top of page
CLAT LOGO-01.png

CUET Practice

CLAT LOGO-01.png

CLAT Perfect 

Privacy Policy

1. INTRODUCTION, SCOPE & PURPOSE

1.1 This Privacy Policy explains how Collab Circle Private Limited (referred to as “we”, “us”, “our”, or “Collab Circle”) collects, uses, discloses, stores and protects the personal data of users of the CUET Practice application and website (the “Service”). It also explains the rights of data principals and how to exercise them.

1.2 This Policy applies to personal data collected via: (a) CUETPractice.com; (b) our mobile applications; (c) forms and offline interactions related to CUET Practice; and (d) any communications, events, webinars or promotional activities. It applies worldwide to individuals whose data we process in connection with offering or providing services to them.

1.3 Collab Circle is the Data Fiduciary (i.e., the organisation that determines the purpose and means of processing) for the CUET Practice service. Certain technical processing may be performed by the Platform provider or other third-party processors under contract with Collab Circle.

2. DEFINITIONS

  • “Personal Data”: any data that identifies or can identify a natural person (name, email, identifiers, IP, etc.).

  • “Sensitive Personal Data”: financial information, government ID numbers, biometric or health data (if any) and other categories requiring additional safeguards.

  • “Data Principal”: the individual to whom personal data relates. (Where the Data Principal is a child, parents or lawful guardians may act as Data Principal for the child). MeitY

  • “Child”: for the purposes of Indian law, an individual who has not completed the age of 18 years. (Therefore data of under-18s attracts special protections). MeitY

  • “Processing”: collection, storage, use, sharing, alteration, deletion or other operations on personal data.

  • “Consent Manager”: if used, a registered service that enables a Data Principal to give, manage and withdraw consent. MeitY

3. CATEGORIES OF DATA WE COLLECT & SOURCE

We collect the following categories of data depending on the service and features used:

3.1 Account & identity data

  • Name, username, date of birth, photograph (if provided), gender, school, class, student ID (if provided), parent/guardian name and contact details.

3.2 Contact data

  • Email address, mobile number, postal address.

3.3 Educational & profile data

  • School name, academic history, subjects, test scores, application materials, counseling notes, preferences, and submissions you or your parent/guardian provide.

3.4 Financial & payment data (where relevant)

  • Payment card metadata for transaction processing is collected only by third-party payment processors; we do not store full card numbers on our servers (see Section 7). Transaction receipts, payment references and limited billing info may be retained for compliance.

3.5 Device, usage & technical data

  • IP address, device identifiers, browser and OS information, log files, pages visited, timestamps, session identifiers, crash logs, analytics and cookies.

3.6 Communications & support

  • Emails, chat transcripts, counselling notes, recordings or summaries of sessions where consented.

3.7 Third-party / publicly available data

  • Data you provide from social media (only when you permit us), public sources (basic public profile) or third-party services (e.g., identity verification providers).
     

Source: We collect data directly from the user (students and parents) and from authorised third parties (payment gateways, analytics providers, lawful public sources). We also may collect data from parents/guardians when the user is a minor.

4. PURPOSES OF PROCESSING & LAWFUL BASIS

  • We process personal data for specific, explicit and legitimate purposes, and only to the extent necessary:

  • 4.1 To provide the Service (account management, profile, personalised learning, counselling, test scheduling, application assistance). Legal basis: consent or the specified purpose for which data was provided. MeitY

  • 4.2 To communicate (emails, notifications, invoices, changes to service). Legal basis: consent or legitimate service provision.

  • 4.3 To process payments & billing (via third-party payment processors). Legal basis: performance of contract / consent.

  • 4.4 To improve the service (analytics, product development, quality & security testing). Legal basis: consent and legitimate business interests subject to appropriate safeguards.

  • 4.5 To fulfil legal obligations, prevent abuse and detect fraud (KYC, fraud detection, legal compliance). Legal basis: compliance with legal obligations or legitimate interest.

  • 4.6 For marketing only with clear, opt-in consent. Users and parents/guardians can opt out at any time.

5. SPECIAL RULES FOR CHILDREN (UNDER 18)

5.1 Who this applies to: data of any person under 18 is treated as children’s data under Indian law. MeitY

5.2 Ages 14–18 (our practical case): CUET Practice is available to teenagers aged 14–18. We may collect and process the personal data of users in this age group for purposes directly related to the educational services we provide (profile creation, counselling, application support). Where additional parental consent is required by applicable law or contract, we will obtain and verify it. (See below for parental consent mechanisms.)

