Privacy Policy

Last updated: April 3, 2026

This Privacy Policy describes how Pichup ("we", "us", "our") collects, uses, stores, and protects your personal information when you use the website pichup.org ("Website"). This policy complies with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as applicable.

1. Information We Collect

1.1 Information You Provide

• Purchase: Name, email address, payment information (processed by Razorpay — we do not store card numbers, CVV, or bank credentials)
• Trade submission: Name, email address, company name, file link (Google Drive/Dropbox URL)
• Contact form: Name, email address, message content

1.2 Information Automatically Collected

• Server logs: IP address, browser type, referring URL, pages visited, timestamps (collected by Cloudflare)
• Payment data: Transaction ID, order ID, payment status (provided by Razorpay via webhook)

1.3 Information We Do NOT Collect

• We do not use cookies for tracking or advertising
• We do not use any third-party analytics (Google Analytics, etc.)
• We do not collect sensitive personal data such as passwords, financial information (beyond payment processing), biometric data, or government IDs

2. How We Use Your Information

Data	Purpose	Legal Basis
Email address	Deliver download links, order confirmations, trade status updates	Contract performance
Name	PDF watermarking for anti-piracy	Legitimate interest
Payment info	Process transactions via Razorpay	Contract performance
IP address	Security, fraud prevention, abuse detection	Legitimate interest
Trade submission data	Review and process exchange requests	Contract performance

3. PDF Watermarking

1. All Question Bank PDFs delivered to you are watermarked with your name and email address on every page.
2. This watermarking is an anti-piracy measure to deter unauthorized redistribution and to identify the source of any leaked content.
3. By purchasing or receiving a Question Bank, you consent to this watermarking.

4. Third-Party Services

We share limited personal data with the following third-party services, solely for the purposes described:

Service	Data Shared	Purpose	Privacy Policy
Razorpay	Payment details, email, order info	Payment processing	razorpay.com/privacy
Cloudflare	IP address, request data	Website hosting, security, CDN	cloudflare.com/privacypolicy
Resend	Email address, name	Transactional email delivery	resend.com/legal/privacy-policy

We do not sell, rent, or trade your personal information to any third party for marketing or other purposes.

5. Data Storage and Security

1. Your data is stored on Cloudflare's infrastructure (Pages, R2, Workers KV) with encryption at rest and in transit.
2. Payment information is processed and stored exclusively by Razorpay (PCI-DSS Level 1 certified). We never have access to your full card details.
3. Download tokens are cryptographically signed (HMAC-SHA256) and expire after 72 hours.
4. We implement reasonable security practices including HTTPS everywhere, timing-safe authentication, input validation, and access controls.

6. Data Retention

Data Type	Retention Period	Reason
Transaction records	8 years	Indian tax/GST compliance, legal obligations
Email address	Duration of business relationship + 3 years	Customer support, re-issuance of download links
Download tokens	72 hours (auto-expire)	Access control
Server logs	30 days (Cloudflare default)	Security and abuse detection
Trade submissions	1 year after review	Dispute resolution

7. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data, subject to our legal retention obligations (tax records, transaction history)
• Objection: Object to processing of your data for specific purposes

To exercise any of these rights, contact us via our contact page. We will respond within 30 days.

8. International Data Transfers

Our infrastructure providers (Cloudflare, Resend) operate globally. Your data may be processed in countries outside India, including the United States. These providers maintain adequate data protection standards. By using this Website, you consent to such transfers.

9. Children's Privacy

This Website is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes take effect immediately upon posting. We recommend reviewing this page periodically. The "Last updated" date at the top indicates the most recent revision.

11. Grievance Officer

In accordance with the Information Technology Act, 2000, and the rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy can be reached via our contact page. Grievances will be addressed within 30 days of receipt.

12. Contact

For privacy-related questions or requests, contact us via our contact page.