Privacy Policy | StepVista

Privacy Policy | StepVista

Read Time 5 min read
Expertise Processed by StepVista

StepVista is committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 (India). We operate on the principles of data minimization and transparency.

1. Commitment to DPDP 2023

We believe in your right to privacy. StepVista is primarily designed to be a free and open resource for the student community. When you are simply browsing the site, we do not collect any personally identifiable information (PII).

2. Data Collection & Purpose

We utilize a 2-Phase Identity system for measurement without direct PII leakage:

  • Essential Analytics: Anonymous signals used to maintain college predictor accuracy and tool performance. This is mandatory for service delivery.
  • Personalization: Requires explicit opt-in. Enables Meta Pixel and CAPI for showing relevant admissions alerts and localized suggestions.

2.1 Data Processing Flow

All incoming traffic and requests flow through a securely structured pipeline, minimizing PII exposure at each hop:

  1. Visitor Browser: Executes application state, processes anonymous site interactions, and stores localized preferences (e.g. consent settings, predictor variables).
  2. Cloudflare CDN / Workers Routing: Evaluates request parameters (IP, User-Agent) to perform real-time geographical lookup (Region, City) for service delivery.
  3. Analytics Pipeline: If consent is granted, anonymous usage telemetry is dispatched to Google Analytics. Meta Pixel/CAPI processes personalization triggers only if the user explicitly consents and declares they are 18 or older.
  4. Secure D1 Database Storage: Counseling inquiry forms are recorded in an encrypted database, including an evidentiary consent log.

2.2 Third-Party Data Processors

The following external services process data on our behalf:

ProcessorCategoryWhat We Intentionally SendLegal Basis
Meta (Facebook)AdvertisingHashed email, phone, IP, and browser identifiers — only after advertising consent is grantedConsent
Google AnalyticsAnalyticsSession identifiers, page paths, and interaction events (we do not deliberately send names, phone numbers, or emails)Legitimate Interest
Google AdSenseAdvertisingCookie identifiers for ad relevance — only after advertising consent is grantedConsent
CloudflareInfrastructure / SecurityIP addresses and User-Agent strings for DDoS protection, CDN routing, and security audit purposesLegitimate Interest

Note on Google Analytics: While we do not deliberately send PII to Google Analytics, Google’s platform may independently process device and IP-derived signals to provide its service. We recommend reviewing Google’s Privacy Policy for full details.

2.3 IP Address & User-Agent Retention

IP addresses and User-Agent strings are retained as part of consent metadata logs for fraud prevention, security, consent verification, and regulatory audit purposes for a maximum of 14 months, after which they are permanently purged.

2.4 Data Retention Schedule

  • Counseling Leads (PII): Retained for 12 months (one full academic admission cycle), after which they are permanently deleted.
  • Analytics Telemetry & Logs: Retained for 14 months to maintain prediction accuracy and conduct performance audits, then purged.

3. Lead Generation and Voluntary Data Collection

While most of the site is anonymous, we offer a “Get Free Counseling” service. When you choose to use this service by submitting an inquiry form, we collect the following information that you voluntarily provide:

  • Your Name: To address you professionally.
  • Your Phone Number: To provide counseling via call, SMS, or WhatsApp.
  • Your Email (Optional): For additional communication.
  • Preferred Course: To understand your academic interests.
  • College of Interest: Automatically captured.

By submitting this form and checking the consent box, you explicitly agree to share these details and receive relevant career communication from StepVista experts or our partner institution counselors.

4. User Rights & Redressal

Under the India DPDP Act, you have the right to access, correct, and erase your data. You can withdraw your consent at any time through our Privacy Hub (accessible via the footer), or submit a self-serve erasure request directly at /privacy/request-erasure.

Data erasure requests are reasonably authenticated using a combination of phone number, email address, and CAPTCHA verification. Because we do not operate an active SMS OTP gateway, we cannot guarantee cryptographic identity verification. If you believe your data has been deleted without your authorization, please contact our Grievance Officer immediately.

Grievance Redressal

5. Children’s Privacy

Parental guidance is strongly recommended for students under 18. StepVista offers a guardian consent workflow that collects a parent or guardian’s contact details in place of the minor’s own information.

Important limitation: Age verification on StepVista is self-declared. We do not have the technical means to independently verify a user’s age. Our primary protection for minors consists of the guardian consent workflow and the suppression of all behavioral advertising telemetry for users who self-identify as under 18. We do not claim this is technically infallible.


Last Updated: June 23, 2026

🛰️

Master the 2026 Cycle

Get the Subsystem Advantage. Access relevant cutoff alerts, rank analysis, and direct admission intelligence. No spam, 100% private.