Last updated: 4 June 2026
This Privacy Policy explains what information PrepStack ("we", "us", "our") collects when you visit prepstack.co.in (the "Site"), why we collect it, how we use it, who we share it with, and your rights under the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act, 2023 (DPDP Act).
PrepStack is operated as a personal project by Randhir Jassal, based in India. The Site is an educational technology blog. You do not need to create an account or share any personal information to read our articles.
We collect the minimum data needed to operate, secure, and improve the Site.
When you visit the Site, the following is collected automatically:
| Purpose | Lawful basis (GDPR / DPDP) |
|---|---|
| Display articles + measure traffic | Legitimate interest in running a free educational site |
| Deliver newsletter to subscribers | Your consent at signup |
| Prevent abuse and protect the Site | Legitimate interest in security |
| Comply with legal obligations | Legal obligation |
You can withdraw newsletter consent at any time by clicking "unsubscribe" in any email we send you, with no effect on your access to the Site.
We use the following third-party processors. Each handles a specific function and is bound by its own privacy policy.
| Service | Purpose | Location |
|---|---|---|
| Vercel Inc. | Web hosting + analytics | USA (data may transit globally) |
| Supabase Inc. | Database (article content, newsletter emails) | Mumbai, India |
| Cloudinary | Image delivery | Global CDN |
| Upstash | Rate-limit cache (anonymised) | Global |
| Kit (ConvertKit) | Newsletter delivery (if you subscribe) | USA |
We do not share your information with any other parties except where required by law (e.g. a valid legal order from an Indian court).
We use only the cookies and storage strictly needed to operate the Site:
/admin).We do not set advertising or social-media tracking cookies. We do not require a cookie banner because we do not use non-essential cookies that fall under the EU ePrivacy Directive's consent rule. If we ever change this, we will display a banner with explicit consent options before the change takes effect.
You can block or delete cookies via your browser settings. Doing so will not affect your ability to read articles, but it may reduce the accuracy of our anonymous analytics.
We do not maintain a database of reader identities.
Under GDPR (if you are in the EU/EEA/UK) and the DPDP Act (if you are in India), you have the right to:
To exercise any of these rights, email randhir.jassal@gmail.com with the subject line "Data request". We respond within 30 days.
Some of our processors (Vercel, Cloudinary, Kit) are based outside India and the EU/EEA. Where required, we rely on Standard Contractual Clauses and equivalent safeguards under Indian law to ensure your data receives equivalent protection.
The Site is intended for developers aged 16 or older. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us information, please email us and we will delete it.
We use HTTPS site-wide, hash all stored credentials with bcrypt, rate-limit public endpoints, and follow the OWASP Top 10 baseline. No security control is perfect; if you believe you have found a vulnerability, please email randhir.jassal@gmail.com with the subject "Security report".
We may update this policy as the Site evolves or as the law requires. Material changes will be flagged at the top of this page and (where appropriate) emailed to newsletter subscribers. The "Last updated" date at the top of this page tells you when the current version came into effect.
For any privacy-related question or request:
We aim to respond within 5 business days for general queries and within 30 days for formal data-rights requests.