01Who we are
RingSafe ("RingSafe", "we", "us") is a cybersecurity consulting practice and online learning academy operated from India. Manish Garg is the founder, principal consultant, and the contact person for any privacy-related question or request.
You can reach the privacy contact at [email protected] with the subject line "Privacy Request" — we aim to respond within 14 working days.
Note: RingSafe is a small founder-led practice. We are working towards full DPDP Rules operationalisation as the government notifies them in 2026. This policy describes our current practices.
02What information we collect
2.1 When you visit ringsafe.in
- Analytics data — aggregated, anonymised browsing activity (pages viewed, device type, approximate location) via Google Analytics 4. We do not record your IP address in full.
- Cookies — essential cookies for site functionality (LiteSpeed cache, sessions), analytics cookies (Google Analytics), and preference cookies (theme, sidebar state).
- Server access logs — basic access logs, kept by our hosting provider for security and performance, retained for up to 180 days as required by CERT-In Direction (28 April 2022).
2.2 When you sign up for the academy
Account creation is via Google OAuth (Google Sign-In). Google provides us with:
- Your full name (first + last)
- Your Google-verified email address
- Your Google profile picture URL (we cache a copy locally)
- Your Google user ID (used for future sign-in)
We do not receive your password, contacts, calendar, drive content, location history, or any other Google data. We do not access, request, or store any additional Google-linked information beyond the four fields above.
2.3 When you use the academy
To provide personalised learning, progress tracking, and credential issuance, we store:
- Modules you have completed and quiz attempts (questions answered, score)
- Points, badges, and learning streaks (via GamiPress)
- Subscription tier (Free / Basic / Pro) and equity-tier (where applicable)
- Forum posts and comments you have authored (via bbPress)
- Certificates issued in your name and download history
2.4 When you purchase a subscription
Payments are processed entirely by Razorpay, a PCI-DSS-compliant payment gateway licensed by the RBI. RingSafe does not collect, store, or process your card number, CVV, UPI PIN, netbanking credentials, or bank account details. Razorpay shares with us only:
- A transaction reference ID
- Payment status (succeeded / failed) and amount
- Timestamp of payment
- Your name and email (to match to your academy account)
Razorpay's own privacy terms apply to payment processing and are available at razorpay.com/privacy.
2.5 When you contact us or submit forms
Forms on the contact page, DPDP-checklist download, and booking forms collect only the fields you explicitly fill in — typically name, email, phone (optional), and your message. Submissions are processed by WPForms, stored in our database, and emailed to [email protected].
2.6 When you post in the community forum
Forum posts are public by default. Your display name and avatar are visible alongside posts. Do not post sensitive information (credentials, client names, real attack details) — community guidelines apply.
03How we use your information
We use collected information strictly for the following purposes:
- Service delivery — providing consulting services, delivering academy content, personalising your learning, processing payments.
- Account management — authenticating sign-ins, recording progress and credentials, communicating transactional emails (course reset, password change, receipts).
- Support & communication — responding to your enquiries, providing support, sending requested resources (e.g. PDF downloads).
- Security & legal — preventing fraud and abuse, complying with lawful requests under the IT Act and DPDP, responding to security incidents.
- Improvement — understanding aggregated usage patterns to improve site and academy content (we do not profile individuals).
We do not use your data for:
- Marketing emails without explicit opt-in consent
- Selling or rental to third parties
- Targeted advertising (we do not run ads)
- Profiling for credit, employment, or insurance decisions
- AI/ML model training on your personal data
05Legal basis for processing
Under the DPDP Act 2023 framework, we process personal data on the following bases:
- Consent — for newsletter subscriptions, marketing communications, optional analytics cookies.
- Performance of a contract — for delivering paid services, processing payments, issuing certificates.
- Legitimate uses (DPDP §7) — for security incident response, fraud prevention, fulfilling legal obligations.
- Compliance with law — for CERT-In log retention, IT Act obligations, lawful authority requests.
06Your rights as a Data Principal
You have the right to:
- Access your personal data we hold
- Correct or complete inaccurate data
- Erase your data when no longer needed (subject to legal retention obligations)
- Withdraw consent at any time, as easily as you gave it
- Nominate another person to exercise your rights in case of death or incapacity
- Grievance redressal by contacting our DPO at [email protected]
- Escalate to the Data Protection Board of India if your grievance is not resolved within 14 days
To exercise any right, email [email protected] with subject "DPDP Rights Request" and your registered email address. We will respond within 14 working days. We may verify your identity before fulfilling sensitive requests (e.g. account deletion).
07How we protect your data
- Encryption in transit — TLS 1.2+ on all site connections, HSTS enabled.
- Encryption at rest — database credentials and sensitive fields encrypted; backups encrypted.
- Access control — admin accounts protected with strong passwords and MFA; access reviewed quarterly.
- Security headers — Content-Security-Policy, X-Frame-Options, Permissions-Policy, Referrer-Policy enforced.
- WAF & DDoS — Cloudflare WAF with managed rules; Wordfence intrusion-prevention behind it.
- Logging & monitoring — security events logged and reviewed; alerts configured for anomalous activity.
- Patching — WordPress core, theme, and plugins updated promptly after security releases.
- Incident response — documented runbook with CERT-In notification template (6-hour reporting window).
No system is 100% secure. We will notify you and the relevant authority within the timelines required by law if a breach affecting your data occurs.
08How long we keep your data
| Data type | Retention |
|---|---|
| Account & profile | Until you delete your account; 30 days after for backups, then purged. |
| Course progress & certificates | Lifetime of account; certificates remain valid even after deletion (anonymised). |
| Payment records | 7 years (Income Tax Act, GST Act statutory retention). |
| Server access logs | 180 days (CERT-In Direction April 2022). |
| Email correspondence | 3 years from last contact, unless required by ongoing legal matter. |
| Forum posts | Public, retained while forum is active. You can delete your own posts. |
| Marketing consent | Until you withdraw; record of withdrawal kept 3 years. |
10Cross-border transfers
RingSafe servers and databases are located in India. Some service providers we use (Cloudflare, Google Analytics, Google OAuth) may process data outside India in the course of their service. We rely on:
- Standard contractual terms with each provider
- Each provider's published data-protection commitments (GDPR, SOC 2, ISO 27001)
- The DPDP §16 framework for permitted cross-border transfers
Payment data handled by Razorpay is processed and stored in India per RBI's payment-data localisation directive (April 2018).
11Children's data
RingSafe is intended for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. We do not run targeted advertising or behavioural monitoring. If we discover that we have collected data from a minor, we will delete it promptly. Parents or guardians who believe their child has provided us data may contact [email protected].
12Changes to this policy
We update this policy whenever our practices, providers, or applicable law materially change. The latest version is always available at ringsafe.in/privacy-policy. The "Last updated" date at the top reflects the most recent change. Substantive changes will be flagged in the page header for at least 30 days. We will email registered users where the change materially affects them.
13Contact us
For any privacy question, request, or grievance:
- Email — [email protected]
- Subject line — "Privacy Request" (for fastest routing)
- Postal — RingSafe, India (full address provided on request)
- Response time — 14 working days
If you are not satisfied with our response, you may escalate to the Data Protection Board of India under the DPDP Act once the Board is operationalised.