Redinc

Privacy Policy

Last updated 29 May 2026

This Privacy Policy explains how Redinc Academy collects, uses, discloses, and protects personal data when you use redinc.academy and its related services (the "Platform"). It should be read together with our Terms of Use and Refund Policy.

1. Who we are

The Platform is operated by Redinc Academy LLP ("Redinc", "we", "us", "our"), a limited liability partnership incorporated in India, which is the data controller / Data Fiduciary responsible for personal data processed through the Platform.

Registered / contact office (India): Venture Arcade, Kozhikkode, Kerala, India Additional office (UAE): operated through Redinc Education FZ LLC, Dtech, Dubai Silicon Oasis, Dubai, UAE (operational office only; Redinc Academy LLP is the contracting party and Data Fiduciary). General contact: hello@redinc.academy Data protection / grievance contact: grievance@redinc.academy

2. Scope and legal basis

This Policy applies to all visitors, registered users, learners, and workshop participants. We process personal data on the following bases:

  • Consent, for newsletter and marketing communications, the waitlist, and any optional data you choose to provide.
  • Performance of a contract / legitimate use, to create and operate your account, deliver purchased courses and workshops, issue certificates, and process payments.
  • Compliance with law, including tax, accounting, and lawful requests from authorities.
  • Our legitimate interests, balanced against your rights, to secure the Platform, prevent fraud and account sharing, and improve the service.

Where the Digital Personal Data Protection Act, 2023 ("DPDP Act") applies, you are a Data Principal; where any other data-protection law applies to you, equivalent rights are honoured to the extent required.

3. Information we collect

a. Information you provide to us

  • Account & profile: name, email address, password (stored only as a secure hash via our authentication provider), profile image, phone number, postal address (address lines, city, state, country), and a member ID/tag assigned to you.
  • Authentication credentials: passkeys (public key and credential identifiers; we never receive your biometric data or device PIN) and, if you enable it, two-factor authentication secrets and backup codes.
  • Waitlist: name, email, phone, and answers to any course or webinar specific questions you submit.
  • Comments & contributions: the content of comments and replies you post on lessons.
  • Support & contact: the contents of messages you send us. Contact-form messages are emailed to our team and are not stored in a database by the Platform.
  • Workshop registrations: payment reference and any notes associated with your registration.

b. Information collected automatically when you use the Platform

  • Session & security data: IP address, a hashed form of your IP address, browser user-agent, an approximate location (country, country code, city) derived from your IP, and a device fingerprint.
  • Anti-sharing signals: a binding between your sign-in (magic) links and the browser that requested them, and "new login" alert records (device fingerprint, country, hashed IP, reason).
  • Usage & learning data: course enrolments, lesson progress and completion, quiz attempts and scores, active lesson and last video-activity timestamps.
  • Analytics: pages viewed, visit timestamps, IP/geolocation and user-agent of visitors, for aggregate traffic understanding.
  • Administrative audit log: a forensic record of privileged administrative actions, which stores a hashed actor IP and minimal context (no passwords, no full session tokens).

c. Information generated by us

  • Purchase records (payment provider, transaction ID, amount, currency, status, invoice URL).
  • Issued certificates (unique serial number and certificate PDF).
  • Pending-checkout records linked to your payment session.

We do not collect special-category data, and we do not knowingly collect data from anyone under 18 (see Section 11).

4. How we use your information

Purpose Examples
Provide the service Create/operate your account, enrol you, deliver lessons and workshops, track progress, issue certificates
Process payments Pass order data to our payment processor, record purchases, generate invoices
Security & anti-fraud Authenticate you, detect and prevent account sharing and unauthorised access, rate-limiting, login alerts
Communicate with you Transactional emails (sign-in links, receipts, certificate delivery, service notices) and, only with consent, newsletters
Support Respond to your enquiries and resolve issues
Legal & operational Comply with tax/legal obligations, maintain audit and forensic records, enforce our Terms

5. Anti-sharing and security monitoring (express disclosure)

To protect paid content and accounts, the Platform actively monitors for account sharing and suspicious access. This includes generating and storing a device fingerprint, hashing and recording IP addresses, deriving approximate geolocation, binding sign-in links to the requesting browser, and recording new-login alerts. We use this data solely for security, fraud prevention, and enforcing the personal, non-transferable licence described in our Terms of Use. Access from multiple devices or locations inconsistent with personal use may trigger alerts or account suspension.

