Privacy
Policy.
We take your privacy seriously. This policy explains exactly what data we collect, why we collect it, and how it is protected.
Last updated: April 2026
Jump to section
Data We Collect
Personal Identification Data
We collect your full legal name and your official @mnit.ac.in institutional email address. This data is mandatory for the verification of your status as a current member of the MNIT community and to maintain a secure, campus-exclusive environment.
Voluntary Profile Information
Users may optionally provide additional details such as hostel residential address, phone number, and UPI ID. Phone numbers and UPI IDs are utilized solely for facilitating secure transaction payouts and platform-critical communications. This data remains private and is never displayed to other users.
Marketplace Listing Data
When listing an item, we collect the product title, multi-angle gallery images, detailed descriptions, and a private 'Live Verification Photo'. We also log the pickup location chosen from our specified on-campus handover points.
Transaction & Payment History
We record transaction metadata including Razorpay Order IDs, Payment IDs, transaction timestamps, and amounts. We do *not* store raw financial credentials such as card numbers or UPI PINs; these are processed exclusively by Razorpay's PCI-DSS compliant infrastructure.
Usage of Personal Data
Marketplace Facilitation
Your data is used primarily to authenticate your identity, manage your listings, and facilitate the connection between buyers and sellers. We use your email to send critical transaction updates and security alerts.
Platform Moderation & Safety
The 'Live Verification Photo' and your device fingerprint are used by our employee moderation team to prevent fraud and ensure that all items listed are in the physical possession of the seller.
Automated Payout Processing
Your provided payout details are shared with Razorpay X to enable automated fund transfers once a buyer confirms a successful handover. We do not manually handle or store your bank credentials beyond what is necessary for this API interaction.
Security & Encryption Standards
Encryption at Rest and in Transit
All personal and transactional data is stored on Supabase (PostgreSQL) and is encrypted at rest using AES-256. All communication between your browser and our platform is encrypted via TLS 1.3/SSL, ensuring your data cannot be intercepted.
Restricted Media Storage
Private verification photos are stored in an isolated Supabase Storage bucket. These images are inaccessible via public URLs and can only be viewed by authorized administrators using time-limited, cryptographically signed internal links.
Infrastructure Redundancy
Data is mirrored across multiple secure cloud regions to prevent data loss. Access to production databases is strictly limited to the Platform Administration Team through multi-factor authentication.
Third-Party Data Disclosures
Razorpay (Payment Infrastructure)
We share essential order metadata with Razorpay to process your payments securely. They act as an independent data processor and manage all financial credentials under their own strict privacy standards.
Google Analytics (Behavioral Data)
We use Google Analytics to collect anonymized usage statistics. We do not share your Name, Email, or User ID with Google. This data helps us optimize platform performance and surface popular categories.
Transactional Email Systems
Your institutional email address is shared with our transactional mail providers solely for the delivery of platform-critical notifications and account recovery links.
Data Protection Roles
The Data Controller
The MNIT Marketplace Platform Administration Team acts as the primary Data Controller. We determine the purposes and means of processing your data, prioritizing campus safety and user privacy above all else.
The Data Processors
Cloud infrastructure providers (Supabase) and payment gateways (Razorpay) act as Data Processors, handling your information strictly according to our security protocols and instructions.
User Rights & Data Control
Access and Correction
You have the right to access all personal data we hold about you and correct any inaccuracies directly through your Profile Dashboard or by contacting the administration team.
The Right to be Forgotten
Upon request, we will permanently delete your personal account data within 30 days, provided there are no active disputes or legal retention obligations associated with your transaction history.
Data Portability
You may request a machine-readable export of the data you have provided to us for use in other services, which we will provide within 14 business days.
Policy Updates & Notifications
Protocol for Policy Changes
MNIT Marketplace reserves the right to modify this Privacy Policy. Any material changes that impact how we use your data will be communicated via your @mnit.ac.in email address at least 7 days before taking effect.
Log of Updates
The platform maintains a version-controlled history of privacy policies. Your continued use of the platform after an update constitutes acceptance of the new terms.
Contact & Grievance Redressal
Privacy Support Channels
For any privacy-related queries, security reports, or data deletion requests, you may reach our administration team via the following channels.
Contact Details
Email: mnitmarketplace@gmail.com · Subject: Privacy Query Phone: +91 7760677104 Address: MNIT Jaipur, JLN Marg, Jaipur, Rajasthan 302017
Children's Privacy Protection
Minimum Age Requirement
MNIT Marketplace is strictly restricted to users aged 18 or older. We do not knowingly collect or process data from minors. Registration from a minor is a violation of our terms and will result in account termination.
Underage Data Removal
If we discover that data has been collected from an individual under 18, we will immediately initiate an irreversible deletion process for that data and notify the user via their institutional email.
DPDP Act Compliance (India)
Statutory User Rights
Under India's Digital Personal Data Protection (DPDP) Act, you have the right to request a summary of processed data, nominate a representative for data management, and withdraw your consent for future processing at any time.
Grievance Redressal Officer
In compliance with the Act, our Platform Administrator serves as the Grievance Redressal Officer for all personal data matters. We aim to resolve all grievances within the statutory timeframe.
Notes Hub Data
Data Collected on Upload
When you upload study material to the Notes Hub, we record: your user ID (uploader_id), the file you upload, the title, subject, branch, semester, and resource type you select. This data is stored in our Supabase database and is used solely to categorize and surface your material to other students.
Anonymous Mode
If you enable anonymous posting, your name will not be shown on the publicly visible note card. However, your user ID is still stored internally and is accessible only to Platform Administrators for moderation and accountability purposes. Your identity will never be disclosed to other users.
File Storage
Uploaded files (PDFs, images, DOCX) are stored in a Supabase Storage bucket under a path that includes your user ID. Files in the Notes Hub are publicly readable by URL so that students can download them. They are not behind authentication — this is intentional, as the Notes Hub is a public academic resource.
Download & Interaction Counters
We track a download count and like count for each note. Likes are stored in a separate note_likes table linking your user ID to a note ID. This data is used solely to surface popular resources and is never shared with third parties.
Deletion of Your Notes
You may delete notes you have uploaded at any time via your Profile > My Notes tab. Deletion permanently removes both the database record and the file from cloud storage. If you request account deletion, all notes you have uploaded — including their associated files — will be permanently removed within the 30-day deletion window.
Questions about your data?
Reach out to us at mnitmarketplace@gmail.com and we will respond within 5 business days.