- Bhopal, Madhya Pradesh, India
- support@programinsider.in
Privacy Policy
Effective Date: July 14, 2026
Last Updated: July 14, 2026
This Privacy Policy explains how Program Insider collects, uses, stores, and shares information when you use our website and services.
1. Who We Are
Program Insider ("we", "us", "our") operates the website www.programinsider.in and is the data controller (and, under India's DPDP Act, the Data Fiduciary) responsible for the personal data described in this Policy.
For any privacy question, request, or grievance, contact us at support@programinsider.in. See Section 16 for how to exercise your rights.
2. Information We Collect
When you submit enquiry or payment forms, we may collect the following:
- Name (first name and last name)
- Email address
- Phone or WhatsApp number
- Country code and enquiry comments
- Purpose/context of enquiry and referring page path
For payment processing and verification, we may also process:
- Transaction identifiers and payment status
- Plan/program details and amount
- Billing fields returned by the payment gateway (for example: address, city, state, country, postal code)
3. How We Collect Data
We collect data when you:
- Submit forms on our website (enquiry, contact, payment)
- Register for specific sessions or events
- Interact with our website and calls-to-action
We also collect technical interaction data through analytics and tracking tools described below.
4. Cookies, Local Storage, and Similar Technologies
We use cookies and browser storage for user experience and campaign flow:
- Cookie used to remember popup dismissal (for a limited period)
- Local storage key used to suppress repetitive enquiry popups after submission
Third-party analytics and advertising tools may also place their own cookies or identifiers.
5. Analytics and Tracking
Our website includes tracking technologies such as:
- Google Analytics (GA4)
- Meta Pixel (Facebook Pixel)
- Trustpilot widget scripts
We may track page views and click interactions (for example, clicked element label, destination URL, and current page path) to understand performance and improve user journeys.
6. Security, Anti-Scraping, and Device Characteristics
Our residency program data is proprietary. To protect it from automated collection (scraping) and abuse, we apply security measures when you view program pages and use our matching tools. As part of these measures we process:
- Your IP address, used to apply rate limits and detect automated or bulk access patterns
- Device and browser characteristics (a "device fingerprint") — including your browser and operating system details, language and timezone settings, screen dimensions, hardware capabilities, and how your browser renders graphics. These signals are combined into a single non-reversible identifier
- Cloudflare Turnstile, a bot-detection service that verifies you are a human visitor rather than an automated script. Cloudflare processes your IP address and browser signals as part of this check
We use this information to enforce a fair-use limit on how many program pages can be viewed from one device within a 24-hour period, and to block automated scraping. Because this identifier is derived from your device rather than stored in cookies, it is not cleared by using a private or incognito browsing window.
Legal basis and purpose: we rely on our legitimate interest in protecting our proprietary content and maintaining the security and availability of our service. We do not use these signals for advertising, and we do not sell them. The device identifier is stored in a hashed form alongside a counter and is retained for no longer than 48 hours.
Cloudflare acts as a processor for the bot-detection check. See the Cloudflare Privacy Policy for details on their handling of this data.
If you have questions about this processing, or wish to object to it, contact us using the details in the Contact section below.
7. Automated Processing and Profiling
Our specialty-matching tools estimate how competitive your profile may be for certain residency specialties. When you use them, we process the inputs you provide (for example, USMLE Step scores, years since graduation, and visa requirements) and compare them against published program data to produce an indicative "match chance" or tier.
- These outputs are indicative estimates only. They are not predictions, guarantees, or professional advice, and they do not determine any outcome for you.
- No decision producing legal or similarly significant effects is made about you solely by automated means.
- We do not use these inputs for advertising, and we do not sell them.
You can contact us to ask how a result was produced, to express your point of view, or to request human review.
8. Why We Use Your Information
We use personal information to:
- Respond to enquiries and provide consultation support
- Manage leads and follow-up workflows
- Send transactional emails and support notifications
- Initiate and verify payments
- Register users for requested event sessions (including Zoom)
- Provide specialty-matching and program-discovery features you request
- Protect our content and infrastructure from scraping, bots, and abuse
- Improve website performance, conversion, and user experience
- Comply with legal, tax, and accounting obligations
9. Legal Bases for Processing
Where the EU/UK GDPR applies to you, we rely on the following legal bases:
- Performance of a contract — processing payments, delivering purchased services, and registering you for sessions you request.
