Legal

Data Compliance

Effective: 26 May 2026  ·  Operated by Team Sanketra-I (Shubh Kumar Jayaswal), India Student Ambassador — IC 2026

1. Purpose of This Page

This page explains how the IC 2026 India Student Ambassador Registration Portal complies with applicable Indian data protection laws, and provides transparency about our third-party data processors. It supplements our Privacy Policy with legal and technical detail.

2. Applicable Indian Laws

This Portal is operated from India and is subject to the following legislation:

  • DPDP Act 2023 Digital Personal Data Protection Act, 2023 — India’s primary data protection statute. We act as a Data Fiduciary in collecting and processing personal data for the purpose of facilitating IC 2026 registrations. We obtain consent at the point of registration and provide rights to access, correct, and erase personal data.
  • IT Act 2000 Information Technology Act, 2000 & IT (Amendment) Act, 2008 — Governs electronic records, data security, and cyber offences in India. Our storage and transmission practices are designed to comply with the security obligations under this Act.
  • IT Rules 2011 IT (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules, 2011 — Aadhar card images constitute Sensitive Personal Data or Information (SPDI) under these Rules. We collect them solely for identity verification, transmit them over HTTPS, and store them with access controls via Cloudinary.
We do not collect Aadhar card numbers (UID). We collect only a photograph of the Aadhar card for identity and age verification purposes. This is consistent with guidance on Aadhar usage outside the Aadhar ecosystem.

3. Lawful Basis for Processing

Under the DPDP Act 2023, personal data may be processed on the basis of consent or legitimate use. We process data on the basis of:

  • Consent — obtained explicitly during the registration flow via a mandatory checkbox before submission.
  • Legitimate use for competition participation — registration data is necessary to conduct, evaluate, and administer IC 2026.

Participants under 18 must ensure a parent or guardian is aware and consents on their behalf prior to registration, as required under the DPDP Act’s provisions for processing data of children.

4. Third-Party Data Processors

We use the following third-party services to process and store personal data. All data is transmitted over HTTPS (TLS). We do not have a direct data processing agreement (DPA) with these providers as this Portal is a student-run initiative; however, all providers listed below maintain their own compliance frameworks.

Processor Data Processed Location Privacy Reference
Google Firebase
Firestore Database		 Names, contact details, school info, project details, document URLs Google LLC, USA (servers may be in US or EU) firebase.google.com/support/privacy
Cloudinary
Media Storage		 School ID card image, Aadhar card image Cloudinary Inc., USA cloudinary.com/privacy
Telegram
File Storage		 Project presentation files (PDF / PPT), uploaded to a private channel Telegram FZ-LLC, UAE telegram.org/privacy
GitHub Pages
Website Hosting		 Static files only — no personal data stored GitHub Inc., USA GitHub Privacy Statement

Cross-border data transfer to the USA and UAE occurs as a result of using the above services. No additional transfer mechanisms (such as Standard Contractual Clauses) are in place beyond what these providers themselves implement.

5. Security Measures

  • All data is transmitted over HTTPS (TLS 1.2 or higher).
  • The admin panel is protected by Firebase Authentication (password + Google sign-in).
  • Cloudinary uploads use unsigned presets restricted to image types only.
  • Telegram files are stored in a private channel accessible only to the authorised bot and admin accounts.
  • No registration data is stored locally on the Portal server — GitHub Pages serves only static HTML/CSS/JS files.
  • Aadhar card images are stored on Cloudinary under access-controlled URLs; they are not publicly indexed.

6. Data Retention and Deletion

All personal data, including identity document images and project files, will be permanently deleted from all third-party services within 1 year after the conclusion of IC 2026. Deletion will be carried out across Firebase Firestore, Cloudinary, and the Telegram private channel.

To request early deletion of your data, email us at the address in Section 7 with your Registration ID.

7. Grievance Officer

Under the DPDP Act 2023 and the IT Rules 2011, you may raise a grievance regarding the processing of your personal data. Our designated point of contact is:

Shubh Kumar Jayaswal — India Student Ambassador, IC 2026
Role: Data Fiduciary Representative
Email: shubhdo69@gmail.com
Response within 7 working days.

Also see our full Privacy Policy and Terms of Use.

Report an Issue

Spotted something wrong?

Found a bug, a broken link, a confusing section, or anything else that isn’t right? Let us know and we’ll fix it quickly.

Report via Email