Legal

Privacy
policy.

This policy explains what data is collected, why it is collected, how long it is kept, and the legal rights you have over it. It applies to every visitor of niteshpawar.com and every customer of products or services offered through this site.

1. Scope & legal basis

This policy is written to comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and India's Digital Personal Data Protection Act, 2023 (DPDP). Where these laws diverge, the stricter standard is applied. Processing is carried out under one or more of the following legal bases: (a) your consent, (b) performance of a contract you have entered into, (c) compliance with a legal obligation, or (d) legitimate interests in running, securing, and improving this site that are not overridden by your rights.

2. Data we collect

  • Information you submit: name, email address, and message content when you use the contact form or purchase a product.
  • Transaction data: order identifiers, product purchased, amount, currency, and billing country. Full card numbers are never seen or stored by us; they are handled directly by the payment processor.
  • Technical data: IP address (truncated where possible), browser type, device type, operating system, referring URL, pages viewed, and timestamps. Used for security, fraud prevention, and aggregate analytics.
  • Cookies & local storage: strictly necessary cookies for session state and theme preference, plus optional analytics cookies you may decline. Cached assets and service-worker storage are used for performance.

We do not knowingly collect data from children under 16. If you believe a minor has submitted personal data, contact us and it will be deleted.

3. How data is used

  • To deliver the products, courses, and ebooks you request.
  • To respond to inquiries submitted through the contact form.
  • To process payments, issue invoices, and meet tax and accounting obligations.
  • To detect, prevent, and investigate fraud, abuse, and security incidents.
  • To measure aggregate site performance and improve the content and user experience.

Personal data is never sold, rented, or licensed. We do not use your data to train third-party advertising profiles.

4. Cookies, caches & local storage

We use small data files and storage mechanisms to keep the site secure, fast, and functional. These fall into four categories:

  • Strictly necessary cookies & caches: session tokens, CSRF protection, theme preferences, and cached page assets. These are required for the site to operate and cannot be disabled. They include service-worker caches and CDN edge caches that store static assets (images, styles, scripts) to reduce load times.
  • Functional cookies: settings such as language, font size, or accessibility preferences that improve your experience. These are stored in browser localStorage and can be cleared through your browser settings.
  • Analytics cookies: used to measure aggregate traffic, content popularity, and referral sources. These are only set after you grant consent through the cookie banner, or if your browser sends a Global Privacy Control / Do Not Track signal that we honour. No cross-site advertising profiles are built.
  • Third-party cookies: where payment or video embeds are used, those providers may set their own cookies subject to their privacy policies. We minimise third-party scripts and do not allow social-media trackers.

Cache control: static assets are cached at the CDN edge and in your browser for performance. Pages that contain personal data (checkout, member area) carry cache-control headers that prevent storage in shared caches. You can clear all cookies, caches, and localStorage at any time through your browser settings; this may degrade performance or require you to log in again.

5. Processors & subprocessors

We use a small number of vetted vendors to operate the site. Each is bound by a Data Processing Agreement and processes data only on documented instructions:

  • Hosting & edge delivery: the platform serving this site and its serverless backend.
  • Email delivery: the provider used to send transactional emails.
  • Payments: the regulated payment processor that handles checkout.
  • Analytics: a privacy-respecting analytics provider that aggregates traffic without building cross-site profiles.

A current list of subprocessors is available on request.

6. International transfers

Some processors are located outside your country of residence. Where data is transferred outside the EEA, UK, or India, we rely on appropriate safeguards such as European Commission adequacy decisions, Standard Contractual Clauses, or equivalent mechanisms recognized under local law. A copy of the relevant safeguard can be requested in writing.

7. Retention

  • Contact form messages: up to 24 months from last correspondence.
  • Transaction records: as long as required by tax and accounting law (typically 7–10 years).
  • Server logs: up to 90 days, then deleted or anonymized.

8. Your rights

Depending on your jurisdiction, you have the right to: access your data, correct inaccurate data, request erasure, restrict or object to processing, request portability in a machine-readable format, withdraw consent at any time, and lodge a complaint with your local supervisory authority. Requests are handled within 30 days. To exercise any right, use the contact page; we may ask for proof of identity to prevent unauthorized requests.

9. Security

We apply industry-standard technical and organizational measures: HTTPS/TLS in transit, encrypted storage at rest where supported by the provider, role-based access control, principle of least privilege, regular dependency updates, and monitoring for suspicious activity. No system is perfectly secure; if a personal data breach materially affects you, you will be notified without undue delay and in any case within 72 hours of discovery where required by law.

10. Changes to this policy

We may update this policy to reflect changes in law, technology, or our operations. Material changes will be flagged on this page with a revised effective date. Continued use of the site after the new effective date constitutes acceptance.