Your Data, Your Rights

Privacy Policy

How Turnip Innovations collects, uses, and protects your personal information.

Privacy Policy

Last Updated: 23 March 2026

1. Introduction & Commitment

Turnip Innovations Private Limited ("Turnip," "we," "us," or "our") is committed to protecting the privacy and personal data of every individual who interacts with our platforms. We consider our users' data to be sacred — and this belief is not merely a policy statement but a core organisational value that is instilled in every employee of Turnip from the ground level. Strong data ethics, transparent governance, and a genuine respect for user privacy are foundational to the trust our scholars, partners, and community place in us.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access or use our websites and platforms, including turnip.co.in, turnipinno.com, turnipcourses.com, ai.turnipcourses.com, and IPGRAM® (a registered trademark of Turnip Innovations Private Limited), collectively referred to as the "Platforms."

By accessing or using any of our Platforms, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of our Platforms immediately.

2. Data Fiduciary Information

Under the Digital Personal Data Protection Act, 2023, the Data Fiduciary responsible for your personal data is:

Turnip Innovations Private Limited
CIN: U74999WB2018PTC227193
Blob Ground Floor, Yamuna Building,
86 Golaghata Road, Dakshindari,
Kolkata 700048, West Bengal, India
Email: [email protected]

3. Legal Basis & Compliance

We process personal data in accordance with applicable data protection laws, including:

  • Digital Personal Data Protection Act (DPDP Act), 2023 (India): As our primary governing framework, we comply fully with the DPDP Act, including its provisions on consent, purpose limitation, data minimisation, data principal rights, and obligations of data fiduciaries.
  • General Data Protection Regulation (GDPR) (EU): Where we process personal data of individuals located in the European Union or European Economic Area, we adhere to GDPR requirements regarding lawful bases for processing, data subject rights, and cross-border data transfers.
  • California Consumer Privacy Act (CCPA) (USA): For users who are California residents, we respect your rights under the CCPA, including the right to know, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

As a Data Fiduciary under the DPDP Act, our legal bases for collecting and processing your personal data include:

  • Consent: You have provided clear, informed consent for one or more specific purposes.
  • Contractual necessity: Processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
  • Legitimate interest: Processing is necessary for our legitimate interests, such as improving our services, ensuring platform security, and preventing fraud, provided these interests do not override your fundamental rights.
  • Legal obligation: Processing is necessary to comply with applicable laws or regulations.

4. Data We Collect

We collect the following categories of data to provide and improve our services:

a) Personal Data (provided by you):

  • First name and last name
  • Email address
  • Phone number (when optionally submitted via official Turnip feedback forms, course enrolment, or when required by payment gateways as per mandatory Indian law)
  • Address, city, state, province, ZIP/postal code, and country (collected only for specific purposes such as invoicing, shipping of physical materials if applicable, or when required by payment gateways — not collected by default during standard course registration)
  • Account credentials (passwords are stored in encrypted form only)
  • Payment and billing information (processed securely via third-party payment gateways; we do not store complete payment card details)

b) Usage Data (generated through your interaction with our Platforms):

  • Content you create, save, or interact with on the Platforms (e.g., lists, saved queries, course progress)
  • Course enrolment and completion records
  • Feedback and survey responses

c) Technical Data (collected anonymously via third-party analytics):

Turnip does not actively collect or store technical data about your device or browsing behaviour. However, we use Google Analytics, which may automatically collect and aggregate the following data in an anonymous and non-personally-identifiable manner for the sole purpose of generating aggregated usage statistics:

  • IP address and approximate geolocation (anonymised by Google Analytics)
  • Browser type and version
  • Device type, operating system, and screen resolution
  • Pages visited and navigation paths
  • Time spent on pages and session duration
  • Referral source and exit pages

This data is not linked to any individual user, is not stored in Turnip's own databases, and is used only in aggregated form to understand overall platform usage patterns and improve our services. For more details, see Section 7 (Cookies & Analytics) below.

5. How We Obtain Your Consent

In accordance with the DPDP Act, 2023, we obtain your clear, informed consent before collecting and processing your personal data. Upon submitting any form related to Turnip Innovations — whether for course registration, newsletter subscription, event sign-up, or any other purpose — you are presented with and guided to review our Terms and Conditions and this Privacy Policy as they relate to your data usage. Your submission of the form constitutes your informed consent to the collection and processing of your data as described herein.

You have the ability to unsubscribe from our updates and communications at any time, with just one click, using the unsubscribe link provided at the bottom of every email we send. Withdrawal of consent for non-essential communications will not affect your access to the Services or any course you are enrolled in.

6. How We Use Your Data

Turnip Innovations uses the collected data for the following purposes:

  • To provide, operate, and maintain our Platforms and services
  • To create and manage your user account
  • To process transactions and deliver courses or products you have purchased
  • To communicate with you about service updates, changes, or administrative matters
  • To provide customer support and respond to your enquiries
  • To personalise your experience and deliver relevant content
  • To analyse usage patterns and gather insights that help us improve our Platforms
  • To detect, prevent, and address security threats, fraud, and technical issues
  • To comply with legal obligations, including tax and financial reporting requirements
  • To send periodic newsletters or promotional communications (only with your consent; you may opt out at any time)

7. Cookies & Analytics

We use cookies and similar tracking technologies to enhance your experience on our Platforms. Cookies are small data files stored on your device that help us understand how you use our services.

