Privacy Policy

Our commitment to protecting your privacy and data

Key Points for Quick Reference

Transparency & Trust

panchayath is a hyperlocal social network built on transparency and compliance. We follow Indian laws like the IT Act 2000, Intermediary Rules 2021, and Digital Personal Data Protection Act 2023 to protect your rights. All your data is stored securely on servers in India (Azure cloud, MongoDB), and we do not share it without your consent. Unlike big social media platforms, we prioritize local community trust – your data stays in India and under your control.

Data Privacy & Security

We collect only the data we need to serve you – like your name, contact, location (for local content), and interests – and use it to personalize your feed and improve your experience. Your personal data is never sold. Any sharing (for example, with a service provider you connect with, or our transcription service) is consent-based and transparent. We use strong encryption and security practices to safeguard your data, following the principles of purpose limitation, data minimization, and data security as per the Digital Personal Data Protection Act. You have full rights over your data: access it, correct it, delete it, or withdraw consent at any time.

Community Roles & Responsibilities

On panchayath, users can have different roles with specific guidelines:

Regular Users

Everyday community members who post and interact. Just keep it respectful and lawful.

Verified Volunteers

Passionate locals who undergo verification (KYC) and training to help moderate content, verify information, and assist neighbors. Volunteers must act ethically, stay unbiased, and follow community guidelines strictly.

Service Providers

Local businesses or service personnel offering services through panchayath. They must provide accurate information, obtain user consent before offering services, and comply with consumer protection laws. No spam or false claims – quality and honesty are a must.

Community Moderators/Supervisors

These include senior volunteers or staff (led by our Chief Grievance Officer) who monitor content, address reports, and ensure the community stays safe. They can warn or suspend rule-breakers and escalate serious issues for quick action.

Content & Conduct

Be a good neighbor! Prohibited content includes anything illegal, harmful or unethical. This means no hate speech, harassment or obscenity; no defamation or infringement of others' rights; no false news or misleading info; no spam, malware, or anything violating Indian law. We have zero tolerance for child abuse material, sexually explicit content, or content that threatens the security or unity of India. Posting such content can lead to immediate removal and account suspension. Always respect privacy and think twice before you post.

Moderation & Grievances

We use a mix of community moderation and official oversight. Volunteers and moderators may flag or review posts that violate guidelines. For serious issues, our Chief Grievance Officer (CGO) will step in. You can report content or grievances easily in-app or via email to the CGO. We promise to acknowledge complaints within 24 hours and resolve them within 15 days (much faster for urgent cases like abuse – such content can be removed within 24 hours by law). Our grievance process is compliant with law and designed to be user-friendly – you can track your complaint status and appeal decisions. We want you to feel heard and safe.

User Rights & Control

You have strong rights over your data and experience. You can access all your personal data we have, request corrections or deletion, and even download your data. You can withdraw consent for optional data uses (e.g. you can opt out of personalized ads or notifications). If you ever decide to leave, you can delete your account – we will remove your data (except any part we must keep by law) and confirm once done. Minors (under 18) require parental consent to use panchayath, and we do not show targeted ads or unsuitable content to minors. You can also control who sees your posts through privacy settings, and we provide tools to block or report bad actors.

Safety and Comparisons

panchayath strives to be safer and more accountable than typical social media. We don't use opaque algorithms to manipulate you – instead, your feed is personalized based on your chosen interests and location. We don't profile you for advertising without consent, and we certainly don't transfer your data abroad without a good reason (and never to jurisdictions disallowed by the government). In short, we aim to be everything you wish other platforms were: community-focused, privacy-respecting, and quick to respond when there's a problem.

TL;DR is not a substitute for the full policy

The summary above hits the highlights in plain language, but please read on for the complete Terms and Conditions and Privacy Policy. These give the full legal details on what you can expect from panchayath and what we expect from you. By using panchayath, you agree to all the terms below. If you have any questions, just reach out to us – we're here to help! 🙏

Definitions

"panchayath" or "Platform" – The hyperlocal social media platform (mobile app/website) operated by us, designed for connecting users within India at the community/neighborhood level.

"We"/"Us"/"Company" – The operators of the panchayath platform (including its owning entity and team).

"User" – Any person using panchayath. This includes all roles below unless specified otherwise.

  • "Regular User" – A general community member on panchayath using the platform to consume or share content, but not in a volunteer or service provider capacity.

  • "Verified Volunteer" – A user who has opted into our volunteer program, completed any required verification (such as identity/KYC checks) and training, and helps with community moderation, verifying information, or assisting others on the platform.

  • "Service Provider" – A user or organization offering local services through the platform (for example, a local business, handyman, NGO, tutor, etc.). Service Providers may have special profiles and listing features and are verified to ensure legitimacy.

  • "Community Moderator" – An individual (could be a senior volunteer or staff member) granted moderation privileges to oversee content and user conduct in a specific community or the platform at large. Moderators enforce the Terms and Community Standards.

  • "Chief Grievance Officer (CGO)" – The appointed officer responsible for overall grievance redressal and compliance with applicable laws. The CGO oversees complaint resolution, content escalations, and coordination with legal authorities when required (as mandated by the Intermediary Guidelines, 2021).

"Personal Data" – Information about an individual that can identify them (either directly or indirectly) such as name, contact details, location, etc., as defined under the Digital Personal Data Protection Act, 2023. This also includes "sensitive personal data" (if any) as per law. In panchayath's context, personal data typically covers your profile info, posts, messages, etc., that relate to you.

