Privacy Policy
Last updated: 9 May 2026 Effective date: Date of public launch of trustneracademy.com Compliance basis: Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian law
1. Who we are
This Privacy Policy describes how Trustner Insurance Brokers Pvt. Ltd. ("TIB", "we", "us") — operating Trustner Academy ("the Academy") on behalf of the Trustner Group — collects, uses, stores, shares, and protects your personal data when you visit or use trustneracademy.com.
For the purposes of the Digital Personal Data Protection Act, 2023, TIB is the Data Fiduciary for personal data processed via the Academy. A separate corporate entity (Trustner Academy Pvt. Ltd.) is being incorporated; once incorporated, this Privacy Policy will be updated to reflect the new Data Fiduciary, and you will be notified of the change.
Registered office: Sethi Trust, Guwahati, Assam, India. Contact: wecare@trustner.in | +91 9864646046 Grievance Officer: Vinita Kabra | grievance@trustner.in
2. Personal data we collect
We aim to collect the minimum personal data necessary to provide the Academy. Categories of data we may collect:
| Category | Examples | When collected |
|---|---|---|
| Identity data | Name, date of birth (for age verification) | When you create an account or fill a contact form |
| Contact data | Email address, mobile number, city/state | When you register, subscribe to updates, or contact us |
| Account data | Username, password (hashed), preferences | When you create an account |
| Learning data | Courses enrolled, lessons completed, quiz scores, mock-exam results, time spent, AI-tutor conversation history | As you use the platform |
| Device & usage data | IP address, browser type, device type, operating system, referrer URL, pages visited | Automatically when you visit the site |
| Cookies and similar | Session cookies, preference cookies, analytics identifiers | See our Cookie Policy |
| Communications | Emails, support tickets, feedback you submit | When you contact us |
We do not intentionally collect:
- financial account numbers, bank details, card numbers (we do not process payments in Phase 1)
- Aadhaar, PAN, voter ID, passport, or other government identifiers
- biometric data
- health data
- caste, religion, political views, or other sensitive personal information
If you voluntarily share any of the above (for example, in a free-text support message), we will not store or further process it beyond responding to your request.
3. Why we collect it (purposes of processing)
We process your personal data for the following purposes:
- To provide the Academy — create your account, deliver lessons, track progress, run mock exams, generate certificates of completion, and respond to your AI-tutor queries.
- To improve the Academy — analyse usage to understand which lessons work, identify bugs, optimise performance, and develop new content.
- To communicate with you — confirm sign-ups, send course updates, respond to support, send transactional emails, and (where you consent) send newsletters.
- To comply with law — respond to lawful requests from authorities, defend legal claims, and meet regulatory obligations.
- To prevent abuse — detect fraud, abuse, scraping, or unauthorised access; protect platform integrity.
4. Lawful basis for processing
Under the DPDP Act, we process your personal data based on:
- Your consent — for marketing communications, optional analytics, and any future processing not strictly necessary to deliver the service. Consent is freely given, specific, informed, and unambiguous; you can withdraw it at any time.
- Performance of a service you have asked for — for example, when you sign up to take a course, we must store your account and progress to deliver that course.
- Legal obligation — for retention required by law and responses to lawful authority requests.
- Legitimate uses recognised under DPDP §7 — such as voluntary information you provide, employment, public-interest research, etc., to the extent applicable.
5. Children's data (learners under 18)
The Academy welcomes learners of all ages, including school students at Layer-1 (Financial Literacy). For learners under 18 years, the DPDP Act requires us to:
- obtain verifiable consent of a parent or lawful guardian before collecting personal data
- not undertake tracking, behavioural monitoring, or targeted advertising directed at children
- not engage in any processing likely to cause detrimental effect on a child's well-being
In practice, this means:
- Layer-1 lessons can be browsed by anyone without registration.
- Account creation requires the learner to confirm they are 18+, or for the parent/guardian to register and add the child as a learner under their account.
- We will not send marketing communications to known minor accounts.
- We will not share children's data for advertising purposes with third parties.
