Last updated: March 2026
We collect the following information when you register: full name, university email address, enrollment number, and a hashed password. Transaction data (amounts, timestamps, types) is recorded for audit and settlement purposes.
Your information is used to: (a) authenticate your account; (b) process credit transactions; (c) detect fraudulent activity (double-dip detection); (d) generate analytics for university administrators; (e) send password/PIN recovery emails when requested.
Passwords and PINs are hashed using bcrypt before storage. All wallet modifications use optimistic locking to prevent data races. SMTP credentials are stored encrypted. Session tokens are HTTP-only cookies to prevent XSS theft.
We do not sell or share your personal data with third parties. Transaction data may be shared with Bennett University administrators for audit and compliance purposes. Vendors see only the transaction amount and your first name during payment.
Account data is retained for the duration of your enrollment. Transaction records are retained for 3 years for audit compliance. You may request account deletion by contacting the admin team.
We use a single HTTP-only session cookie for authentication. No third-party tracking cookies are used. The cookie contains only a signed JWT token and expires based on your "Remember Me" preference.
You have the right to: (a) access your personal data; (b) request correction of inaccurate data; (c) request deletion of your account; (d) export your transaction history as CSV from the student dashboard.
We may update this Privacy Policy periodically. Changes will be communicated through the platform. Continued use constitutes acceptance.
For privacy-related inquiries, contact privacy@campuscredits.in.