is handled by Razorpay, a PCI-DSS compliant payment gateway. We receive only a transaction confirmation and the amount paid.
• We store your subscription tier and payment date for access control purposes.

d. Technical Data

• IP address (logged by our hosting infrastructure)
• Browser type and device type
• Pages visited and features used within the app

• Directly from you — when you sign up, fill in your profile, create notes, or contact support
• Via Google OAuth — if you choose "Sign in with Google", Google shares your name, email, and profile picture with us. We do not receive your Google password or any other Google data.
• Automatically — as you use the app, we record your study activity to power features like the revision queue, analytics dashboard, and exam planner
• Via Razorpay — payment confirmation data when you complete a purchase

• To create and manage your account
• To provide access to content based on your subscription tier
• To power the spaced repetition revision queue, exam planner, and analytics dashboard
• To send transactional emails (welcome email, payment receipt, weekly progress summary)
• To respond to your support requests
• To improve the platform based on usage patterns
• To detect and prevent fraud or abuse

We do not sell your data to any third party. We do not use your data for advertising purposes.

We share data only with the following service providers, solely to operate the platform:

• Supabase — database and authentication infrastructure. Servers located in AWS ap-south-1 (Mumbai, India).
• Razorpay — payment processing. Subject to Razorpay's own privacy policy and PCI-DSS compliance.
• Resend — transactional email delivery (welcome emails, receipts).
• OpenAI — AI content processing (AI simplification and Mains rewrite features). Text you select for AI processing is sent to OpenAI's API to generate the response. We do not store your selected text beyond the session, and such text is not used to train third-party models.
• Vercel — web hosting and deployment infrastructure.
• Google Analytics — anonymised, aggregate website traffic measurement (page views, referrers, approximate region and device). IP addresses are anonymised and the data is never used for advertising or to build an individual profile.

We require all third-party providers to maintain appropriate security standards and to use your data only to provide the services we've engaged them for.

• Account data — retained for as long as your account is active, plus 90 days after deletion request
• Study progress data — retained while your account exists; deleted with your account
• Payment records — retained for 7 years as required by Indian tax law
• Server logs — retained for 30 days, then automatically deleted

You have the right to:

• Access — request a copy of all personal data we hold about you
• Correction — update inaccurate information (most data can be updated from your profile page)
• Deletion — request that we delete your account and personal data
• Portability — request your study data in a machine-readable format
• Withdraw consent — you can disconnect Google OAuth from your account settings at any time

To exercise any right, email us at contact@zenzias.com. We will respond within 30 days.

We use minimal cookies:

• Authentication cookies — strictly necessary to keep you logged in. No consent required as these are essential to service operation.
• Preference cookies — to remember your theme (light/dark/sepia) and reading preferences.
• Analytics cookies — Google Analytics sets cookies to measure aggregate, anonymised website traffic (visits, pages, approximate region). IP addresses are anonymised.

We do not use advertising cookies or third-party tracking cookies that profile you across other websites.

• All data is transmitted over HTTPS (TLS encryption)
• Passwords are hashed using bcrypt — we never see your plain-text password
• Database access is protected by Row Level Security — users can only access their own data
• Payment data never touches our servers — processed entirely by Razorpay
• API keys and secrets are stored as environment variables, never in code

No system is 100% secure. In the event of a data breach affecting your personal data, we will notify you within 72 hours via the email address on your account.

ZenZ IAS is intended for users aged 18 and above (UPSC eligibility requirement). We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we will delete it promptly.

This policy is governed by the laws of India, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023 (DPDP Act). Any disputes shall be subject to the jurisdiction of courts in India.

We may update this policy as we add new features or as laws change. When we make material changes, we will notify you via email at least 14 days before the change takes effect. Continued use of ZenZ IAS after the effective date constitutes acceptance of the updated policy.

In accordance with the Information Technology Act, 2000, the rules made thereunder, and the Digital Personal Data Protection Act, 2023, you may address any grievance regarding the processing of your personal data to our Grievance Officer:

Designation: Grievance Officer, ZenZ IAS™
Email: contact@zenzias.com

We will acknowledge your grievance within 24 hours and endeavour to resolve it within 30 days of receipt.

Questions, requests, or complaints about this privacy policy:

Email: contact@zenzias.com
Website: zenzias.com