5.3 Children under 13: we do not knowingly collect personal data of children under 13. If we learn we have collected such data, we will promptly delete it and notify the submitting party/parent/guardian as required. (Note: US COPPA has a 13-year threshold; be careful if you market to US users.) Federal Trade Commission

5.4 Parental / Guardian rights & verifiable consent: for persons under 18 we will require parental/guardian contact information and may require verifiable parental consent before collecting or continuing to process the minor’s personal data where the law requires it (e.g., certain jurisdictions or for certain sensitive operations). Methods to verify consent may include an electronic confirmation to the parent/guardian, authenticated payment transaction, government ID verification, or use of an authorised Consent Manager (where available). We will provide parents/guardians the ability to: (a) review their child’s personal data; (b) request correction or deletion; and (c) withdraw consent. MeitY

5.5 Minimisation & retention: we will only collect personal data of minors that is strictly necessary for the service. Retention of children’s data will be limited and documented; parents/guardians may request deletion as described in Section 11.

5.6 Cross-jurisdictional note: If a user/parent is located in the EU, GDPR rules on children’s consent may apply (GDPR sets age 16 by default; member states may lower to 13). If so, we will apply the level of parental consent and verification required by applicable EU member state law. GDPR

6. SHARING PERSONAL DATA (THIRD PARTIES & PROCESSORS)

6.1 Categories of recipients: We may share personal data with:

  • Universities, colleges and admissions offices (where the student requests application support).

  • Service providers: hosting, cloud storage, email, payment processors, analytics, CRM, customer support, video conferencing, identity verification and background-check providers.

  • Advertising and remarketing partners (only where you have consented).

  • Law enforcement or regulators when required by law or to protect rights and safety.

  • Successors in case of mergers, sale or restructuring (subject to contract protections).
     

6.2 Contracts and safeguards: We use written contracts with processors requiring them to process data only on our instructions, to implement security measures and to assist with data subject requests. Where cross-border processing is used, we will implement appropriate contractual and technical safeguards (e.g., standard contractual clauses, encryption, access controls) and comply with applicable transfer rules. MeitY

6.3 Analytics & advertising: We use analytics and advertising partners (e.g., Google Analytics, Facebook Pixel) to understand usage and to provide interest-based advertising where you have consented (Facebook Pixel collects event data for ad measurement). Users may opt out of interest-based advertising via the privacy choices explained in Section 9. (We do not permit ad networks to collect special categories of children’s data for profiling or targeted advertising.)

7. PAYMENT PROCESSING

7.1 We use third-party, PCI-compliant payment processors to process credit/debit card transactions. We do not store full card numbers or CVV on our servers. Tokenised or limited payment metadata required for refunds or accounting may be retained by processors and/or Collab Circle only to the extent necessary for audit and legal compliance.

7.2 For questions about a specific payment transaction, please contact our support team at support@cuetpractice.com.

8. COOKIES, TRACKING & REMARKETING

8.1 Cookies & local storage: We use cookies, local storage and sessions to enable account sign-in, user preferences, functional features, and analytics. Cookies are classified into essential, functional, analytics and advertising. We do not put personally identifiable information in cookies.

8.2 Advertising cookies & remarketing: We use remarketing and advertising tools to show relevant ads (e.g., Facebook Pixel). These rely on cookies and similar technologies; you may opt out via the cookie banner (where presented), via your browser settings, or via ad network opt-out tools.

8.3 Do Not Track: Our service does not currently honour browser “Do Not Track” flags, but you can control tracking via cookie settings and browser privacy controls.

9. CROSS-BORDER TRANSFERS

9.1 Personal data processed in connection with the Service may be transferred to and stored on servers located outside India (for example, cloud providers) and may be accessed by our staff or processors located in other countries. The Government of India may prescribe countries where transfer is permitted or may place other restrictions on transfers; we will comply with such requirements. MeitY

9.2 Where transfer occurs, we implement appropriate safeguards (contractual protections, encryption, limited access, data localisation where required by law) to protect personal data.

10. DATA RETENTION

10.1 We retain personal data only for as long as necessary for the purposes described in this Policy and as required by law. Example retention schedules (subject to change based on law & business needs):

  • Account/profile data: while account is active + [12–24 months] after account termination (to allow reactivation and dispute handling).

  • Transactional/payment records & tax receipts: retain for up to 6 years or as required for accounting and legal compliance.

  • Analytics logs: aggregated and/or pseudonymised analytics retained up to [12–36 months] depending on use.

  • Counselling notes & application documents: retained for the period necessary to provide services and then archived as necessary for compliance or to comply with parents’/users’ deletion requests.

  • Children’s data: retained only as needed for the specific purpose and reviewed periodically; parents can request deletion or restriction.
     

10.2 On deletion requests, we will delete or anonymise data from active systems promptly and from backups as allowed by technical constraints and legal obligations. We will inform the requestor if some data cannot be deleted for legal reasons.

