Data Protection Policy
Last updated: June 2026 · Compliant with IT Act 2000 and DPDP Act 2023 (India)
1. Data controller
Rockshaft Media is the data controller for all personal data processed through Prezenca. We are responsible for determining how and why personal data is processed.
Data Protection Contact: connect@prezenca.in
2. Legal basis for processing
Contract
Processing your account data and student records is necessary to provide the Prezenca service you have contracted for.
Consent
We send marketing communications only with explicit consent. You may withdraw consent at any time.
Legitimate interest
We process anonymised usage data to improve the product and detect fraud.
Legal obligation
We may retain billing records as required by applicable tax and financial regulations in India.
3. Data minimisation
We collect only the data necessary to provide the service. We do not collect sensitive personal data (health information, financial account numbers, government IDs) unless explicitly required for a feature you choose to use.
4. Data retention
Active account data
Retained for the duration of your subscription
Attendance and billing records
Retained for 3 years from creation (tax compliance)
Account after deletion request
Deleted within 30 days of request
Authentication logs
Retained for 90 days for security purposes
Anonymised usage data
Retained indefinitely for product improvement
5. Third-party data processors
Supabase
· India (ap-south-1)Database and authentication — Stores all user and application data
Resend
· Global (Tokyo region)Transactional email — Sends OTP and account emails only
Hostinger
· IndiaWeb hosting — Hosts the Prezenca application
All processors are bound by data processing agreements and are prohibited from using your data for any purpose other than providing their service to us.
6. Security measures
- 🔒All data encrypted in transit using TLS 1.2+
- 🔒All data encrypted at rest in Supabase PostgreSQL
- 🔒Row-level security: each tutor can only access their own data
- 🔒Passwords are never stored in plain text (bcrypt hashing)
- 🔒Optional two-factor authentication for all accounts
- 🔒Regular security reviews of access policies
- 🔒No sensitive data stored in browser localStorage
7. Data breach response
In the event of a data breach affecting personal data, we will notify affected users within 72 hours of becoming aware of the breach, consistent with obligations under the DPDP Act 2023.
8. Your data rights
Under the Digital Personal Data Protection Act 2023 (India), you have the right to access, correct, and erase your personal data. Email connect@prezenca.in to exercise these rights. We respond within 7 business days.