If you believe we have inadvertently collected a child's data without proper consent, please contact our Grievance Officer immediately and we will delete it.
6. With whom we share your data (sub-processors)
We share personal data only with carefully selected service providers who help us run the Academy. We do not sell your personal data. Current sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Application hosting | United States (with global edge) |
| Neon Inc. | Database hosting (Postgres) | United States / EU regions |
| Cloudflare Inc. | CDN, object storage, security | Global edge |
| OpenAI | AI tutor responses (API) | United States |
| Google Analytics (if enabled) | Usage analytics (anonymised IP) | United States |
| Email service (e.g., Postmark / Resend) | Transactional and consent-based emails | United States / EU |
We may add or change sub-processors. Any addition will be reflected in an updated version of this Privacy Policy.
We may also share personal data:
- with law-enforcement, regulators, or courts where required by valid legal process
- in connection with a corporate transaction (merger, acquisition, restructuring) of TIB or the Trustner Group, with appropriate safeguards
- with your explicit consent, for any purpose disclosed at the time of collection
7. Cross-border data transfer
Some of our sub-processors process data outside India (notably the United States). Under the DPDP Act, the Central Government may notify countries to which transfer is restricted; in the absence of such notification, transfer is permitted with appropriate safeguards. We rely on the contractual safeguards offered by our sub-processors and on the protections required by their local data-protection laws.
8. How long we keep your data (retention)
We keep personal data only as long as needed for the purposes described, after which we delete or anonymise it.
| Data | Retention |
|---|---|
| Active account data | While the account is active |
| Inactive account data | Deleted 24 months after last login (you will receive notice) |
| Learning history & certificates | Retained for the duration of your account; certificates may be retained longer to allow re-issuance |
| AI-tutor conversation history | 12 months (you can request earlier deletion) |
| Server logs / IP addresses | 90 days |
| Support correspondence | 24 months after resolution |
| Records retained for legal compliance | As required by applicable law |
9. Your rights as a Data Principal
Under the DPDP Act, you have the right to:
- Access — request a summary of personal data we hold about you and how we process it.
- Correction — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your personal data, subject to lawful exceptions.
- Withdraw consent — at any time, where consent is the basis for processing. Withdrawal does not affect lawful processing already done.
- Nominate — appoint another person to exercise your rights in case of death or incapacity.
- Grievance redressal — raise complaints to our Grievance Officer (see §13).
To exercise any of these rights, email grievance@trustner.in with the subject line "DPDP — [right you wish to exercise]". We will respond within 30 days, or sooner where required by law.
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India.
10. Security
We follow industry-standard practices to protect your data:
- Passwords are stored hashed (bcrypt) — never in plain text.
- Connections to the Academy use HTTPS (TLS 1.2+).
- Access to production data is restricted to authorised personnel under a need-to-know basis.
- Sub-processors are chosen for their security posture (SOC 2 / ISO 27001 attestations where available).
- Logs are reviewed for unusual activity.
No method of transmission or storage is 100% secure. In the event of a personal-data breach, we will notify the Data Protection Board of India and affected Data Principals as required by the DPDP Act.
11. Cookies
See our Cookie Policy for details on what cookies we use and how to manage them.
12. Changes to this policy
We may update this Privacy Policy. The "Last updated" date at the top reflects the latest revision. Material changes will be highlighted at the top of this page and, where appropriate, communicated by email or in-app notice. Continued use of the Academy after the effective date of an updated policy constitutes acceptance of the updated terms (subject to your right to withdraw consent and stop using the platform).
13. Contact and Grievance Officer
For any privacy-related question, request, or complaint:
Grievance Officer: Vinita Kabra Email: grievance@trustner.in Postal address: Office of the Grievance Officer, Trustner Insurance Brokers Pvt. Ltd., Sethi Trust, Guwahati, Assam, India Response SLA: within 30 days of receipt
For general queries: wecare@trustner.in | +91 9864646046
This Privacy Policy is published in English. In case of any conflict between this version and any translated version, the English version shall prevail.