EFFECTIVE DATE: June 25, 2026
This Global Master Privacy Policy and Data Handling Agreement (the "Policy", "Privacy Agreement", or "Data Framework") establishes the absolute, uncompromising, and binding legal framework governing the systemic collection, cryptographic processing, infrastructural retention, cross-border transfer, and digital protection of personal and operational data within the National Cadet Corps Cadet Management System (hereinafter referred to as "the System", "we", "our", or "us"). This Policy universally applies to all natural persons, legal entities, automated systems, and individuals ("Users", "Data Subjects", or "you") who access, interact with, authenticate into, or are registered within the System. By accessing any endpoint of the System, you grant explicit, informed, voluntary, and irrevocable legal consent to the rigorous data processing methodologies exhaustively described herein.
In order to strictly facilitate the complex operational, administrative, and logistical requirements of the National Cadet Corps, the System strictly and systematically collects, parses, stores, and processes the following exhaustive categories of data parameters:
The processing, aggregation, and synthesis of the aforementioned data is legally and fundamentally predicated upon the strict necessity to fulfill our binding contractual, regulatory, and operational obligations in managing the NCC units. Personal data shall be strictly utilized for the exclusive purpose of operating the System. The authorized purposes are rigidly, irrevocably, and exhaustively defined as:
CIPHER WORKS adheres strictly to the doctrine of data minimization. The System is algorithmically designed to request, process, and retain only the exact specific data fields that are absolutely, demonstrably necessary to achieve the operational purposes outlined in Section 3. No supplementary, extraneous, or non-operational personal data is collected or processed at any time.
We operate under a draconian principle of strict corporate confidentiality. Personal data collected by the System will NEVER, under any circumstance, be sold, leased, traded, or auctioned to unauthorized third-party commercial entities, marketing firms, or data brokers. Disclosure of personal data is strictly and permanently limited to the following highly regulated scenarios:
The System employs uncompromising, military-grade security architectures specifically engineered to actively prevent data breaches, unauthorized lateral movement, accidental loss, malicious alteration, or catastrophic destruction of personal data. All data transmitted between the User's device and our server clusters is secured utilizing advanced, mandatory Transport Layer Security (TLS 1.3 or higher) cryptographic protocols. Access to the underlying database is strictly, algorithmically protected by precise Row Level Security (RLS) policies, ensuring that Users may only access data explicitly authorized by their cryptographic rank and unit tokens. Any attempt by a User or external entity to bypass these protocols—including the utilization of automated unauthorized extraction methodologies, automated scanning tools, or continuous polling scripts—will result in immediate termination of access, forensic logging of the attempt, and referral for severe legal prosecution.
Personal data shall be retained only for the exact, calculated duration legally and operationally required to satisfy the purposes for which it was originally collected. Upon a User's formal transition to alumni status, or upon honorable/dishonorable discharge from the unit, operational records may be permanently, cryptographically archived within cold-storage segments of the System for historical tracking, auditing, and institutional memory purposes. Archival data is maintained under the exact same stringent, immutable security protocols as active live data. When data reaches the end of its legally mandated retention lifecycle, it is subjected to cryptographic shredding and permanent, unrecoverable deletion.
By interacting with the System, you acknowledge that your data is stored on secure servers located within the Republic of INDIA. CIPHER WORKS commits to strict data localization principles, ensuring that the primary database clusters and backup architectures do not cross international borders into jurisdictions with lesser data protection standards without explicit, overarching regulatory approval and the implementation of Standard Contractual Clauses (SCCs).
The System strictly utilizes highly secure, HttpOnly, SameSite-restricted session cookies exclusively for the purpose of maintaining cryptographic user authentication and preventing Cross-Site Request Forgery (CSRF). The System absolutely does not employ third-party advertising cookies, cross-site tracking pixels, or invasive behavioral profiling technologies. The cookies deployed are classified as "Strictly Necessary" for the operation of the web application.
Because the System does not engage in behavioral tracking or targeted advertising, it does not alter its behavior in response to web browser "Do Not Track" (DNT) signals. Furthermore, the System does not subject Users to fully automated decision-making algorithms that produce legal or similarly significant effects without human oversight from the unit command structure.
The System is designed exclusively for enrolled cadets of the National Cadet Corps. The System does not knowingly collect, solicit, or process personal data from individuals under the age of 13 without the explicit, verifiable written consent of a parent or legal guardian, submitted through the official unit command structure during the physical enrollment process.
Users maintain highly specific, legally enshrined rights concerning their personal data, including the right to request a digital export of their personal dossier and the right to request correction of demonstrably, objectively inaccurate information. However, due to the official, military-adjacent nature of NCC records, the erasure, deletion, or "right to be forgotten" regarding operational data (such as verified attendance, camp participation, and disciplinary records) is strictly prohibited and legally exempted, unless specifically authorized in writing by the highest level of unit command.
In the highly unlikely event of a verified cryptographic data breach or unauthorized exposure of personal data, CIPHER WORKS is contractually bound to execute its Incident Response Plan. Affected Users and the relevant National Cadet Corps administrative bodies will be notified via official electronic communication channels without undue delay, detailing the nature of the breach, the specific data categories involved, and the immediate mitigative actions deployed by our security engineering teams.
CIPHER WORKS reserves the unilateral, absolute right to amend, modify, expand, or completely rewrite this Policy at any time to reflect dynamic changes in legal requirements, jurisprudential rulings, or underlying operational methodologies. Users will be notified of significant, material changes via official system broadcasts or email communications. Continued utilization of the System following such formal notifications constitutes legally binding, irrevocable acceptance of the amended Policy in its entirety.
All inquiries, grievances, data subject access requests, or legal notices regarding this Policy, our cryptographic data handling practices, or potential privacy violations must be directed exclusively, formally, and in writing through official documented channels to the designated unit Administrator, or directly to the Data Protection Officer (DPO) of CIPHER WORKS.