← Back to home

Privacy Policy

Last updated: May 2026

ResultRadar (“we”, “us”, “the service”) is operated from India and processes personal data of students and school staff under the framework of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”). The Digital Personal Data Protection Act, 2023 (DPDP Act) has been passed by Parliament but its substantive provisions are not yet fully in force; we are preparing this service to comply with the DPDP Act and its rules as they are notified.

1. What we collect

  • Result files you upload — the CBSE board-examination gazette files, optional section assignment sheets, and optional teacher allocation sheets. These contain student names, roll numbers, gender, subjects, marks, and results.
  • School lead details — your school's email address and the display name you provide when verifying your account.
  • Usage information — login timestamps, IP address, browser user-agent, and the routes you visit, kept in server logs for security and diagnostics.

2. How we use it

  • To generate the dashboard, exports, and AI-written report for the school that uploaded the file.
  • To send the magic-link verification email and any report delivery emails.
  • To improve parser reliability and the analysis prompts. We do not sell data.
  • To respond to support queries from the school administrator.

3. Basis for processing

Under the SPDI Rules, we collect and process information only with the consent of the school administrator who uploads the file, for the specific purpose of producing the analytical outputs the school has requested, and only to the extent necessary for that purpose. Schools are responsible for ensuring they have the appropriate basis to share student data with a service provider acting on their instructions.

Once the DPDP Act and its rules come fully into force, we will rely on the corresponding lawful grounds under that Act (consent and legitimate use) and will update this notice accordingly.

4. Children and minor students

The CBSE result data we process includes information about students, many of whom are minors. We do not contact students directly. We rely on the school as the verified custodian of this data and act on the school's instructions. We do not use this data for advertising, tracking, or behavioural profiling. When the DPDP Act's rules on processing children's personal data are notified, we will follow the specific obligations they prescribe.

5. Where data is stored

Result files, generated analysis, and account information are stored on servers operated by reputable cloud providers in the United States. Email delivery and language-model inference are handled by sub-processors that may operate in the United States or other jurisdictions; in each case only the minimum data necessary for that step is shared.

We rely on contractual safeguards and the security standards required by the SPDI Rules to protect data transferred outside India. The SPDI Rules permit cross-border transfer where the recipient maintains an equivalent level of protection and the transfer is necessary for the service or made with the user's consent. Cross-border-transfer restrictions under the DPDP Act will be honoured once they are notified.

6. How long we keep it

Uploaded files and generated analysis are retained while your account is active. If you ask us to delete your school's data, we will remove it from our primary systems within 30 days, except where retention is required by law or for resolving disputes.

7. Your rights

Today, under the SPDI Rules and our policy, you can:

  • Access the data we hold about your school.
  • Request correction or erasure of inaccurate data.
  • Withdraw consent at any time (which may limit our ability to provide the service).
  • Raise a grievance with our Grievance Officer (contact below).

Once the DPDP Act is fully in force, you will additionally be able to nominate another person to exercise these rights on your behalf, and to escalate unresolved grievances to the Data Protection Board of India.

8. Security

We use TLS in transit, access controls on production systems, and store credentials and tokens in encrypted form. No system is perfectly secure; we follow reasonable practices appropriate to the sensitivity of the data and the size of our operation.

9. Cookies

We use first-party cookies only — a session cookie to remember that you are signed in, and a short-lived owner-token cookie. We do not use third-party analytics or advertising cookies.

10. Grievance Officer

For any privacy concern, write to hello@resultradar.app. We will acknowledge within 7 working days and resolve within the timelines required by law. The Grievance Officer name and contact will be provided on request.

11. Changes

We may update this policy as the law, our infrastructure, or our features change. Material changes will be communicated to verified school administrators by email.

This summary is provided for clarity. It does not constitute legal advice and is not a substitute for consulting qualified counsel about your school's specific obligations.