Types of cookies we use:

  • Essential cookies: Required for the Platforms to function properly (e.g., session management, authentication).
  • Analytics cookies: Help us understand how users interact with our Platforms so we can improve them.
  • Preference cookies: Remember your settings and preferences for a better experience.

We use Google Analytics with anonymisation enabled to collect aggregated, non-personally-identifiable usage data, including:

  • Approximate geolocation of users
  • Pages visited and navigation paths
  • Time spent on each page
  • Whether a user is new or returning

Anonymous usage analytics is necessary to identify and prevent any activity that poses a security risk to our Platforms. Access to and use of data by Google Analytics is governed by Google's Privacy Policy. You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

You can manage or disable cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our Platforms.

8. Data Sharing — Our Philosophy

At Turnip, we treat our users' data as sacred. This is not just a policy — it is a core organisational value that is instilled in every employee of Turnip Innovations from day one. We believe that the trust our scholars and partners place in us carries a deep responsibility, and we take that responsibility seriously at every level of our operations.

We do not sell, rent, trade, or otherwise share your personal data with any third party for marketing, advertising, or profiling purposes. We do not upload CSV files, contact lists, or user data to any advertising or social media platform — including Google Ads, Facebook, Instagram, or any similar service — for the purpose of running targeted advertisements or lookalike audience campaigns.

Your data is shared with third parties only in the following strictly limited circumstances, and solely to the extent necessary to deliver our services to you:

a) Service providers (essential for service delivery):

Certain third-party service providers require minimal data to perform their function on our behalf. This includes:

  • Email delivery services (e.g., SendGrid): Your name and email address are shared so that course modules, OTPs, certificates, and transactional communications can be delivered to you.
  • Payment gateways (e.g., Razorpay): Your name, email, phone number, and billing details are shared with the payment processor to complete your transaction securely. Turnip does not store your complete payment card details.
  • Cloud hosting providers (e.g., Google Cloud Platform): Your data resides on secure cloud infrastructure for platform operations.

These providers are contractually bound to use your data only for the specific purpose we engage them for and to maintain appropriate security measures. They are not permitted to use your data for their own marketing or any other purpose.

b) Joint programmes and institutional partners:

For courses conducted jointly with partner institutions or recognised bodies — such as AICTE-recognised courses, or courses co-hosted with academic institutions, corporations, or government bodies — limited enrolment data (typically your name, email, and institution) may be shared with the respective joint partner. In every such case, this is explicitly disclosed below the registration form before you enrol. We ensure that you are always informed, at the point of registration, about exactly which partner organisation may receive your data and for what purpose.

c) Legal obligations:

We may disclose your personal data if required to do so by law, regulation, legal process, or enforceable governmental request under Indian law.

d) Protection of rights:

When necessary to protect the rights, property, or safety of Turnip Innovations, our users, or the public.

e) Business transfers:

In connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy and equivalent protections.

To be clear: Outside of these specific circumstances, your data stays with us. We do not engage in bulk data sharing, data brokerage, or any form of data monetisation. Our business model is built on education — not on selling your information.

9. Data Storage & Security

Your privacy and the security of your data are our highest priorities at every stage of development and operations. Security is not an afterthought at Turnip — it is built into our systems, our architecture, and our organisational culture from the ground up.

Technical safeguards:

  • SSL/TLS encryption: All data transmitted between your browser and our servers is protected using industry-standard SSL/TLS encryption, ensuring secure transfer at all times.
  • Password hashing: All passwords and sensitive credentials are stored using strong cryptographic hashing algorithms. Sensitive data never appears in plain text in our systems — it is unreadable to any human, including our own administrators.
  • Encryption at rest: Data stored in our IPGRAM® databases is protected with encryption at rest and strict access controls.
  • Secured networks: Your personal information is contained behind secured networks and is accessible only to a limited number of authorised personnel who have special access rights.
  • Regular security reviews: We conduct periodic security assessments, vulnerability scans, and update our practices to address evolving threats.

Architectural safeguards:

  • Principle of least privilege: Our cloud architecture is designed so that each service and each team member has access only to the data that is strictly relevant to their role or function. No single individual or service has unrestricted access to the full scope of user data.
  • Service isolation: Our cloud infrastructure ensures that individual applications and microservices operate in isolated environments, with data access restricted on a need-to-know basis.
  • Audit trails: Access to sensitive data is logged and monitored to ensure accountability and to detect any unauthorised access attempts.

Organisational safeguards:

  • Employee confidentiality agreements: All employees and contractors of Turnip Innovations are required to sign confidentiality and non-disclosure agreements before they are granted access to any user data or internal systems. Handling user data with the utmost care is a condition of employment.
  • Data handling training: Team members receive training on data protection best practices, our internal data governance policies, and their obligations under applicable data protection laws.
  • Access control policies: Internal policies govern who may access user data, under what circumstances, and for what purposes. Access is reviewed regularly and revoked promptly when no longer required.

