Skip to main content
Opus Labs

Privacy Policy

Last updated on March 11 2026

This privacy policy explains how Opus Labs ("we", "us", "our"), operating at opuslabs.in, collects, uses, stores and protects your information when you use our website and services, including the UPSC Analytics platform at upscanalytics.opuslabs.in.

We are committed to protecting your privacy in compliance with the Digital Personal Data Protection Act 2023 (India) and the Information Technology Act 2000. We also follow GDPR-level standards for data protection as a matter of best practice.

We may update this policy from time to time. We encourage you to review this page periodically.

1. Information We Collect

Account Information (via Google OAuth):

  • Name and email address from your Google account
  • Google profile identifier (for authentication only)

UPSC Analytics Data (provided voluntarily by you):

  • UPSC CSE roll number
  • e-Summon letter PDF (used for identity verification via QR code)
  • Interview board selection
  • Age bracket (at the time of interview)
  • Employment status (as described in your interview)
  • Marksheet image or PDF

Automatically Collected:

  • Standard web server logs (IP address, browser type, request timestamps) — retained for up to 30 days for security and debugging purposes

We do not use any third-party analytics or tracking tools.

2. How We Use Your Information

  • Identity verification: We extract QR code data from your e-Summon letter to verify your name and roll number.
  • Community analytics: Aggregated and anonymised marksheet data is used to generate public statistics, graphs, and insights for the UPSC aspirant community.
  • Marks verification: Your uploaded marksheet is cross-referenced against UPSC published results to verify accuracy.
  • Service improvement: Server logs help us debug issues and improve the platform.
  • We do not use your data for advertising, marketing emails, or profiling.

Third-party submissions: If you submit a marksheet on behalf of another candidate, you confirm that you have their consent to share their data with us.

3. Data Storage and Security

  • All data we store is hosted on Amazon Web Services (AWS) infrastructure in the Asia Pacific (Mumbai, ap-south-1) region. Note: third-party services such as Google OAuth and reCAPTCHA may process certain data on their own servers outside India, subject to their respective privacy policies.
  • Files (marksheets, e-Summon PDFs) are stored in AWS S3 with server-side encryption.
  • Database records are stored in AWS RDS (PostgreSQL) with encryption at rest.
  • All data transmission uses HTTPS/TLS encryption.
  • Authentication tokens are stored in httpOnly, secure cookies to prevent XSS attacks.
  • We implement rate limiting and input validation to prevent abuse.

4. Third-Party Services

We use the following third-party services:

Service Purpose Data Shared
Google OAuth Authentication Name, email (see Google's Privacy Policy)
Amazon Web Services (S3, RDS) Data storage All uploaded files and records
Google reCAPTCHA Bot protection IP address, browser data (see Google's Privacy Policy)
CloudFront CDN Content delivery Static assets only

We do not sell, rent, or share your personal data with any third parties for marketing purposes.

5. Data Retention and Deletion

  • e-Summon PDFs: You can delete your e-Summon data at any time during or after the marksheet submission process. When deleted, both the database record and the S3 file are permanently removed.
  • Marksheet data: Retained for community analytics purposes until you request deletion.
  • Account data: Retained as long as your account is active. You may request account deletion at any time.
  • Server logs: Automatically purged after 30 days.

To request deletion of any of your data, email us at contactbox@opuslabs.in.

6. Your Data Rights

Under the DPDP Act 2023 (India), you can exercise your rights as per the law and contact us at contactbox@opuslabs.in. We will respond within 30 days.

7. Cookies

We use minimal cookies, strictly for functionality:

  • upsc_auth: An httpOnly, secure cookie containing your authentication token. Essential for maintaining your login session. No tracking or analytics cookies are used.

You can clear cookies through your browser settings. Disabling cookies will log you out of the UPSC Analytics platform.

8. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users via email and/or a notice on our platform without undue delay, in accordance with applicable law.

9. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

10. Governing Law

This privacy policy is governed by the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in New Delhi, India.

11. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. The "last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have any questions about this privacy policy or wish to exercise your data rights, please contact us:

Email: contactbox@opuslabs.in