Last updated: May 2026 · Compliant with DPDP Act 2023
We collect: (a) Account information — name, email, phone number, role, avatar; (b) Profile data — skills, portfolio URL, hourly rate, interest areas; (c) Transaction data — invoices, payment IDs (no card details stored); (d) Usage data — login times, IP addresses, device/browser info; (e) Content you upload — product images, contract files, session notes.
We use your information to: provide and improve the Service; process payments and commission settlements; send transactional emails (order confirmations, contract alerts, session reminders); show personalised task and product recommendations based on your interest areas; detect fraud and enforce our Terms of Service.
We use cookies and localStorage for: authentication tokens (JWT); theme preference (dark/light); cookie consent preference. We do not use third-party tracking cookies. You can decline non-essential cookies via the banner on first visit.
We do not sell your personal data. We share data only with: (a) Razorpay — for payment processing; (b) Google — for Google OAuth login (if used); (c) Email service provider — for transactional emails; (d) AI providers (OpenAI/Anthropic) — for chatbot and curriculum generation features (no personal data is included in prompts). All third parties are contractually bound to protect your data.
We retain your data for as long as your account is active. Upon account deletion, personal data is removed within 30 days, except where retention is required by law (e.g., financial records retained for 7 years under Indian tax law).
We protect your data using: TLS encryption in transit; bcrypt password hashing; HMAC-SHA256 payment signature verification; JWT with 7-day expiry + 30-day refresh rotation; rate limiting on authentication endpoints; input sanitisation against XSS and NoSQL injection.
Under India's Digital Personal Data Protection Act 2023, you have the right to: access your personal data; correct inaccurate data; erase your data (account deletion via Settings); withdraw consent at any time. To exercise any right, email us at privacy@innovesh.com.
INNOVESH is not intended for children under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately.
We may update this policy periodically. We will notify you via email or in-app notification at least 7 days before changes take effect.
For privacy questions or data requests: privacy@innovesh.com · Innovesh Agency, India