- Legitimate interests — responding to enquiries, operating and improving the website, and protecting our proprietary content and infrastructure from automated scraping and abuse (see Section 6). We have weighed these interests against your rights and freedoms; the data used for security is minimal, is not used to build advertising profiles, and is held only briefly.
- Consent — non-essential analytics and marketing technologies, and marketing communications. Where we rely on consent, you may withdraw it at any time without affecting processing carried out before withdrawal.
- Legal obligation — retaining transaction records for tax, accounting, and compliance purposes.
Where India's Digital Personal Data Protection Act, 2023 applies, we process personal data for the lawful purposes described in this Policy, on the basis of your consent or for legitimate uses permitted under that Act.
10. How and When We Share Information
We do not sell your personal information. We share it only as needed for service delivery and operations, with the following categories of processors:
- Payment gateway (PayU) — to initiate and verify payments
- Email delivery providers — for confirmations, support, and updates
- Zoom — when you register for an event or session
- Cloudflare — bot detection and abuse prevention (Turnstile)
- Hosting and database providers — to run the website and store records
- Analytics and measurement providers — as listed in Section 5
- Lead management/CRM endpoints used by our team
We may also disclose information where required by law, to enforce our Terms of Service, or to protect our rights, safety, or property — including in connection with investigating or acting on unauthorised scraping or misuse of our data.
11. International Data Transfers
We operate from India, and our service providers (including hosting, database, payment, communication, and bot-protection providers) may process data on servers located outside your country, including in the United States and the European Union.
Where personal data protected by the EU/UK GDPR is transferred outside the EEA or UK, we rely on lawful transfer mechanisms such as the European Commission's Standard Contractual Clauses, or transfers to countries recognised as providing an adequate level of protection. You may contact us for further information about the safeguards applied.
12. Data Storage and Retention
We retain personal data only for as long as necessary for the purposes described in this Policy:
- Anti-scraping / device identifiers — stored in hashed form with a view counter, automatically deleted within 48 hours.
- Enquiry and lead records — retained while we provide support and manage the enquiry, and for a reasonable period afterwards for service continuity.
- Payment and transaction records — retained as required for reconciliation, tax, and accounting obligations under applicable law.
- Account records — retained while your account is active, and deleted on request in accordance with our Data Deletion Policy.
When data is no longer needed, we delete it or irreversibly anonymise it.
13. Security
We use reasonable technical and organizational safeguards to protect data, including encryption in transit, access controls, and restricting access to personal data to those who need it. No method of storage or transmission is completely secure, so absolute security cannot be guaranteed.
14. Data Breach Notification
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by applicable law, affected individuals, without undue delay.
15. Your Rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you and obtain a copy of it
- Correct inaccurate or incomplete data
- Erase your data ("right to be forgotten"), where applicable
- Restrict or object to certain processing, including processing based on our legitimate interests
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent at any time, where processing is based on consent
- Nominate another person to exercise your rights in the event of death or incapacity (under India's DPDP Act)
- Lodge a complaint with a supervisory authority (see Section 16)
You may also choose not to submit optional information in forms, and manage cookies through your browser settings.
16. How to Exercise Your Rights & Complaints
To exercise any right above, or to raise a grievance about how we handle your data, contact our Grievance Officer:
- Grievance Officer: Data Protection Team, Program Insider
- Email: support@programinsider.in
We will acknowledge your request and respond within the period required by applicable law (generally within 30 days). We may need to verify your identity before acting on a request.
If you are in the EU/UK and believe we have not resolved your concern, you have the right to lodge a complaint with your local data protection supervisory authority. If you are in India, you may escalate an unresolved grievance to the Data Protection Board of India.
See also our Data Deletion Policy for how to request deletion of your data.
17. Children's Privacy
Our services are intended for students and professionals and are not directed to children. We do not knowingly collect personal information from children in violation of applicable law. If you believe a child has provided us personal data, contact us and we will delete it.
18. Changes to This Policy
We may update this Privacy Policy from time to time. Changes are effective when posted on this page, with the updated effective date. Where changes are material, we will take reasonable steps to notify you.
19. Contact
If you have privacy questions or requests, contact us at support@programinsider.in.
Join the Latest Events
Attend the top events from residents and mentors conducted by PROGRAM INSIDER
No Events For today !
Read Our Latest Updates
Our blogs are the best way to get insights about programs and courses.