6. Cookies and similar technologies

We use strictly necessary cookies and local storage for authentication and session management, our bot-protection challenge (Cloudflare Turnstile), and the anti-sharing device signal. We do not use third-party advertising or cross-site tracking cookies. Blocking essential cookies will prevent you from signing in.

7. Third parties and disclosure of data

We do not sell your personal data. We share it only with third-party service providers that process it on our instructions, and where required by law.

These third parties provide: payment processing (the payment provider acts as merchant of record); application hosting, database, file storage, bot protection, and email delivery; newsletter and waitlist contact management; secure (DRM) video delivery; and the device-fingerprint signal used for anti-sharing. We share with each provider only the data needed for its function. For example, name, email, and billing details are shared with the payment processor; viewing and session data are shared with the video provider; name, email, and phone (where applicable) are shared with the newsletter and waitlist provider.

Cross-border transfer. We operate from India and the UAE, and our service providers operate globally. Your data may be processed outside your country of residence. We rely on the lawful-transfer mechanisms permitted under the DPDP Act and applicable law, and require service providers to maintain appropriate safeguards.

8. Payments

Payments are processed by our payment provider, Dodo Payments, which acts as merchant of record. We do not collect or store your full card or banking details; these are handled by the payment provider under its own privacy terms. We retain only transaction metadata (provider, transaction ID, amount, currency, status, invoice link).

9. Data retention

  • Account data: retained for the life of your account and for a reasonable period afterwards to meet legal, tax, and dispute-resolution needs.
  • Transaction records: retained as required by applicable accounting and tax law.
  • Audit log: retained as a forensic record and not routinely truncated; periodically exported to secured cold storage under a retention decision.
  • Security/anti-sharing data: retained only as long as needed for the security purpose, then deleted or further anonymised.
  • Analytics: retained in aggregate; identifiers minimised over time.

When data is no longer required, it is deleted or irreversibly anonymised.

10. Your rights

Subject to applicable law (including the DPDP Act), you may:

  • Access the personal data we hold about you and obtain a summary of processing;
  • Correct, complete, or update inaccurate or incomplete data;
  • Erase data where it is no longer necessary and retention is not legally required;
  • Withdraw consent for consent-based processing (such as newsletters) at any time;
  • Nominate another individual to exercise your rights in the event of death or incapacity;
  • Raise a grievance with us, and escalate to the Data Protection Board of India if unresolved.

To exercise any right, email grievance@redinc.academy from your registered email address. We will respond within the timeframes required by law. We may verify your identity before acting.

11. Children

The Platform is intended for adults aged 18 and over (educators and teaching professionals). It is not directed to children, and we do not knowingly collect personal data from anyone under 18. If we learn that we have collected such data, we will delete it. If you believe a minor has provided us data, contact grievance@redinc.academy.

12. How we protect your data

We use passkey and two-factor authentication, password hashing, IP hashing, encrypted transport (HTTPS), rate-limiting, bot protection, and least-privilege administrative access with an audit trail. No method of transmission or storage is perfectly secure, but we maintain reasonable security safeguards appropriate to the sensitivity of the data.

13. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified via the Platform or by email, and the "Last updated" date above will change. Continued use after changes take effect constitutes acceptance, except where fresh consent is required by law.

14. Contact

Redinc Academy LLP Venture Arcade, Kozhikkode, Kerala, India General: hello@redinc.academy Data protection / grievance: grievance@redinc.academy