Effective Date: 29 May 2026  |  Last Updated: 29 May 2026

This policy applies to civilashram.co.in, tech.civilashram.co.in, ias.civilashram.co.in, and any associated applications (collectively, the “Services”)

1. Who we are

This Privacy Policy is published by Civil Ashram (referred to in this document as “we,” “us,” or “our”), an organisation based in Kota, Rajasthan, India. We operate three websites that share this same Privacy Policy:

• civilashram.co.in — our main portal and the central home of Civil Ashram.
• tech.civilashram.co.in — our technology division, which offers IT, web, and WhatsApp automation services.
• ias.civilashram.co.in — our UPSC and civil services coaching division.

Throughout this document, anyone who visits any of these three websites, signs up for our services, joins our coaching programs, or contacts us is referred to as “you,” “your,” or “the user.”

If at any point you have questions about anything in this policy, you can contact us at: info@civilashram.co.in. Our full contact details are listed at the end of this page.

2. What this policy covers

This policy explains, in plain language:

• What information we collect from you and why.
• How we use that information.
• Who we share it with (and who we do not).
• How long we keep it.
• What rights you have over your data.
• How we keep your data safe.
• What we do about cookies, ads, and tracking.
• How we handle children’s data.
• How we comply with laws like India’s DPDP Act, the EU/UK GDPR, and California’s CCPA.

This policy applies whenever you use one of our three websites, or interact with us by email, WhatsApp, phone, or in person about something related to our services.

3. What information we collect

We try to collect only what we actually need. Here is the full list, broken down by category.

3.1 Information you give us directly

When you fill out a form, sign up, enrol in a course, request a service, or write to us, you may share:

• Identity information — your full name, date of birth (if relevant to a course), gender (only if you choose to share).
• Contact information — your email address, mobile number, WhatsApp number, and postal address (if you order something or enrol in a coaching program that needs it).
• Account information — a username and password if you create an account on any of our sites.
• Education and career details — for UPSC coaching on ias.civilashram.co.in, we may ask about your education, exam attempts, optional subject, and goals so we can guide you correctly.
• Business details — for tech.civilashram.co.in clients, we may collect your business name, GSTIN, website, and the services you need.
• Payment information — when you pay us, we use trusted payment processors (such as Razorpay, Stripe, or similar). They handle your card and banking details directly. We do not store your full card number on our own servers.
• Messages you send us — anything you write in a contact form, email, WhatsApp message, or support chat.

3.2 Information we collect automatically

When you visit our websites, your browser and device automatically share certain technical details with us, like any normal website. This includes:

• Your IP address (which roughly indicates your country and city).
• The type of device, operating system, and browser you are using.
• Which pages you visit, in what order, and how long you stay.
• How you arrived at our site (for example, from a Google search, a social media link, or an ad).
• Crash reports and error logs, so we can fix problems.

We use this information to improve how our sites work, to spot problems, and to understand which content is useful. It is not used to personally identify you unless you have logged in or given us your details.

3.3 Information from third parties

In a few specific cases, we may receive information about you from other sources:

• Payment processors — they confirm whether your payment to us succeeded.
• Analytics providers — services like Google Analytics give us anonymised reports about how our sites are used.
• Social media — if you reach out via our Facebook, Instagram, or LinkedIn pages, we may see the public part of your profile.
• Referrals — if someone refers you to us, they may pass on your name and contact details (only with your permission, if required by law).

3.4 Sensitive information

We try to avoid collecting any sensitive information (such as religion, caste, political views, health details, or biometric data). If a coaching enrolment form ever asks for something like caste category (for example, for reservation-related course pricing), it is purely optional and clearly marked. We never use such information for any purpose other than the one we explicitly state at the point of collection.

4. Why we collect this information and how we use it

Under data protection laws, we must tell you exactly why we use your data. Here is the honest breakdown:

To deliver the services you asked for

• To enrol you in UPSC coaching programs and give you access to study material, classes, and mentorship.
• To provide tech services you have requested — WhatsApp automation setup, web development, IT consulting, etc.
• To create and maintain your account.
• To process your payments and send you invoices or receipts.

To communicate with you

• To answer your questions when you contact us.
• To send you class reminders, schedule changes, or updates about a service you’ve signed up for.
• To send you newsletters or marketing — but only if you have specifically agreed to receive them. You can unsubscribe at any time with one click.

To improve our websites and services

• To understand which pages are popular and which are confusing.
• To fix bugs and improve loading speed.
• To develop new courses or tech services based on what users want.

To stay safe and lawful

• To prevent fraud, abuse, hacking, and spam.
• To keep records that the law requires us to keep (for example, tax invoices for several years).
• To respond to legal requests from courts or government authorities, when we are legally required to.

