InsightsReward Data Protection Policy

Effective Date: 22 April 2023
Last Updated: 24 April 2026

1. Scope and Role

This Data Protection Policy applies to InsightsReward, the proprietary panel operated by MindsForest for market research participation.

MindsForest acts as:

• Data Controller for panel member registration, account management, and reward processing
• Data Processor when providing sample and respondent data to research clients

All personal data is processed strictly for market research purposes, and we do not sell personal data.

2. Data Collection Practices

We collect the following categories of data:

A. Personal & Profile Information

• Name, email address, phone number
• Address (where applicable)
• Gender, date of birth, and demographic attributes

This data is collected during registration or when updating your panel profile and is used to match you with relevant surveys.

B. Survey Participation Data

• Responses to surveys (open-ended and close-ended)
• Feedback on products, services, and behaviors

Survey responses are used in aggregated or pseudonymized formats to generate research insights.

C. Technical Data

• IP address and approximate location
• Browser type, operating system, and device identifiers
• Usage patterns and platform interaction

This data supports fraud detection, quality control, and system optimization.

D. Payment Information

• Bank details, UPI, or digital wallet identifiers (where applicable)

Used strictly for reward distribution and handled via secure systems or trusted payment providers.

E. Location Data

Collected where necessary to:

• Enable region-specific targeting
• Improve relevance of survey invitations

3. Purpose of Data Processing

We process personal data for:

• Survey Matching: Identifying suitable research opportunities
• Survey Participation: Delivering high-quality data to research clients
• Reward Fulfillment: Processing incentives for completed activities
• Quality Control: Fraud detection, validation, and duplication checks
• Operational Improvement: Enhancing platform performance and user experience
• Legal Compliance: Meeting regulatory and contractual obligations

4. Data Sharing and Disclosure

We do not sell personal data.

Your data may be shared in the following cases:

A. Service Providers (Sub-processors)

• Payment processors
• Survey platforms
• Cloud infrastructure providers

All partners are bound by strict data protection agreements.

B. Research Clients

• Data is typically shared in anonymized or pseudonymized format
• Personally identifiable data is shared only where explicitly required and consented

C. Legal Requirements

We may disclose data where required by applicable laws or valid legal processes.

D. Business Transfers

In case of merger, acquisition, or asset transfer, personal data may be transferred with prior notice.

5. Data Security Measures

We implement strong technical and organizational safeguards, including:

• Encryption (SSL/TLS for data in transit)
• Secure data storage environments
• Role-based access controls (RBAC)
• Multi-factor authentication (MFA)
• Firewalls and monitoring systems
• Regular internal security reviews
• Incident response and breach management protocols

6. Data Retention Policy

• Active accounts: Data retained while the account remains active
• Dormant accounts: Archived after 24 months, deleted thereafter
• Legal retention: Extended where required by law

Data is securely deleted or anonymized after retention periods.

7. Your Rights

You have the right to:

• Access your personal data
• Correct inaccuracies
• Request deletion
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time

To exercise your rights, contact: privacy@mindsforest.com

8. Compliance with Data Protection Laws

MindsForest aligns with global data protection frameworks, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA/CPRA)
• India Digital Personal Data Protection Act (DPDP)

We also maintain:

• Data Processing Agreements (DPAs) with vendors
• Internal compliance and governance practices

9. Children’s Privacy

We do not knowingly collect personal data from individuals under 16 years of age. Where required, participation is subject to parental or guardian consent.

10. Policy Updates

This policy may be updated periodically to reflect changes in legal, regulatory, or operational requirements.

Material updates will be communicated via:

• Email
• Platform notifications

11. Data Protection Contact

MindsForest does not have a formally appointed Data Protection Officer (DPO). Data protection responsibilities are managed internally by our compliance team.

For all privacy-related inquiries:

• General inquiries: info@mindsforest.com
• Compliance matters: compliance@mindsforest.com
• Data requests: privacy@mindsforest.com

12. Contact Information

MindsForest
50,51, 2nd Floor, Regal Building,
Outer Circle, New Delhi,
New Delhi-110001