(Effective 24 October 2025 – Last updated 24 Oct 2025)
1. Introduction
Welcome to aicdad.com (the “Site”). This is a personal blog and content platform where visitors can read articles and, if they choose, create an account to post comments. I, Gibu, am the sole operator of the Site and take privacy very seriously. This policy explains how I collect, use, store, and protect any personal data in compliance with Indian law—specifically the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the “IT‑Rules”) under the Information Technology Act, 2000—as well as any overlapping international standards.
By using the Site you accept the terms below. If you do not agree, please stop using the Site immediately.
2. Scope
This policy covers all personal data processed through:
- The public blog pages.
- User registration and login for commenting.
- Comment submission forms, contact forms, and any newsletter sign‑up you voluntarily use.
- Third‑party services embedded on the Site (e.g., analytics, CAPTCHA, optional social‑login plugins).
It does not apply to external links you may follow from the Site; those sites have their own privacy statements.
3. Definition of Personal Data (Indian Context)
Under the IT‑Rules, Sensitive Personal Data or Information (SPDI) includes, but is not limited to:
| Category | Typical Examples |
|---|---|
| Identity | Full name, date of birth, gender, photo |
| Contact | Email address, phone number, mailing address |
| Online identifiers | IP address, device fingerprint, cookies |
| Financial | Payment details (if ever added) |
| Health / Biometric | Medical info, fingerprints, facial data |
| Children’s data | Any data from persons under 18 years old |
All such data is treated with the highest level of protection.
4. Data I Collect
| Purpose | Data Collected | Legal Basis |
|---|---|---|
| Account creation / login | Username (or full name), email address, password hash, optional avatar | Consent – you voluntarily register |
| Comment posting | Comment text, timestamp, associated user ID, IP address (for anti‑spam) | Legitimate interest (prevent spam) + consent (you posted) |
| Contact / feedback form | Name, email, message body | Consent – you submitted the form |
| Newsletter (if you opt‑in) | Email address, name, subscription preferences | Consent (opt‑in) |
| Analytics (optional) | Anonymised IP, device type, browser, pages viewed, timestamps | Legitimate interest (site improvement) – IP is truncated/hashed |
| Cookies & session data | Session identifier, authentication token, preference cookies | Consent via cookie banner |
No data is collected beyond what is necessary for each purpose.
5. How I Use Your Data
- Provide the Service – Authenticate you, allow you to post comments, and deliver any newsletters you subscribed to.
- Security & Anti‑Spam – Detect and block malicious bots, brute‑force attacks, and comment abuse.
- Legal Obligations – Keep records for tax, audit, or lawful requests from authorities.
- Site Improvement – Aggregate, anonymised analytics to understand traffic patterns and improve UX.
- Communications – Send transactional emails (password reset, comment reply notifications) and, only with explicit opt‑in, occasional updates about the blog.
I never sell, rent, or otherwise disclose your personal data to third parties for marketing purposes.
6. Data Sharing & Disclosure
| Recipient | Why Shared | Safeguards |
|---|---|---|
| Email service provider (e.g., SendGrid, Mailgun) | Deliver newsletters or transactional messages | TLS encryption, API keys kept secret |
| CAPTCHA / anti‑spam services (e.g., Google reCAPTCHA) | Verify human interaction on comment forms | Data sent is limited to IP & challenge token; complies with GDPR/IT‑Rules |
| Web analytics (self‑hosted Matomo or Google Analytics with IP‑anonymisation) | Track site usage | IP addresses truncated, data stored in EU/India with SCCs if needed |
| Law enforcement / courts | Legal compulsion (court order, subpoena) | Disclosure only after verifying legitimacy |
| Backup / hosting provider (e.g., DigitalOcean, AWS) | Store site files and database backups | Data encrypted at rest, access restricted by contract |
All third‑party relationships include Data‑Processing Agreements that require compliance with Indian privacy standards and reasonable security practices.
7. Cookies & Tracking
- Essential cookies – Session management, login state, CSRF protection.
- Preference cookies – Remember language/theme choices.
- Analytics cookies – Only activated after you accept the cookie banner; IP addresses are anonymised.
You can withdraw or modify consent anytime via the Cookie Settings link in the footer.
8. Data Retention
| Data Type | Retention Period |
|---|---|
| User account (email, hashed password) | Until you delete the account |
| Comments | Indefinitely (publicly displayed) – you may request removal |
| Newsletter subscription | Until you unsubscribe |
| IP logs for anti‑spam | 30 days (or longer if needed for investigations) |
| Backup archives | 90 days, then rotated out |
| Children’s consent records (if any) | Minimum 5 years after the child turns 18 (per IT‑Rules) |
When the period ends, data is securely deleted or cryptographically erased.
9. Security Measures
- HTTPS (TLS 1.3) enforced site‑wide.
- Password hashing with Argon2id and unique salts.
- Database encryption (AES‑256) for stored SPDI.
- Two‑factor authentication (2FA) optional for admin access.
- Regular WordPress core, theme, and plugin updates plus vulnerability scans.
- Least‑privilege file permissions on the server.
- Daily automated backups stored encrypted off‑site.
I conduct periodic security reviews and keep logs for forensic analysis.
10. Your Rights
Under Indian law (and where applicable, GDPR), you have the right to:
- Access – Obtain a copy of the personal data I hold about you.
- Rectify – Correct inaccurate or incomplete data.
- Erase – Delete your account and associated data (subject to legal retention).
- Restrict Processing – Limit certain uses (e.g., stop receiving newsletters).
- Data Portability – Receive your data in a machine‑readable format.
- Object – Object to processing based on legitimate interests or direct marketing.
To exercise any right, email privacy@aicdad.com. I will respond within 30 days and may request proof of identity to protect your data.
11. Children’s Online Protection
- I do not knowingly collect personal data from children under 13 without verifiable parental consent.
- For users aged 13–17, I obtain explicit parental consent before storing any SPDI, as required by the IT‑Rules.
- All comments are filtered through automated spam/abuse detection and manually reviewed when flagged.
- Any report of harmful content involving minors is forwarded to the National Commission for Protection of Child Rights (NCPCR) and relevant authorities.
12. International Data Transfers
If any data leaves India (e.g., analytics stored in the EU), I ensure:
- Standard Contractual Clauses (SCCs) or equivalent contractual safeguards are in place.
- The destination jurisdiction offers an adequate level of protection, or I rely on binding corporate rules.
All transfers remain compliant with both Indian law and applicable international regulations.
13. Changes to This Policy
I may update this privacy policy to reflect legal changes, new features, or operational adjustments. Significant changes will be announced via a banner on the Site and, where feasible, emailed to registered users. The “Last Updated” date at the top reflects the most recent revision.
14. Contact
Privacy Officer:
Gibu (Information Security & System Administrator)
Email: privacy@aicdad.com
Address: [aicdad, Kochi, India]
For any questions, complaints, or data‑subject requests, please contact me using the details above. I will address your inquiry promptly and in good faith.