India's #1 Grant Platform for Life Sciences & Biotechnology  •  Updated Daily from DBT, BIRAC, ICMRGrantSetu is free  •  If it helped you, shaam ki chai? → grantsetu.in/chaiIndia's #1 Grant Platform for Life Sciences & Biotechnology  •  Updated Daily from DBT, BIRAC, ICMRGrantSetu is free  •  If it helped you, shaam ki chai? → grantsetu.in/chaiIndia's #1 Grant Platform for Life Sciences & Biotechnology  •  Updated Daily from DBT, BIRAC, ICMRGrantSetu is free  •  If it helped you, shaam ki chai? → grantsetu.in/chai

Legal

Privacy Policy

Last updated: 5 May 2026

This Privacy Policy explains what personal data we collect when you use grantsetu.in (the "Service"), why we collect it, and the choices you have. The Service is operated by Argajit Sarkar, Dharma Nagar, Uttar Debipur, South Tripura, Tripura - 799155, India (the "Data Fiduciary" under the Digital Personal Data Protection Act, 2023).

1. Data we collect

  • Account data: name, email, profile photo (via Google OAuth) or password hash (for email signups).
  • Research profile: career stage, subject area, institution, keywords - whatever you choose to enter.
  • Usage data: pages viewed, grants saved, search queries.
  • Payment data: we do not store card or bank details. Payments are processed by PayU; we receive only a payment ID and status.
  • Technical data: hashed IP address + user-agent fingerprint (for an approximate visitor count via Redis HyperLogLog), browser logs, error reports.

2. How we use it

  • To run the Service: authenticate you, save your profile, recommend grants.
  • To send transactional emails: verification, password reset, weekly digest, billing receipts.
  • To improve the Service: aggregate usage analytics.
  • To comply with legal obligations.

3. Cookies

We use first-party cookies that are strictly necessary for authentication (NextAuth session) and security. We do not use advertising cookies or third-party trackers.

4. Third parties we share data with

We share the minimum data required with the following processors. Each is contractually bound to handle data only to provide their service to us.

  • Google - OAuth sign-in (name, email, profile picture).
  • PayU - payment processing (handles all card / UPI / netbanking data directly; we never see it).
  • Buttondown - newsletter delivery (email + tags).
  • Resend - transactional email delivery (email + message body).
  • Cloudflare - CDN, DNS, and tunnel; sees encrypted traffic metadata.
  • Self-hosted server - the application runs on a server under our direct physical control in India.

5. Data retention

Account data is retained while your account is active. When you delete your account (Profile -> Danger Zone), we permanently delete your profile, saved grants, and alert preferences. Backup snapshots may persist for up to 30 days. Anonymous, aggregated analytics may be retained indefinitely.

6. Your rights (DPDP Act, 2023)

  • Access - request a copy of your personal data.
  • Correction - update inaccurate data via your profile.
  • Erasure - delete your account from the profile page, or email us.
  • Withdraw consent - unsubscribe from any email at any time.
  • Grievance - escalate concerns to our Grievance Officer (below).

7. Children

The Service is not intended for users under 18. We do not knowingly collect data from children.

8. Security

Passwords are stored as bcrypt hashes. Sessions use HS256-signed JWTs. All traffic is served over HTTPS. We follow industry-standard practices, but no system is perfectly secure - if you spot a vulnerability, please email [email protected].

9. Grievance Officer

Argajit Sarkar

Email: [email protected]

Acknowledged within 48 hours, resolved within 30 days.

10. Changes

We will post any changes to this Policy on this page and update the "Last updated" date. Material changes will also be emailed to registered users.