Data Breach Response Policy
Effective: 1 April 2026 · Version 1.0
If Gyan Sanchaar ever becomes aware that your personal data has been affected by a breach, we will investigate, contain, mitigate, and notify you — promptly and honestly. This policy explains exactly how we do that.
1. What is a personal data breach?
A personal data breach occurs when your personal data is accessed, used, or disclosed without authorisation — or when it is accidentally lost, altered, or destroyed. Examples include: • Unauthorised access to our systems by an external party • Accidental sharing of your data with the wrong person • Loss of a device containing personal data • Ransomware or malware that exposes stored data Not every security incident is a breach. Many incidents are detected and contained before any data is actually exposed.
2. How we protect your data
We take your privacy seriously and invest continuously in security. Our safeguards include: • Encryption at rest and in transit (TLS 1.2+) • Row-level security on our database so each user can only access their own data • Access controls — staff only access data they need for their role • Regular security reviews and vulnerability assessments • 180-day audit log retention as required by CERT-In Directions 2022 • Secure, hashed storage for all OTP codes (SHA-256 — we never store raw codes) • Automated expiry of OTP tokens (10 minutes) Your data is hosted on infrastructure within India, operated by carefully selected providers bound by data processing agreements.
3. Our response when a breach occurs
If we become aware of a suspected data breach, we act immediately. Our response follows four steps: 1. Detect & Investigate — We confirm whether a breach has occurred and identify what data may be affected. 2. Contain — We take immediate steps to stop the breach from spreading and prevent further unauthorised access. 3. Mitigate — We take corrective action to reduce the impact on affected individuals. 4. Notify — We inform affected users and the relevant regulatory authorities as described below. We treat every report of a suspected breach as urgent, regardless of whether it originated internally or was reported by a user.
4. When we notify you
If we determine that your personal data was affected by a breach, we will notify you within 6 hours of becoming aware — via your registered email address and/or WhatsApp number. Our notification will tell you: • What data was affected and how • When the breach occurred (if known) • What steps we took to contain it • What (if anything) you should do to protect yourself • How to reach us if you have questions We will never hide a breach from you. Your trust matters more to us than our reputation.
5. When we notify regulators
We comply fully with our legal obligations to report breaches to regulators: • Data Protection Board of India — we notify the Board as required under the Digital Personal Data Protection (DPDP) Act 2023. • CERT-In — we report to the Indian Computer Emergency Response Team within 6 hours of becoming aware, as required by the CERT-In Directions 2022. We cooperate fully with any investigation by regulatory authorities.
6. How we prevent breaches
Prevention is our first priority. We continuously work to reduce breach risk through: • Penetration testing and code security reviews • Strict access controls — only authorised personnel access production data • No storage of sensitive data that is not needed (we do not collect Aadhaar, bank details, or biometric data) • Automatic deletion of data after its retention period • Employee security awareness training • Supabase Row Level Security (RLS) to enforce data isolation between users • Automated monitoring for unusual access patterns Security is not a one-time effort — it is a continuous practice.
7. Report a suspected breach
If you believe your data may have been compromised, or if you discover a security vulnerability in our platform, please tell us immediately. 📧 Email: security@gyansanchaar.com Subject line: "Suspected Data Breach" Or contact our Data Protection Officer: 📧 dpo@gyansanchaar.com We take all reports seriously and will acknowledge your report within 24 hours. Responsible disclosure of security vulnerabilities is welcomed and appreciated. We will not take legal action against researchers who report vulnerabilities in good faith.
Questions about this policy? Contact our Data Protection Officer at dpo@gyansanchaar.com or report a suspected breach at security@gyansanchaar.com.