11. SECURITY & DATA PROTECTION PRACTICES

11.1 Security measures: We implement organisational, technical and physical safeguards appropriate to the risks, including encryption in transit (TLS/SSL), access controls, logging, periodic security reviews, employee training and contractual limits on our processors.

11.2 Privacy by design: For high-risk processing (including children’s data, profiling or automated decision making), we perform Data Protection Impact Assessments (DPIAs) and adopt additional safeguards before processing.

11.3 Breach response & notification: In the event of a personal data breach that risks harm, we will follow our incident response procedures and notify affected Data Principals and regulators as required by applicable law. We commit to timely notification consistent with legal obligations. MeitY

12. RIGHTS OF DATA PRINCIPALS & HOW TO EXERCISE THEM

12.1 Your rights (subject to legal limitations): right to access, obtain a summary of processed personal data, correction, completion, updating, erasure (subject to legal obligations), withdraw consent, nominate an individual (in case of death or incapacity), lodge a grievance with our Grievance Officer. These rights are defined in the DPDP Act. MeitY

12.2 How to request: Send a written request to support@cuetpractice.com with (a) your name; (b) the email/mobile used with us; (c) description of the request; (d) proof of identity (if requested). Where the request relates to a child, a parent/guardian may make the request on the child’s behalf.

12.3 Response time: We will respond within the timeframe required by applicable law. Where timeframes are prescribed by law (e.g., under CCPA for California residents), we will comply with those timelines. cppa.ca.gov

12.4 Fees: We will not charge an excessive fee to comply with a legitimate access request; any nominal fee will be communicated in advance as required by applicable law.

13. AUTOMATED DECISIONS & PROFILE-BASED RECOMMENDATIONS

13.1 We may use automated systems (algorithms/recommendation engines) to personalise study plans, content and practice tests. We do not use automated decision-making to create legal obligations for users or to profile children for targeted advertising.

13.2 Where a decision is solely automated and has a legal or similarly significant effect on you, you have the right to request human review and explanations, and to challenge the decision. Contact support@cuetpractice.com.

14. INTERNATIONAL & REGULATORY COMPLIANCE NOTES

14.1 India (DPDP Act): We structure our processing to comply with the Digital Personal Data Protection Act, 2023 (consent standards, rights of data principals, obligations of data fiduciaries). See the DPDP Act text for the definition of “child”, consent requirements and rights of Data Principals. MeitY

14.2 EU (GDPR): For EU residents, the GDPR may apply. In particular, GDPR requires parental consent for processing children’s data for information society services where the child is below the member-state threshold (default 16; member states may set a lower age not below 13). We will apply the protections necessary for EU residents. GDPR

14.3 U.S. (COPPA) & California (CCPA): For U.S. users, note that COPPA applies to children under 13 — and additional FTC rules / safe harbor requirements may apply. California residents have rights under CCPA/CPRA (right to know, delete, opt-out of sale). We will honour these rights where applicable. Federal Trade Commission+1

15. Platform Relationship & Data Sharing

The services provided through cuetpractice.com are powered by the Collab Circle Pvt Ltd. CUET Practice are operated and legally owned by Collab Circle Private Limited.

To provide this convenience, the platform share a data store, allowing your account information and preferences to be synchronized. Your personal data will always be collected, stored, and processed in accordance with our Privacy Policy.

By using CUET Practice, you acknowledge and agree that your account may be used across these platforms to enhance your experience.

16. TRANSFER OF BUSINESS / SALE

If we sell, merge, or reorganise our business, personal data may be transferred to a successor or buyer subject to contractually binding privacy protections.

18. CHANGES TO THIS POLICY

We may update this Policy to reflect changes in law, service or business practices. We will post the updated Policy on our site with the “Last Updated” date. Continued use after changes will be deemed acceptance of the updated Policy.

19. CONTACT & GRIEVANCE REDRESSAL

Privacy / DPO / Grievance contact:

  • Email: support@cuetpractice.com
     

  • Postal address: Collab Circle Private Limited, 7004, Basement, Sector 43, DLF Phase 4, Gurugram, Haryana, India.
     

If you are not satisfied with our response you may approach the Data Protection Board or other regulator as available under applicable law. MeitY

20. SUMMARY — KEY PROMISES

  • We are the Data Fiduciary for CUET Practice (Collab Circle).
     

  • We handle children’s data carefully: we offer services to 14–18 year-olds, obtain parental consent where required, and do not knowingly collect data of children under 13. Federal Trade Commission
     

  • We process personal data only for specified purposes (service delivery, improvement, communications, legal obligations) and rely on consent or legitimate uses as allowed by law. MeitY

bottom of page