Data Protection Policy

Last updated: June 2026 · Compliant with IT Act 2000 and DPDP Act 2023 (India)

1. Data controller

Rockshaft Media is the data controller for all personal data processed through Prezenca. We are responsible for determining how and why personal data is processed.

Data Protection Contact: connect@prezenca.in

2. Legal basis for processing

Contract

Processing your account data and student records is necessary to provide the Prezenca service you have contracted for.

Consent

We send marketing communications only with explicit consent. You may withdraw consent at any time.

Legitimate interest

We process anonymised usage data to improve the product and detect fraud.

Legal obligation

We may retain billing records as required by applicable tax and financial regulations in India.

3. Data minimisation

We collect only the data necessary to provide the service. We do not collect sensitive personal data (health information, financial account numbers, government IDs) unless explicitly required for a feature you choose to use.

4. Data retention

Active account data

Retained for the duration of your subscription

Attendance and billing records

Retained for 3 years from creation (tax compliance)

Account after deletion request

Deleted within 30 days of request

Authentication logs

Retained for 90 days for security purposes

Anonymised usage data

Retained indefinitely for product improvement

5. Third-party data processors

Supabase

· India (ap-south-1)

Database and authenticationStores all user and application data

Resend

· Global (Tokyo region)

Transactional emailSends OTP and account emails only

Hostinger

· India

Web hostingHosts the Prezenca application

All processors are bound by data processing agreements and are prohibited from using your data for any purpose other than providing their service to us.

6. Security measures

  • 🔒All data encrypted in transit using TLS 1.2+
  • 🔒All data encrypted at rest in Supabase PostgreSQL
  • 🔒Row-level security: each tutor can only access their own data
  • 🔒Passwords are never stored in plain text (bcrypt hashing)
  • 🔒Optional two-factor authentication for all accounts
  • 🔒Regular security reviews of access policies
  • 🔒No sensitive data stored in browser localStorage

7. Data breach response

In the event of a data breach affecting personal data, we will notify affected users within 72 hours of becoming aware of the breach, consistent with obligations under the DPDP Act 2023.

8. Your data rights

Under the Digital Personal Data Protection Act 2023 (India), you have the right to access, correct, and erase your personal data. Email connect@prezenca.in to exercise these rights. We respond within 7 business days.