Last updated: 8 June 2026
This platform is operated by:
Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 (including the SPDI Rules, 2011), Resilient Sustainance Private Limited is the Data Fiduciary responsible for the personal data processed through GreenCampus.
GreenCampus is a sustainability assessment platform for schools, colleges, and universities. It is used by institutional staff (school administrators, principals, teachers, and data-entry personnel). We do not collect individual student data — only aggregate student counts at the institution level.
| Data category | Fields | Purpose |
|---|---|---|
| Account credentials | Email address, password (stored as bcrypt hash) | Authentication and account access |
| Identity | Full name | Display in dashboard, reports, and team management |
| Contact | Phone number (optional) | Account recovery and support communication |
| Institutional | Institution name, type, board/affiliation, city, state, level, fee tier, student count, faculty count, department count, campus area, accreditation grade | Assessment scoring, benchmarking, regulatory mapping (SHVR, NAAC, GreenMetric) |
| School contact | Contact name, email, phone (optional, may be empty) | Institutional point of contact for platform communication |
| Assessment data | Responses to sustainability indicators, scores, band ratings, pillar breakdowns, priority actions | Generating sustainability assessments, reports, improvement roadmaps, and benchmarks |
| Anonymised assessment data | Aggregated scores and pillar breakdowns (no individual school identity) | Included in peer benchmarks visible to other schools to enable comparative assessment. Individual answers and school identities are never shared. |
| Payment data | Razorpay subscription and payment IDs, plan tier, amount | Processing and verifying subscription payments (card/bank details are handled entirely by Razorpay and never reach our servers) |
| Activity logs | IP address, action performed, timestamp | Security audit trail, fraud prevention |
| Login metadata | Last login timestamp, account creation date | Account management, security monitoring |
GreenCampus is intended for use by institutional staff (adults acting in their professional capacity). The platform does not knowingly collect personal data of children or individual students. Only aggregate institutional counts (e.g. total number of students enrolled) are captured. If you believe a child’s personal data has been submitted to the platform, please contact us immediately at mail@rsustain.com and we will delete it.
When you create an account, you are required to check a consent box confirming that you agree to this Privacy Policy and our Terms of Service. This constitutes your informed consent under Section 6 of the DPDP Act, 2023.
You may withdraw consent at any time by emailing mail@rsustain.com. Upon withdrawal, we will cease processing your personal data and delete your account, except records we are legally required to retain (see Section 7). Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
We share personal data with the following third parties, solely for the purposes stated:
| Processor | Data shared | Purpose |
|---|---|---|
| Razorpay Software Private Limited | Payer name, email, phone number, subscription amount | Payment processing and verification. Card and bank account details are collected directly by Razorpay and never transmitted to our servers. Razorpay’s privacy policy: razorpay.com/privacy |
| Google Fonts (Google LLC) | Visitor IP address, browser User-Agent | Serving typefaces (Inter, DM Serif Display). Transmitted automatically when pages load. Google’s privacy policy: policies.google.com/privacy |
| jsDelivr CDN (Prospect One) | Visitor IP address, browser User-Agent | Serving the Chart.js library for dashboard charts. Transmitted automatically when pages load. jsDelivr’s privacy policy: jsdelivr.com/privacy |
We do not use any analytics, advertising, or tracking services. We do not sell or rent personal data to any third party.
GreenCampus stores the following data in your browser’s local storage (not cookies):
gc_token, gc_refresh_token) — used to maintain your logged-in session. The access token expires after 60 minutes; the refresh token after 7 days.shakti_action_checks_*) — saves your action-item checkbox progress locally.These are functional and necessary for the platform to operate. We do not set advertising or tracking cookies. No data from local storage is transmitted to third parties.
All personal data is stored on servers located in Vilnius, Lithuania (European Union), operated by Hostinger International Limited. By creating an account and accepting this Privacy Policy, you consent to the transfer and storage of your personal data on these servers, outside India. This transfer is permitted under Section 16 of the Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025, which allow transfer of personal data outside India except to jurisdictions restricted by the Central Government.
Personal data is not shared with or accessible to Resilient Sustainance Ltd (our UK affiliate).
When you load a page on GreenCampus, your browser makes requests to Google Fonts (Google LLC, USA) and jsDelivr (Prospect One), which transmit your IP address and browser information to servers that may be located outside India. This is standard browser behaviour for loading fonts and scripts, and no personal account data is included in these requests.
We implement the following measures to protect your personal data:
Free-assessment records are stored as unencrypted files on the server filesystem. We are working to improve storage security for these records.
As a Data Principal, you have the following rights:
To exercise any of these rights, email the Grievance Officer at mail@rsustain.com. We will respond within 30 days of receiving your request.
If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India once it is constituted under the DPDP Act, 2023.
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Continued use of the platform after an update constitutes acceptance of the revised policy.