4.1 Our legal basis (for GDPR and DPDP Act users)

If you are in the European Union, the United Kingdom, or India, the law requires us to tell you the specific “legal basis” on which we process your data. Here is ours:

• Consent — when you sign up for a newsletter or tick a marketing box, we rely on your consent. You can withdraw it any time.
• Contract — when you buy a course or service from us, we process your data to fulfil our contract with you.
• Legal obligation — for tax records, GST filings, and similar legal requirements in India.
• Legitimate interests — for things like fraud prevention and basic website analytics, where this does not override your rights. (This basis applies under GDPR; under India’s DPDP Act, we instead rely on “certain legitimate uses” as defined in Section 7 of the Act.)

5. Who we share your information with

We do not sell your personal data. We do not rent it. We do not trade it. Not to advertisers, not to data brokers, not to anyone.

We only share information when we genuinely need to, in these specific situations:

5.1 Service providers who help us run our business

We use trusted third-party services to actually deliver what we do. These providers only get the data they need, only for the purpose we ask, and are contractually required to keep it safe.

• Hosting and infrastructure — companies that host our websites and store our databases (such as Hostinger).
• Email and messaging — services we use to send transactional emails and notifications (such as Google Workspace, Zoho Mail, or similar).
• Payment processors — Razorpay, Stripe, PayPal, or whichever processor handles a specific transaction.
• Analytics — Google Analytics or similar, to understand how our sites are used.
• WhatsApp and communications — Meta’s WhatsApp Business Platform, when we send you messages you’ve signed up for.
• Customer support tools — software that helps us track and reply to your queries.

5.2 When the law requires it

If a court, tax authority, police, or other lawful government body issues us a valid legal order, we must comply. We will only share what is specifically asked for, and we will tell you about it unless the law forbids us from doing so.

5.3 In a business transfer

If Civil Ashram is ever merged with, acquired by, or sold to another business, your data may be transferred to that new owner. The new owner would be required to honour this same privacy policy.

5.4 With your permission

If you ever specifically ask us to share your data with someone — for example, to give a testimonial to a partner — we will do that, but only with your clear permission.

5.5 What we never do

• We never sell your contact list to anyone.
• We never share your information with advertisers in a way that identifies you personally.
• We never let any third party access your data for their own marketing purposes.

6. Cookies and tracking

Cookies are small files that websites save on your device to remember things about you. We use them in a limited and honest way.

6.1 Types of cookies we use

• Essential cookies — these are required for the site to work. For example, they remember that you are logged in. You cannot turn these off, because the site would not work without them.
• Analytics cookies — these tell us how visitors use our site (which pages are popular, how long people stay). We use this to improve. You can turn these off in our cookie banner.
• Marketing cookies — if we ever run ads on Facebook, Google, or LinkedIn, these cookies may help us understand whether an ad worked. We will only set these if you specifically agree.

6.2 How to control cookies

When you first visit our site, you’ll see a cookie banner. You can:

• Accept all cookies.
• Accept only essential cookies.
• Choose which categories you want.

You can also change your choice any time by clicking the “Cookie settings” link in our footer, or by clearing cookies in your browser settings.

6.3 Do Not Track signals

Some browsers send a “Do Not Track” signal. There is no industry agreement on how to respond to it yet, but we honour clear opt-outs through our cookie banner and through Global Privacy Control (GPC) signals where supported.

7. How long we keep your information

We don’t keep your data forever. We only keep it for as long as we genuinely need it. Here is a rough guide:

• Account data — for as long as you have an account with us. If you ask us to delete your account, we delete it within 30 days (except for any records we are legally required to retain).
• Course and service records — for the duration of the course or service, plus a reasonable period after (typically up to 3 years) in case you need transcripts or proof of completion.
• Payment and tax records — Indian tax law requires us to keep invoices and financial records for up to 8 years.
• Marketing data — until you unsubscribe, and then we delete or anonymise it within 90 days.
• Website analytics — typically up to 26 months, then anonymised.
• Support messages — up to 3 years, so we can refer back if you contact us again about the same issue.

When the time period is over, we either delete the data securely or anonymise it (so it can no longer be linked to you).

8. Your rights over your data

You are in control of your personal information. Depending on where you live, you have legal rights that we honour. We give all our users these rights, no matter which country they are in.

8.1 The rights you have

• Right to know — you can ask us what data we have about you.
• Right to access — you can ask for a copy of your data.
• Right to correct — if something we have is wrong, you can ask us to fix it.
• Right to delete — you can ask us to delete your data (sometimes called the “right to be forgotten”). We will, unless the law requires us to keep something.
• Right to restrict — you can ask us to stop using your data for certain purposes while we look into a concern.
• Right to object — you can object to certain uses, especially marketing.
• Right to data portability — you can ask us to give you your data in a structured, machine-readable format, or to send it directly to another service.
• Right to withdraw consent — any time you have given us consent (for marketing, for example), you can take it back.
• Right to nominate (DPDP Act) — if you are in India, you can nominate another person to exercise these rights on your behalf in case you die or become incapacitated.
• Right to complain — you can complain to a data protection authority (see section 13).

