search

Data Protection

This is a plain-language summary of ImpactMojo's data protection practices. The full document is at impactmojo.in/data-protection.htmlarrow-up-right.

hashtag
The Short Version

ImpactMojo is aligned with India's Digital Personal Data Protection Act 2023 (DPDPA). We collect minimal data, protect what we collect, and give you control over your information.

hashtag
What the DPDPA Means for You

The DPDPA is India's data protection law — it gives you rights over your personal data and sets rules for how organisations like ImpactMojo handle it.

Your rights under the DPDPA:

Right
What it means

Right to access

You can ask what personal data we hold about you

Right to correction

You can ask us to fix incorrect information

Right to erasure

You can ask us to delete your data

Right to grievance redressal

You can complain if you think we've mishandled your data

Right to nominate

You can nominate someone to exercise your data rights on your behalf

hashtag
What Personal Data We Process

Data type
When we collect it
Why

Name

When you create an account

To personalise your experience and issue certificates

Email address

When you create an account or contact us

To communicate with you and send updates

Organisation (optional)

If you tell us

To understand our user base

Course progress

As you use the platform (logged-in users)

To track your learning and issue certificates

Browser and device info

Automatically when you visit

To ensure the site works on your device

IP address (anonymised)

Automatically when you visit

For security and aggregate analytics

hashtag
How We Protect Your Data

Technical measures:

  • Encrypted connections (HTTPS) for all data in transit

  • Secure storage with access controls

  • Regular security reviews

Organisational measures:

  • Minimal data collection — we only collect what we actually need

  • Access limited to team members who need it

  • No sharing with third parties for marketing

Honest caveat: No system is 100% secure. We take reasonable precautions, but we can't guarantee absolute security. If a breach occurs, we'll notify affected users promptly.

hashtag
Data Retention

  • Account data — kept as long as your account is active. Deleted when you request account deletion.

  • Analytics data — anonymous and aggregated. Not tied to your identity.

  • Contact form submissions — kept for as long as needed to respond and follow up.

  • Payment records — kept as required by Indian tax and financial regulations.

hashtag
Third-Party Data Processors

We use three external services that process some data on our behalf:

Service
Purpose
Data they see

Google Analytics

Usage analytics

Anonymous browsing data

Formspree

Contact form processing

Name, email, message

UserWay

Accessibility tools

Anonymous interaction data

We don't share personal data with any other third parties.

hashtag
Data Subject Requests

To exercise any of your data rights:

  1. Email hello@impactmojo.inenvelope with your request

  2. We'll verify your identity (to prevent someone else accessing your data)

  3. We'll respond within 2 business days

  4. We'll act within 30 days (as required by the DPDPA)

hashtag
For Organisations

If your organisation uses ImpactMojo's Organization tier and manages team accounts:

  • You are the data fiduciary for your team members' data

  • ImpactMojo acts as a data processor on your behalf

  • Team dashboards show progress data only — not personal notes or bookmarks

  • We can provide a Data Processing Agreement (DPA) on request

hashtag
Questions?

Email hello@impactmojo.inenvelope with any data protection questions.

PreviousRefund PolicyNextDisclaimer

Last updated

Was this helpful?