Contents
Who We Are
CramUp (operating at cramup.in) is an online educational book-publishing and selling platform operated by CramUp Educational Services, based in Dehradun, Uttarakhand, India. We publish and sell digitally-delivered, academically condensed course books for BEd students.
When this policy refers to "CramUp", "we", "us", or "our", it refers to CramUp Educational Services. When it refers to "you" or "your", it means any person who visits, browses, or purchases from cramup.in.
What Data We Collect
| Data Category | Specific Data Points | When Collected |
|---|---|---|
| Contact & Identity | Full name, email address, phone number | At purchase or account creation |
| Account Data | Hashed password, account creation date, university selected, role (student/admin) | At purchase / account creation |
| Purchase Data | Books purchased, plan type, amount paid, payment reference / transaction ID, payment method type (UPI / card) | At time of purchase |
| Usage Data | Pages visited, books opened, chapters read, reading progress, test scores, device type, browser type | While using the platform |
| Device & Session | IP address, device fingerprint (for 2-device limit enforcement), session tokens | On login / each session |
| Communication Data | Messages sent via the Contact form, email correspondence with support | When you contact us |
| University Preference | Your selected university (stored locally in your browser) | When you select on the homepage |
How We Collect Your Data
- Directly from you — when you fill in the payment form (phone number, email), complete a contact form, or correspond with us via email.
- Automatically — when you browse cramup.in, our server and platform logs your IP address, browser type, and pages visited.
- From payment processors — when a purchase is completed, Razorpay or your UPI provider passes us a transaction reference and confirmation. We do not receive raw card details.
- From your browser's local storage — your university preference and reading progress are stored locally on your device to improve your experience.
Why We Use Your Data (Legal Basis)
| Purpose | Legal Basis |
|---|---|
| Creating your account after purchase | Contract performance — account creation is part of the purchase you agreed to |
| Granting and managing book access | Contract performance — core delivery of the digital product |
| Enforcing the 2-device limit | Contract performance — agreed condition of use |
| Processing your payment | Contract performance and legal obligation |
| Sending purchase confirmation and login details | Contract performance |
| Sending reminders about upcoming semesters or unpurchased books | Legitimate interest — relevant, non-aggressive academic notifications only |
| Improving the platform (analytics) | Legitimate interest — understanding how books are used to improve content |
| Legal compliance (tax records, dispute resolution) | Legal obligation |
| Responding to contact form submissions | Legitimate interest — responding to your enquiry |
Data Sharing and Third Parties
We do not sell your personal data. We do not share it with advertisers. We share data only with the following categories of third parties, and only to the minimum extent necessary:
- Razorpay — our payment gateway. Razorpay processes card, UPI, net banking, and wallet payments. Razorpay's own privacy policy governs how they handle your payment data. We receive only a transaction confirmation and reference ID.
- Hostinger — our hosting provider. Our website and its data are hosted on Hostinger's servers. Hostinger does not access or process your personal data beyond what is required to provide hosting services.
- Supabase (planned) — our database and authentication provider. When our backend is migrated to Supabase, your account data will be stored on Supabase-managed servers. Supabase's privacy policy will apply to that data.
- Law enforcement or legal authorities — if required by applicable Indian law, a court order, or to protect our rights or the rights of others.
Cookies and Local Storage
CramUp uses browser local storage (not traditional cookies) to store your preferences and session data locally on your device. This data does not leave your device unless you interact with the platform.
- University preference (
cramup_uni) — remembers which university you selected so you don't have to choose again on each visit. - Reading progress — stores your chapter progress locally so you can resume where you left off.
- Session tokens — used to keep you logged in between browser sessions. These expire automatically.
Our hosting provider (Hostinger) may set basic server-side cookies for session management and security (e.g., CSRF protection). These are technical necessities and contain no personal data.
You can clear local storage at any time via your browser's developer tools or settings. Doing so will reset your university preference and reading progress on that device.
How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Account and purchase records | 7 years from the date of purchase (legal and tax obligation under Indian law) |
| Active student accounts | For the duration of your access period + 1 year after expiry |
| Reading progress and usage data | Until you delete your account or request deletion |
| Contact form messages | 2 years from the date of submission |
| Payment transaction records | 7 years (legal obligation) |
| Session tokens | 30 days from last login, or until logout |
When the retention period expires, data is securely deleted or anonymised.
Your Rights
Under applicable Indian data protection law (including the Digital Personal Data Protection Act, 2023), you have the following rights:
- Right to access — you may request a copy of the personal data we hold about you.
- Right to correction — you may request that we correct inaccurate data (e.g., a wrong email address on your account).
- Right to erasure — you may request deletion of your account and associated data, subject to our legal retention obligations (purchase records cannot be deleted before the retention period ends).
- Right to grievance redressal — you may file a grievance with our Grievance Officer (see Section 12).
- Right to nominate — you may nominate another individual to exercise your rights on your behalf in the event of death or incapacity.
To exercise any of these rights, email us at hello@cramup.in with the subject line "Privacy Request — [Your Name]". We will respond within 30 days.
Data Security
We implement reasonable technical and organisational measures to protect your personal data, including:
- Passwords are stored as hashed values — we never store plain-text passwords
- All data in transit is encrypted via HTTPS (TLS)
- Payment processing is handled entirely by PCI-DSS compliant providers (Razorpay)
- Access to student account data is restricted to authorised admin accounts only
- The 2-device limit is enforced via session monitoring to prevent unauthorised account sharing
No system is 100% secure. In the event of a data breach that is likely to affect your rights, we will notify you as required by applicable law.
Children's Privacy
CramUp is designed for BEd students, who are typically adults (18 years and older). We do not knowingly collect personal data from children under 18. If you believe a child under 18 has provided us with personal data, please contact us immediately at hello@cramup.in and we will delete that data promptly.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective" date at the top of this page and, where appropriate, notify active students by email.
Continued use of CramUp after a policy update constitutes acceptance of the revised policy. We encourage you to review this page periodically.
Contact & Grievance Officer
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your data, please contact our Grievance Officer:
Grievance Officer — CramUp
📧 Email: hello@cramup.in
📍 Address: CramUp Educational Services, Dehradun, Uttarakhand, India
⏱ Response time: Within 30 days of receipt of complaint
For urgent matters, please mark your subject line: "PRIVACY GRIEVANCE — URGENT"