8.2 How to exercise your rights

Just email us at info@civilashram.co.in. Tell us which right you want to exercise and which website (civilashram.co.in, tech.civilashram.co.in, or ias.civilashram.co.in) the request relates to.

We will respond within:

• 30 days for users in the EU/UK (as required by GDPR).
• 45 days for users in California (as required by CCPA).
• As soon as reasonably possible for users in India (in line with the DPDP Act).

We may need to verify your identity first, to make sure we are not giving someone else’s data to the wrong person. We will never charge you for exercising your rights, except in very rare cases where requests are clearly excessive or repeated.

8.3 Special rights for California residents (CCPA/CPRA)

If you live in California, in addition to the rights above, you have the right to:

• Know what categories of personal information we collect and the purposes.
• Opt out of any “sale” or “sharing” of personal information — though as stated above, we do not sell your data.
• Not be discriminated against for exercising your rights.

To exercise these, email us at info@civilashram.co.in with “CCPA Request” in the subject line.

9. How we keep your data safe

We take security seriously. The steps we take include:

• Encrypting data in transit using HTTPS on all our websites.
• Encrypting sensitive data in our databases where appropriate.
• Restricting access to your data to only the staff members who genuinely need it for their work.
• Using strong passwords and two-factor authentication on our internal systems.
• Keeping our software and servers updated with security patches.
• Regularly backing up our data so it can be restored if something goes wrong.
• Working only with trusted, reputable service providers that meet recognised security standards.

But we must be honest — no system on the internet is 100% secure. If we ever discover a data breach that affects your personal information, we will:

• Notify the relevant data protection authority within 72 hours (as required by GDPR and the DPDP Rules, 2025).
• Tell you directly, as soon as is reasonably possible, if your data was affected and the breach poses a serious risk.
• Explain what happened, what data was affected, and what you should do.

10. International data transfers

Civil Ashram is based in India, and our servers may be located in India or in other countries (such as the EU, US, or Singapore), depending on which service provider we use. Some of our service providers (like Google or Meta) also operate globally.

If your data is transferred outside your country, we make sure it is protected by appropriate legal safeguards. For example:

• For data transferred out of the EU/UK, we rely on Standard Contractual Clauses approved by the European Commission, or on adequacy decisions where they exist.
• For data transferred under the DPDP Act, we follow the rules issued by the Indian government on which countries our data can move to.
• We choose service providers that follow recognised security and privacy standards.

11. Children’s data

Our websites and services are mainly intended for adults — university students, working professionals, and businesses. We do not knowingly collect personal information from children under 18 without verifiable consent from a parent or guardian.

Under India’s DPDP Act, we are required to get verifiable parental consent before processing the personal data of anyone under 18. We do not use children’s data for profiling, behavioural tracking, or targeted advertising.

If you are a parent or guardian and you believe your child has given us personal information without your permission, please contact us at info@civilashram.co.in and we will delete it promptly.

12. Links to other websites

Our sites sometimes link to other websites we don’t own — for example, to a news article, a payment processor, or a partner. Once you leave our site, this Privacy Policy no longer applies. Please read the privacy policy of any site you visit. We are not responsible for how other sites handle your data.

13. How to complain

If you think we have mishandled your personal data, the first thing we ask is that you contact us. We genuinely want to fix it. Email us at info@civilashram.co.in.

If you are not satisfied with our response, you have the right to complain to a data protection authority:

• In India — the Data Protection Board of India (DPB), once it is fully operational under the DPDP Act, 2023.
• In the EU — the data protection authority in your country (a full list is available at edpb.europa.eu).
• In the UK — the Information Commissioner’s Office (ICO) at ico.org.uk.
• In California — the California Privacy Protection Agency (CPPA) at cppa.ca.gov, or the California Attorney General at oag.ca.gov.

14. Changes to this policy

We may update this Privacy Policy from time to time — for example, when we add a new service, change a tool, or when the law changes. When we do:

• We will update the “Last Updated” date at the top of this page.
• For significant changes that affect how we use your data, we will notify you by email (if we have it) or with a prominent notice on the website at least 30 days before the change takes effect.
• Your continued use of our sites after the change means you accept the updated policy.

We keep an archive of past versions and can send you any previous version if you ask.

15. How to contact us

If you have any questions about this Privacy Policy, want to exercise any of your rights, or just want to talk to a human about your data, here is how to reach us:

Civil Ashram
1063, Mahaveer Nagar-second,
Kota, Rajasthan, India – 324005

Email: info@civilashram.co.in
Phone / WhatsApp: +91 88240 49989

For our tech division: tech.civilashram.co.in
For our UPSC division: ias.civilashram.co.in

Grievance Officer (as required under Indian law):
Deepika Patni
Email: patnideepika91@gmail.com

We will acknowledge your complaint within 24 hours and resolve it within 15 days, in line with the IT Rules, 2021.

Thank you for trusting Civil Ashram with your information. We take this responsibility seriously.