Legal

Privacy Policy

Last updated: March 2026

ILLUSION SECURITY ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights under India's Digital Personal Data Protection (DPDP) Act 2023 and applicable laws.

1. Data We Collect

Account Data: Name, email address, and hashed password when you register.

Payment Data: Name, email, and phone number for course purchases. Payment processing is handled by PhonePe — we do not store card or UPI details.

Platform Usage: Course progress, quiz scores, skill radar data, chat history with AI tools, and session activity.

CyberPulse: Anonymous session identifiers (no login required), AI chat history, credit usage.

Technical Data: IP addresses (for rate limiting and security), browser type, and referrer URLs via server logs.

2. How We Use Your Data

  • To create and manage your account and course enrollments.
  • To process payments and issue access codes.
  • To deliver personalised learning experiences and track progress.
  • To send transactional emails (access codes, enrollment confirmations).
  • To send our CyberPulse newsletter (only if you subscribed — you can unsubscribe at any time).
  • To detect and prevent fraud, abuse, and security threats.
  • To comply with legal obligations.

3. Data Sharing

We do not sell your personal data. We share data only with:

  • PhonePe — for payment processing.
  • Groq — AI inference provider for CyberPulse explanations and platform AI features. Conversation data is sent to Groq's API. Review Groq's privacy policy at groq.com.
  • Strapi CMS — for serving course and blog content (self-hosted).
  • Legal authorities when required by law or to protect our rights.

4. Data Retention

We retain your account data for as long as your account is active. CyberPulse anonymous session data is retained for 30 days. You may request deletion of your account and associated data at any time through your Profile settings or by emailing us.

5. Your Rights (DPDP Act 2023)

Under India's DPDP Act 2023, you have the right to:

  • Access — Request a summary of the personal data we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your personal data (right to be forgotten). You can do this directly from your Profile page.
  • Grievance Redressal — Contact our Data Protection Officer to raise a complaint.

To exercise these rights, email us at office@illusionsecurity.tech. We will respond within 30 days.

6. Cookies & Sessions

We use HttpOnly, Secure, SameSite cookies to manage authenticated sessions (mc_token) and anonymous CyberPulse sessions (cp_session). These are strictly necessary for the platform to function and are not used for advertising.

7. Security

We implement industry-standard security measures including: bcrypt password hashing, JWT authentication, HTTPS/HSTS, Content Security Policy headers, rate limiting, and CSRF protection. However, no system is 100% secure. Please use a strong, unique password.

8. Children's Privacy

Our services are not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email. Continued use of our services constitutes acceptance of the updated policy.

10. Contact / Data Protection Officer

For privacy-related enquiries or to exercise your rights, contact us at: office@illusionsecurity.tech

Terms of ServiceRefund PolicyHome