🔒 Legal

Privacy Policy

Last updated: June 2026

Table of Contents

01Introduction 02Data Controller 03What Data We Collect 04How We Use Your Data 05Data Sharing & Disclosure 06Data Retention 07Your Rights 08International Data Transfers 09Security Measures 10Children's Privacy 11Data Breach Notification 12Changes to Policy 13Grievance Redressal 14Contact

Introduction

Waycode is a project-based learning platform for developers. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our platform at waycode.in.

By registering or using Waycode, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Platform.

If you are under 14 years of age, you are not permitted to create an account or use Waycode. We do not knowingly collect data from children under 14.

Data Controller

Waycode is the data controller for your personal data. For inquiries related to data protection, contact:

Grievance Officer:
Email: legal@waycode.in

We will acknowledge your complaint within 24 hours and resolve it within 30 days as per the Information Technology Act, 2000.

What Data We Collect

Data You Provide

Account Information: Email address, username, password (bcrypt-hashed)
Profile Information: Full name, bio, location, website URL, social links, profile/cover images, learning preferences, timezone
Content: Threads, publications, vault resources (files + preview images + metadata), study room messages, discussion posts, direct messages, team deliverables, peer reviews, comments

Data Collected Automatically

Technical Data: IP address, User-Agent string (stored in audit logs, 90-day retention)
Usage Data: Feature interactions (views, likes, saves, shares, dwell time) stored in feed preference models
Rate Limit Data: Ephemeral, stored in Redis, purged after the rate limit window expires (1 minute to 1 hour depending on endpoint)

Payment Data

Waycode does not store payment card details. All payment processing is handled by Dodo Payments, our third-party processor. We store only:

Dodo Payments customer ID
Dodo Payments subscription ID
Subscription plan, status, expiry, billing cycle, and price paid

Data Not Collected

We do not use HTTP cookies
We do not collect precise geolocation data
We do not collect biometric or genetic data
We do not use third-party tracking or advertising cookies

How We Use Your Data

Purpose	Legal Basis	Data Used
Account creation, authentication	Contract performance	Email, username, password
Content hosting and display	Contract performance	All content data
Moderation and platform safety	Legal obligation	All data as needed
Payment processing	Contract performance	Payment IDs, plan info
Platform analytics	Legitimate interest	Usage data, feature interactions
Community features	Legitimate interest	Username, content interactions
Communication	Consent (opt-in)	Email address
Legal compliance	Legal obligation	As required by law

Data Sharing & Disclosure

Third-Party Service Providers

Dodo Payments — Payment processing (customer ID, subscription ID, plan info)
ElasticLake (MinIO, S3-compatible) — File storage (uploaded files, preview images)
MongoDB Atlas — Database (all stored data)
Redis — Rate limiting, verification codes, ephemeral sessions

We require all third-party providers to maintain appropriate security measures.

Legal Disclosures

We may disclose your data if required by law, legal process, or government request, or to protect our rights, property, or safety, or that of our users.

We do not sell, rent, or trade your personal data to third parties for marketing or any other purpose.

Data Retention

Data Type	Retention Period
Active account data	Duration of account + 90 days after deletion
Deleted account personal data	Erased or anonymized within 30 days
Content by deleted users	Anonymized (author removed), content retained
Audit logs	90 days (TTL index on MongoDB)
Subscription records (financial)	7 years (Indian IT Act)
Verification codes	24h (email), 15min (password reset), 30d (account recovery)
Rate limit data	Ephemeral (1 minute — 1 hour per endpoint)

Your Rights

Under the Digital Personal Data Protection Act, 2023 (India) and applicable law, you have the following rights:

Right	How to Exercise
Right to Access	Request a copy of your data via legal@waycode.in
Right to Correction	Edit your profile in Settings, or email us for corrections
Right to Deletion	Request account deletion via Settings → Delete Account
Right to Data Portability	Request a machine-readable export via Settings → Security → Export My Data
Right to Withdraw Consent	Email legal@waycode.in (manual process, handled within 30 days)
Right to Grievance Redressal	Contact our Grievance Officer at legal@waycode.in
Right to be Informed of Breach	We will notify you within 72 hours of a confirmed breach

We will respond to your request within 30 days.

International Data Transfers

Waycode is based in India. Your data may be stored and processed on servers located in India and other jurisdictions where our infrastructure providers operate. We ensure appropriate safeguards for cross-border data transfers.

Security Measures

We implement the following security measures to protect your data:

Password Security: bcrypt hashing with 12 rounds
Authentication: JWT-based access tokens (4-hour expiry) + refresh tokens (7-day expiry)
Token Revocation: Token versioning for instant session invalidation
Rate Limiting: IP-based rate limiting to prevent abuse
File Upload Validation: File extension checking, size limits (256MB vault files / 10MB preview images)
Email Verification: 6-digit code verification for new accounts
Access Control: Role-based access control (user, moderator, admin roles)

While we implement these measures, no method of electronic storage or transmission is 100% secure.

Children's Privacy

Waycode imposes a minimum age of 14 years. We do not knowingly collect data from children under 14. If we become aware that a user is under 14, we will delete their account and data promptly. If you believe a child under 14 has registered, contact us at legal@waycode.in.

Data Breach Notification

In the event of a data breach that affects your personal data, we will:

Notify affected users within 72 hours of confirmation
Notify the relevant data protection authority as required
Provide details of the breach (nature, scope, impact)
Outline measures taken to mitigate and prevent recurrence

Changes to Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email and/or a prominent notice on the Platform. Your continued use after changes constitutes acceptance.

Grievance Redressal

If you have any complaints or concerns about your data privacy:

Grievance Officer:
Email: legal@waycode.in

Response Time: 24 hours acknowledgment, resolution within 30 days.

If your grievance is not resolved to your satisfaction, you may escalate to the relevant data protection authority in India.

Contact

For privacy-related inquiries:

Email: legal@waycode.in

Platform: https://waycode.in

Also read our Terms of Service → and Community Guidelines →