Legal Β· DPDP Act 2023 Compliant

Privacy Policy

How we collect, use, and protect your personal information when you use ringsafe.in.

Last updated: 19 April 2026

RingSafe (“RingSafe”, “we”, “us”, “our”) respects your privacy. This Privacy Policy explains what information we collect when you visit ringsafe.in, sign up for a RingSafe Academy account, engage our consulting services, or participate in our community β€” how we use it, with whom we share it, and the rights you have under India’s Digital Personal Data Protection Act, 2023 (DPDP Act).

1. Who we are

RingSafe is a cybersecurity consulting practice and online learning academy based in India. The founder and Data Fiduciary is Manish Garg. For any privacy matter, contact hello@ringsafe.in.

Under DPDP Act Β§8(8), our designated Grievance Officer and contact point for data-principal rights is:

  • Name: Manish Garg, Founder
  • Email: hello@ringsafe.in (subject line: “DPDP Rights Request”)
  • Response SLA: Within 14 days of receipt

2. Information we collect

2.1 When you visit ringsafe.in

  • Analytics data β€” aggregated and anonymised browsing activity, device type, referrer, approximate location β€” via Google Analytics 4. We do not collect your IP address at full precision.
  • Cookies β€” essential cookies for site functionality (LiteSpeed cache, session), analytics cookies (Google Analytics), and preference cookies (theme, sidebar state).
  • Log data β€” our hosting provider (LiteSpeed Server, CloudLinux) records basic access logs for security and performance monitoring. Retained up to 90 days.

2.2 When you sign up for a RingSafe Academy account

Account creation is via Google OAuth (Google Sign-In). Google provides us with:

  • Your full name (first + last)
  • Your Google-verified email address
  • Your Google profile picture URL (we cache a copy locally)
  • Your Google user ID (used for future sign-ins)

We do not receive your password, contacts, calendar, drive content, location history, or any other Google data. We do not access, request, or store any additional Google-linked information beyond the four fields above.

2.3 When you use the RingSafe Academy

To provide personalised learning features, we store:

  • Modules you have completed
  • Quiz scores and attempts
  • XP points, badges, and learning streaks (via GamiPress)
  • Subscription tier (Free / Basic / Pro) and expiry date if subscribed
  • Forum posts and comments you have authored

2.4 When you purchase a subscription or make a payment

Payments are processed entirely by Razorpay, a PCI-DSS-compliant payment gateway. RingSafe does not collect, store, or process your card number, CVV, UPI PIN, netbanking credentials, or bank account details. Razorpay shares with us only:

  • A transaction reference ID
  • Payment status (success/failure) and amount
  • Timestamp of payment
  • Your name and email (to match to your Academy account)

Razorpay’s own privacy terms apply to payment processing and are available at razorpay.com/privacy.

2.5 When you contact us or submit forms

Forms on the site (contact, DPDP checklist download, booking) collect only the fields you explicitly fill in β€” typically name, email, phone, and your message. Submissions are processed by WPForms, stored in our database, and routed to hello@ringsafe.in via WP Mail SMTP.

2.6 When you post in the community forum

Forum posts are public by default. Your display name and avatar are visible alongside your contributions. Do not post sensitive information (credentials, client names, unredacted vulnerability data).

3. How we use your information

We use collected information strictly for the following purposes:

  • Service delivery β€” providing consulting services, delivering Academy content, personalising your learning experience, processing payments
  • Account management β€” authenticating sign-ins, associating progress with your account, sending transactional emails (receipts, access grants, account changes)
  • Support & communication β€” responding to your enquiries, providing consulting deliverables
  • Security & legal β€” preventing fraud and abuse, complying with Indian law, responding to lawful requests
  • Improvement β€” understanding aggregated usage patterns to improve the site and Academy content (we do not profile individuals)

We do not use your data for:

  • Marketing emails without explicit opt-in
  • Sale or rental to third parties
  • Targeted advertising
  • Profiling for credit, employment, or insurance decisions
  • AI/ML model training on your personal data

4. Who we share with

We share personal data only with the third parties necessary to provide the service:

