Privacy Policy · NHPREP by NetworkersHome

Introduction

NHPREP by NetworkersHome (“NHPREP”, “we”, “our”, “us”) operates the online learning platform available at nhprep.com, which delivers video courses, hands-on labs, quizzes, blog articles, and AI-powered mock interviews for networking and cybersecurity certification training.

This Privacy Policy applies to every visitor, registered learner, and paying subscriber who uses our website, our learning platform, or any service we operate under the NHPREP brand. By creating an account, subscribing, or otherwise using our services, you confirm that you have read and understood this policy.

Who we are for this policy. NHPREP by NetworkersHome is the Data Fiduciary under the Digital Personal Data Protection Act, 2023 for the personal data we collect from learners in India.

Information we collect

Information you provide

Account details: name, email address, password (stored only as a salted bcrypt hash), profile picture (if you sign in with Google), country, and optional profile preferences.
Payment details: when you subscribe, Razorpay collects your payment instrument details (UPI ID, card number, net-banking credentials) directly on their secure infrastructure. We do not store card numbers, CVV, or UPI PINs on our servers. We receive only the transaction reference, payment status, amount, and GST invoice details.
Voucher codes: if you redeem a voucher, we record the voucher code, the redeeming account, and the redemption timestamp for fraud prevention and reporting.
Support messages: any email, form submission, or grievance message you send us, together with its metadata (subject, timestamp, your account identifier).

Information collected automatically

Technical data: IP address, browser type and version, device type, operating system, screen size, referring URL, and timestamps of requests.
Usage data: pages visited, lessons watched, labs started, quiz attempts, and time on page. Aggregated, anonymised page-view data is collected through Umami, our self-hosted privacy-first analytics tool (see the Cookies section).
Learning progress: which lessons you have completed, your progress percentage, quiz scores, and mock-interview transcripts where applicable.

How we use your information

We process personal data only for purposes that are necessary to deliver, secure, and improve our service:

Service delivery: authenticating you, streaming video lessons, saving progress, running labs and quizzes, generating AI mock-interview sessions.
Account management: creating and maintaining your account, resetting passwords, sending account notifications.
Payment processing: instructing Razorpay to charge your selected payment method, issuing GST-compliant invoices, and applying voucher discounts.
Transactional email: sending welcome emails, payment receipts, subscription reminders, password-reset links, and interview transcripts.
Fraud prevention and security: rate-limiting abusive requests, detecting credential sharing, investigating chargebacks, and preventing unauthorised access.
Legal and tax compliance: retaining records required under Indian tax law and responding to lawful requests from competent authorities.
Product improvement: analysing aggregated usage to identify which courses, labs, and features help learners most.

We do not sell your personal data. We do not share it with advertising networks. We do not run third-party behavioural-ad trackers on our site.

Legal basis under the DPDP Act 2023

Under Section 4 of the Digital Personal Data Protection Act, 2023, we process personal data only on one of the following lawful bases:

Consent (§6): you provide free, specific, informed, unconditional, and unambiguous consent before we process your data for optional purposes such as receiving product updates, or for sending audio data to our AI mock-interview provider.
Performance of contract: when you subscribe, we must process your data to give you access to the platform, record progress, and issue invoices.
Legal obligation: we retain transactional and tax records as required by Indian tax, accounting, and consumer-protection laws.
Legitimate uses (§7): for example, ensuring information security, preventing fraud, and responding to medical or safety emergencies where the DPDP Act permits.

You may withdraw consent at any time (see Your rights). Withdrawal does not affect processing that has already occurred.

Cookies and tracking technologies

We use a minimal set of cookies and similar technologies, grouped as follows:

Strictly necessary cookies: session cookies that keep you signed in, CSRF tokens that protect form submissions, and language-preference cookies. These cannot be disabled without breaking the service.
Authentication cookies: NextAuth JWT session tokens (valid for 12 hours) and, if you use Google OAuth, the short-lived authorisation cookie set during sign-in.
Analytics: we use Umami, a self-hosted, privacy-first analytics tool. Umami does not use third-party cookies, does not fingerprint your device, does not track you across websites, and does not collect any personally identifiable information. Aggregated page-view data is stored on our own servers in our own database.
Preference cookies: store UI settings such as your chosen theme or your dismissed banners.

You can clear cookies at any time through your browser settings. Clearing strictly necessary cookies will log you out; clearing preference cookies will reset UI choices to their defaults.

Third-party service providers (Data Processors)

We work with a small, carefully chosen set of processors who help us deliver the service. Each processor is bound by contractual confidentiality and data-protection obligations.