We do not store users' activities in our databases except for content that users explicitly create and choose to save while using the Platforms (e.g., lists, saved queries, course progress). Phone numbers are stored only when optionally submitted via official Turnip feedback forms or when required by payment gateways under mandatory Indian law.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to maintaining the highest practicable standards.

Data residency and cross-border transfers:

Turnip endeavours to store your personal data on servers located in India to the maximum extent possible. However, due to the nature of cloud computing platforms and the technical requirements of certain third-party service providers (such as email delivery and cloud hosting), your data may in some instances be processed or stored in servers located outside India, including in jurisdictions such as the United States, the European Union, or other regions where our service providers maintain infrastructure. In all such cases, we ensure that appropriate safeguards are in place and that data is only transferred to jurisdictions that have not been restricted by the Government of India under the DPDP Act, 2023.

Data breach notification:

In the event of a personal data breach that is likely to cause harm to Data Principals, Turnip will promptly notify the Data Protection Board of India and affected Data Principals as required under the DPDP Act, 2023. We will provide details of the nature of the breach, the data affected, and the remedial measures taken or proposed.

10. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account data: Retained for as long as your account remains active. Upon account deletion, your personal data will be erased or anonymised within 90 days, except where retention is required for legal, tax, or audit purposes.
  • Transaction data: Retained for a minimum period as mandated by applicable tax and financial regulations in India.
  • Analytics data: Anonymised analytics data may be retained indefinitely as it cannot be used to identify you.
  • Communication records: Support and correspondence records are retained for up to 3 years after the last interaction to ensure continuity of service.

11. Your Rights Under the DPDP Act, 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to Access: You have the right to obtain confirmation of whether we are processing your personal data and to request a summary of your data and the processing activities related to it.
  • Right to Correction: You have the right to request correction of inaccurate or misleading personal data, and to have incomplete data completed.
  • Right to Erasure: You have the right to request erasure of your personal data when it is no longer necessary for the purpose for which it was collected, subject to any legal obligations requiring continued retention.
  • Right to Grievance Redressal: You have the right to register a grievance with us regarding any issues relating to the processing of your personal data. We are committed to addressing all grievances in a timely manner.
  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to the withdrawal.
  • Right to Nominate: You have the right to nominate another individual to exercise your rights in the event of your death or incapacity, as provided under the DPDP Act.

For users in the EU/EEA, additional rights under the GDPR include the right to data portability, the right to object to processing, and the right to restriction of processing. For California residents, the CCPA provides the right to know what personal information is collected, the right to delete, and the right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

12. Children's Privacy

Our Platforms are not intended for individuals under the age of 15. We do not knowingly collect personal data from children below 15 years of age. If we become aware that a child under 15 has provided us with personal data without verifiable parental or guardian consent, we will take steps to delete such data from our servers promptly.

If you are a parent or guardian and believe your child has provided personal data to us, please contact us at [email protected] so that we can take appropriate action.

13. Individual Turnip Applications & Third-Party Links

Individual applications and products operated by Turnip — such as IPGRAM® Learn, Turnip AI Platform, Equity Split Calculator, TAM Calculator, GTM Builder, IP IQ, and other tools — may have their own specific privacy policies and terms and conditions tailored to the nature of that particular service. Users are advised to refer to the privacy policy and terms of each individual application they use, in addition to this overarching Policy.

Our Platforms may also contain links to third-party websites, services, or applications that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

The inclusion of any link on our Platforms does not imply endorsement of the linked site by Turnip Innovations.

14. Data Protection Officer

In accordance with the DPDP Act, 2023, we have designated a Data Protection Officer to oversee our data protection strategy and compliance:

Rahul Kapoor
Data Protection Officer
Turnip Innovations Private Limited
Email: [email protected]

You may contact the Data Protection Officer for any queries, concerns, or requests regarding the processing of your personal data or the exercise of your rights under applicable data protection laws.

15. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will notify users by posting the updated Policy on our Platforms with a revised "Last Updated" date. For significant changes, we may also notify you via email or through a prominent notice on our Platforms.

IPGRAM® privacy policy updates are governed separately and communicated directly to active registered users in our database.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. Your continued use of the Platforms after any changes constitutes your acceptance of the revised Policy.

16. Grievance Resolution & Contact

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise any of your data protection rights, please contact us:

Turnip Innovations Private Limited
Blob Ground Floor, Yamuna Building,
86 Golaghata Road, Dakshindari,
Kolkata 700048, West Bengal, India
Phone: +91 98310 25923
Email: [email protected]

We are committed to resolving all grievances in a fair and timely manner. Upon receiving your complaint, we will acknowledge receipt within 48 hours and endeavour to resolve the matter within 30 days. If you are not satisfied with our response, you may escalate your grievance to the Data Protection Board of India as established under the DPDP Act, 2023.

17. Governing Law

This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000 (as amended). Any legal proceedings shall be subject to the exclusive jurisdiction of the courts in Kolkata, West Bengal, India.