  • Google (authentication via OAuth) β€” covered under Google’s privacy policy
  • Razorpay (payment processing) β€” covered under Razorpay’s privacy policy
  • Google Analytics (aggregated traffic analytics) β€” IP anonymised
  • Our hosting provider (infrastructure, backups) β€” data remains within India
  • UpdraftPlus (backup plugin) β€” backups stored encrypted; we do not share with external services unless you explicitly configure remote backup destinations
  • Legal / regulatory authorities β€” only when required by Indian law, a court order, or to protect rights and safety

5. Your rights under the DPDP Act, 2023

As a Data Principal, you have the following rights regarding your personal data:

5.1 Right to access (Β§11)

Request a summary of personal data we hold about you, the purposes of processing, and who we have shared it with. Email hello@ringsafe.in with subject “DPDP Access Request”. We respond within 14 days.

5.2 Right to correction and erasure (Β§12)

Request correction of inaccurate data or erasure when no longer necessary. On valid erasure request, we delete your Academy account, forum posts (or anonymise if deletion would break threading), payment records (beyond legally-required retention), and any other personal data within 14 days. Note: certain records (tax invoices, security audit logs) must be retained by law for 7 years and cannot be deleted.

5.3 Right to grievance redressal (Β§13)

If you have a complaint about how we handle your data, contact our Grievance Officer (section 1 above). If unresolved to your satisfaction, you may escalate to the Data Protection Board of India.

5.4 Right to nominate (Β§14)

You may nominate another person to exercise your data rights in the event of your death or incapacity. Send the nomination in writing to hello@ringsafe.in.

5.5 Right to withdraw consent

Where we process data on the basis of your consent (marketing emails if you opted in, optional analytics cookies), you may withdraw consent at any time. Withdrawal is as easy as giving consent β€” email us or use the unsubscribe link.

6. Data retention

  • Academy accounts β€” active as long as your account exists. Inactive accounts are flagged after 24 months; you may request deletion anytime.
  • Payment records β€” 7 years (income-tax requirement under Indian law).
  • Analytics data β€” 14 months (Google Analytics default), aggregated only.
  • Access logs β€” 90 days for security monitoring.
  • Forum contributions β€” retained as long as the forum exists; you may request anonymisation or deletion of your contributions.
  • Contact form submissions β€” 24 months, then deleted unless they become part of an active engagement.

7. Security measures

Under DPDP Β§8(5) (“reasonable security safeguards”), we maintain:

  • TLS 1.2+ encryption for all data in transit (HSTS enforced, preload list)
  • Encryption at rest for backups and sensitive fields
  • Role-based access control; the number of personnel with database access is limited to two (founder + backup admin)
  • Multi-factor authentication on all administrative accounts
  • Annual vulnerability assessment of our own systems
  • Hidden admin URL, brute-force protection (Wordfence), XML-RPC disabled
  • Daily automated backups retained for 30 days
  • Incident response playbook tested quarterly; 72-hour breach-notification process per DPDP Β§8(6)

8. Cross-border transfers

All primary data storage is within India. Limited, necessary cross-border transfers occur for:

  • Google (OAuth authentication, Google Analytics) β€” data may transit Google’s global infrastructure
  • UpdraftPlus remote backup destinations (if configured)

These transfers comply with DPDP Β§16 (general permissibility, no restricted-country destinations).

9. Children’s data

RingSafe’s services are intended for adult cybersecurity practitioners. We do not knowingly collect data from children under 18. If you believe a minor has created an account, email hello@ringsafe.in for immediate removal. Parental consent flows are not currently implemented because the product is not directed at children.

10. Changes to this policy

We may update this Privacy Policy to reflect service changes or legal updates. Material changes are notified via email to registered account holders at least 14 days before taking effect. The “Last updated” date at the top of this page reflects the current version.

11. Contact

For any privacy matter, DPDP rights request, or grievance:

  • Email: hello@ringsafe.in
  • Postal: Written correspondence to the address provided on response to your email enquiry
  • Response SLA: 14 days from receipt
Questions?

Talk to RingSafe

Whether it's a privacy question or a full security review β€” we respond within 24 hours.

Contact Us hello@ringsafe.in