Privacy Policy

1. Overview

Global Research Forum ("GRF", "we", "us", or "our") is an academic networking platform connecting researchers, academics, and institutions worldwide. This Privacy Policy explains what personal data we collect, why we collect it, and the choices you have regarding that data.

By creating an account or using our services, you agree to the terms of this policy. If you do not agree, please do not use our platform.

2. Data We Collect

We collect the following categories of personal data:

• Account information: Full name, email address, password (stored hashed), country, institution, phone number, WhatsApp number.
• Profile data: Biography, profile photo, professional roles.
• Content: Blog posts, comments, and any other content you publish on the platform.
• Payment data: Membership plan, payment amounts, transaction IDs, and payment gateway references. We do not store raw card numbers; payments are processed by third-party gateways.
• Usage data: Pages visited, blog views, bookmarks, and notification reads — used to improve the platform.
• Technical data: IP address, browser type, and session tokens — used for security and authentication.

3. How We Use Your Data

We use your data for the following purposes:

• Providing and operating the GRF platform and its features.
• Authenticating your identity and maintaining account security.
• Processing membership payments and generating receipts.
• Sending transactional notifications (membership status, blog approvals, role decisions).
• Displaying your public profile in the member directory (only fields you opt-in to show).
• Generating your digital membership certificate.
• Improving platform performance, fixing bugs, and analysing usage trends.
• Complying with legal obligations (e.g., financial record-keeping).

4. Sharing & Disclosure

We may share your data only in the following limited circumstances:

• Payment processors: PayPal, Stripe, or Razorpay receive the payment amount and your name/email to process membership fees. Their own privacy policies govern their use.
• Email providers: Our SMTP service processes email addresses to deliver transactional messages.
• Hosting infrastructure: Your data is stored on servers provided by Hostinger. They operate under their own data processing agreements.
• Legal requirements: We may disclose data if required by law, court order, or governmental authority.
• Business transfers: In the event of a merger or acquisition, data may be transferred to the successor entity.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. When you delete your account:

• Your personal profile information (name, email, photo, bio, contact details) is anonymised immediately.
• Your published research/blog posts remain on the platform in anonymised form to preserve academic continuity.
• Payment records are retained for a minimum of 7 years for tax and legal compliance purposes.
• Bookmarks, notes, and pending role applications are permanently deleted.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you (use Dashboard → Export My Data).
• Rectification: Correct inaccurate data via your dashboard profile settings.
• Erasure: Request deletion of your account and anonymisation of personal data (use Dashboard → Delete Account).
• Portability: Download your data in a structured format via Dashboard → Export My Data.
• Objection / Restriction: Contact us to object to processing or request restriction where applicable.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any right not available through self-service, contact us at the address listed in Section 11.

7. Cookies

We use the following types of cookies:

• Session cookies (essential): Required for authentication and CSRF protection. These expire when you close your browser.
• Preference cookies: Store your UI preferences (e.g., filter settings). These are functional and do not track you across sites.

We do not use advertising or cross-site tracking cookies. You can disable cookies in your browser settings, but this will prevent you from logging in.

8. Security

We implement appropriate technical and organisational measures to protect your data, including:

• Passwords stored using industry-standard bcrypt hashing (never in plain text).
• All data transmitted over HTTPS/TLS.
• CSRF token protection on all state-changing forms.
• Parameterised SQL queries to prevent injection attacks.
• Role-based access control limiting admin functionality to authorised users.

No system is 100% secure. If you discover a security vulnerability, please contact us privately so we can address it promptly.

9. Children's Privacy

GRF is intended for academic and professional use by individuals aged 18 and above. We do not knowingly collect personal data from children under 18. If you believe a minor has provided us with personal data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify registered users via a platform notification. Continued use of GRF after any change constitutes acceptance of the updated policy.