This page explains what data is collected across prajnainnovates.com (the marketing/portfolio site) and app.prajnainnovates.com (the interactive apps), what stays in your browser, and what your rights are. Written in plain English on purpose — if anything reads as vague, that's a bug, not a strategy.
Who this policy applies to.
Anyone who visits either site. If you're in the EU, UK, California, or another jurisdiction with its own privacy law, the "your rights" section at the bottom summarises what you can request.
What we collect — and what we don't.
Marketing site (prajnainnovates.com): No analytics, no marketing pixels, no behavioural tracking. Server request logs are kept by Azure Static Web Apps for approximately 30 days and contain IP address, User-Agent, and URL requested. These are used only for security and troubleshooting.
App (app.prajnainnovates.com): When you sign in, we associate your account with:
- Your email address (from Microsoft Entra External ID)
- Your name (if you provided one during sign-up)
- The workspaces you create or join
- The checklists you create and the state of each item
- The team members you add and their contact details
- The Psychological Safety Assessment responses you submit — kept private to you unless you attach them to a workspace, in which case only aggregate anonymised scores are visible to other members of that workspace
We do not sell any of this data, share it with advertisers, or use it to train ML models.
Cookies and browser storage.
Cookies and browser storage on this site are limited to what's strictly necessary for the site to work — there are no analytics, advertising, or profiling cookies.
Marketing site (prajnainnovates.com)
- Cookie consent state — when you accept or decline the notice, we save your choice locally so you're not asked again on every visit. Never sent to a server.
- Google Fonts may set functional cookies when we load fonts from Google's CDN. These are Google's cookies, not ours.
- Cloudflare R2 (video hosting) may set CDN cookies if you play an embedded video.
App (app.prajnainnovates.com)
- Authentication tokens (localStorage) — issued by Microsoft Entra External ID via MSAL. Required to keep you signed in. Cleared when you sign out.
- App state (localStorage) — your in-progress assessment draft, the workspace you last selected for the assessment, and the acknowledged consent state. Never sent to a server; cleared with your browser data.
- Entra sign-in cookies are set on the
ciamlogin.comdomain during sign-in. Those are Microsoft's cookies, not ours, and they're governed by Microsoft's privacy policy.
How data leaves your browser (and where it goes).
- Azure Static Web Apps (Microsoft, US) — hosts the static files. Sees your IP and request URL.
- Azure Functions (Microsoft, US) — runs the API. Receives your JWT (proof of who you are) and whatever you're saving or reading.
- Azure SQL Database (Microsoft, US) — stores workspaces, checklists, team members, assessments.
- Microsoft Entra External ID (Microsoft, US) — handles sign-in and password reset.
- Web3Forms (3rd party) — used only for the contact form and admin-notification email. Sees your name, email, and message when you submit the form.
- LinkedIn — used only if you click the LinkedIn link in the footer to visit our profile.
No data is transferred anywhere else.
How long we keep it.
- Account & app data — kept as long as your account exists. Delete your account and it's removed within 30 days.
- Server logs — ~30 days, as configured by Azure.
- Contact form submissions — kept in email; we delete once the thread is done, subject to legitimate business retention.
Your rights.
You can request at any time to:
- See a copy of the data we hold about you
- Correct anything wrong or out of date
- Delete your account and its associated data
- Withdraw consent (equivalent to deleting your account, since we don't hold any non-essential consent-based data)
- Object to processing or ask for a portable export
To exercise any of the above, use the Get in touch button in the site footer, or email us via the contact form. We aim to respond within 30 days.
Children.
The app is intended for adult users (school administrators, workplace teams). We don't knowingly collect data from anyone under 16. If we learn that we have, we delete it immediately.
Changes to this policy.
If we make a material change — for example, adding an analytics tool — we'll update the date at the top of this page and, where required, show a fresh consent notice.
Contact.
Reach out via the Get in touch form in the site footer. We read every message.