Razorpay Software Pvt. Ltd. (India) — Payments: collects your payment instrument details and processes subscription payments. Governed by Razorpay’s own privacy policy and the RBI’s payment-aggregator framework.
Bunny Stream (BunnyWay d.o.o., Slovenia) — Video delivery: streams video lessons to your browser through a global CDN. Receives your IP address and the identifier of the requested video at the moment of streaming.
Google LLC — OAuth sign-in (optional): if you choose to sign in with Google, Google shares your email, name, and profile picture with us. We do not receive your Google password.
Cloudflare, Inc. — DNS, TLS, and DDoS protection: sits between your browser and our servers to block malicious traffic. Processes connection metadata in transit.
SMTP provider — Transactional email: delivers account notifications, receipts, and interview transcripts from noreply@nhprep.com.
OpenAI, L.L.C. — AI Mock Interviews only: when you voluntarily start an AI mock-interview session, your spoken answers are streamed to OpenAI’s Realtime API to generate a live interviewer response. This is an opt-in feature and is clearly disclosed on the interview screen. If you do not use AI Mock Interviews, no data is sent to OpenAI.

Disclosure for AI Mock Interviews. By starting an interview you consent to your voice being transmitted to OpenAI for the duration of the session. The transcript is stored on our servers so you can review it later. You may delete any transcript at any time.

Data retention

Account data: retained while your account is active, and for a further twelve (12) months after deactivation to accommodate reactivation requests and legal or tax obligations.
Session and security logs: retained for ninety (90) days and then deleted or anonymised.
Payment and tax records: retained for the period mandated by the Income-tax Act, 1961 and the Central Goods and Services Tax Act, 2017 — typically up to seven (7) years.
Mock-interview transcripts: retained while your account is active, or until you delete them from your dashboard.
Support correspondence: retained for up to twenty-four (24) months.

After the retention period, data is either permanently deleted or irreversibly anonymised.

Cross-border data transfers

Our primary servers are located in India. However, some of our processors (for example, Bunny Stream’s CDN and certain email infrastructure) operate in countries outside India. When personal data is transferred outside India, we rely on contractual safeguards and the permission granted to Data Fiduciaries under Section 16 of the DPDP Act, 2023 to transfer data to jurisdictions not restricted by the Central Government.

We do not transfer data to any country that the Central Government of India has notified as restricted for cross-border transfer.

Your rights under the DPDP Act

As a Data Principal you have the following rights:

Right to access: obtain a summary of the personal data we process about you and the processors with whom it is shared.
Right to correction and erasure: request that we correct inaccurate data, complete incomplete data, update outdated data, or erase personal data that is no longer required.
Right to grievance redressal: raise a complaint with our Grievance Officer (see below). If unresolved, you may approach the Data Protection Board of India.
Right to nominate: nominate another individual to exercise your rights in the event of death or incapacity.
Right to withdraw consent: withdraw consent for any processing that was based on consent. Withdrawal is as easy as giving consent.

To exercise any of these rights, email us at vikas@networkershome.com from the email address registered on your NHPREP account. We will verify your identity before acting.

Children’s personal data

Our service is designed for adults pursuing professional certifications and is intended for users aged 18 and above. We do not knowingly collect personal data from children under 18. If you believe that a minor has registered on our platform, please contact us at vikas@networkershome.com and we will promptly review the account and, where appropriate, delete the data.

Data security

We apply organisational and technical measures appropriate to the sensitivity of the data we process:

Passwords are never stored in plain text — we use salted bcrypt hashing.
All traffic between your browser and our servers is encrypted using TLS 1.2 or higher, with HSTS enforced at the edge.
Data at rest on our database and backups is stored on encrypted volumes.
Role-based access controls limit administrative access to authorised personnel only.
Rate limiting, CSRF protection, and content-security-policy headers are applied across authenticated routes.
We review our security posture periodically and investigate reported vulnerabilities promptly.

No online service can be guaranteed 100% secure. If we become aware of a personal-data breach that is likely to cause you harm, we will notify you and the Data Protection Board of India in accordance with the DPDP Act and its rules.

Grievance redressal

In accordance with the DPDP Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer to handle complaints relating to personal data.

Grievance OfficerVikasNHPREP by NetworkersHome

Emailvikas@networkershome.comAcknowledged within 72 hours

We acknowledge complaints within seventy-two (72) hours of receipt and endeavour to resolve them within thirty (30) days, as required by law. For postal correspondence, please email vikas@networkershome.com and we will share our registered office address.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, our processors, or applicable law. The “Last updated” date at the top of this page indicates when the latest revision took effect. For material changes we will notify registered users by email and display an in-product banner for at least fourteen (14) days before the changes take effect.

Contact us

Questions about this policy, or how we handle your personal data, can be sent to our Grievance Officer at vikas@networkershome.com. For postal correspondence, please email vikas@networkershome.com and we will share our registered office address.