"Content" – Any text, images, audio, video, or other material that users post, upload, share, or transmit on panchayath. This includes posts, comments, messages, profile information, and any other contributions. "User Content" specifically refers to content created by users (not by the Company).

"Sarvam API" – A third-party speech-to-text transcription service (Sarvam AI) integrated with panchayath. When you use voice notes or audio features, the audio may be sent to the Sarvam API to convert speech to text for captions or indexing.

"Terms" – This entire Terms of Service agreement, including any policies or rules referenced within (like Community Standards, Privacy Policy, etc.). By using panchayath, users agree to these Terms.

"Privacy Policy" – The privacy practices section of this document that explains what data we collect from users and how we handle and protect it. The Privacy Policy is an integral part of the Terms.

"Grievance" – A complaint or issue raised by a user or any affected person regarding content on the platform or any aspect of panchayath's services – for example, a complaint about harassment by another user, a request to remove certain content, or a concern about how personal data is handled.

(Other definitions may be provided in the context below. If any term is capitalized and not defined here, it has the meaning given in applicable law or in common usage on the platform.)

Privacy Policy

panchayath is committed to protecting your privacy and being transparent about how we handle your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and the choices you have. We follow all applicable Indian privacy and data protection laws, including the Digital Personal Data Protection Act, 2023, which emphasizes lawful and fair use of personal data. We also incorporate global best practices to keep your data safe. By using panchayath, you consent to the practices described in this Privacy Policy.

1. Information We Collect

We collect several types of information to provide and improve the panchayath service:

1.1 Information You Provide Directly:

  • Account Data: When you sign up, we ask for basic details like your name, phone number and/or email address for verification (such as OTP), and a password if applicable. You may also create a username. This is needed to create your account and identify you on the platform.

  • Profile Information: After sign-up (often during onboarding), you may provide additional info such as your profile photo, gender, age or date of birth, bio/description, and interests. Regular users might select interests (e.g., "health, education, safety"), volunteers might answer questions about skills and causes, and service providers might provide business details (description, category of service, etc.). All these are optional except where specifically needed (for instance, location, discussed below). You can skip or later modify profile questions.

  • Location: Because panchayath is hyperlocal, we collect your location information. During onboarding, we either ask you to select your area or request GPS permission. You may provide a city and neighborhood or pin code. If you enable precise location via your device, we will collect GPS coordinates to auto-detect your community area. You can choose to provide only approximate location (e.g., just city) if you prefer. Location is crucial for us to give you the right local feed and connect you with nearby users.

  • Content and Messages: We collect the content you post on the platform: the text or media in posts, comments, and messages you send to others. If you create a post with text, obviously we store that text. If you upload an image or video, we store those files. If you send messages through any direct messaging or chat feature (if available), those are stored (and likely end-to-end encrypted if we implement that, which we'll inform you of). Voice Content: If you post audio notes or voice posts, those may be sent to our transcription service (Sarvam API) to convert to text. We store the original audio and the transcribed text. Note: Private communications (like direct messages) are accessible only to the intended recipients (and our system as needed to deliver them), not publicly visible.

  • Feedback/Support: If you contact us for support or give feedback (e.g., through a survey or by emailing support), we collect the information you provide, like your contact details and the content of your message.

  • Verification Info: For certain roles or features, we may ask for additional documentation. For example, volunteers may submit an ID proof for KYC, service providers may upload a business license or GSTIN, etc. We collect and store these documents and any personal data on them. We use them only for verification and trust-building purposes. Also, if you go through any e-KYC process (like Aadhaar-based verification if we enable it), the data collected (like Aadhaar number, which we prefer not to store, or an XML from DigiLocker, etc.) will be handled strictly per law and deleted after verification outcome.

  • Surveys and Promotions: Occasionally, we may run community surveys, contests, or referral programs. If you choose to participate, you might provide information or responses. That data is collected, and we'll tell you at the time how it will be used (for example, a survey might be anonymous aggregated data for research).

1.2 Information We Collect Automatically: When you use panchayath, some data gets collected automatically by virtue of your usage or device configuration:

  • Device Information: We collect data about the device and app you use to access panchayath. This can include device type (e.g., iPhone X, Samsung Galaxy, etc.), operating system and version, app version, unique device identifiers or advertising IDs, language and timezone, and other device-level details. We might also detect if you have our app in the background or if it crashes (through crash logs). This helps us debug issues and optimize the app for popular devices.

  • Usage Data: We collect data about your activity on the platform. For instance, the communities or topics you follow, posts you view or interact with, features you use (like if you often use the "Nearby alerts" feature), the time you spend on the app, and the pages or screens you visit. We also log click-stream data like when you tap on a link or an ad (if any) within the app. This usage data is primarily analyzed in aggregate to understand engagement, but could be associated with your account to personalize content.

  • Log Information: Our servers automatically keep logs which may include details like IP address (the Internet address your device uses), date and time of access, pages viewed, and any website you came from or go to after (if, say, you follow an external link). For example, if you open a link to a news article from a panchayath post, we might note that an external link was clicked. IP addresses can infer approximate location beyond what you gave (e.g., city-level) which helps with security (like detecting unusual logins) and analytics.

  • Cookies and Similar Tech: If you use a web version or if our app uses local storage, we might use cookies or similar technologies to remember preferences and collect analytics. For example, a cookie might keep you logged in on the web. We don't use cookies for third-party advertising without consent. We may use first-party cookies to understand site traffic (through something like a Google Analytics, which will be configured to not collect any more data than needed and comply with Indian laws).

  • Transcription and Voice Tech: If you use voice input or voice posts, the audio might be processed by the Sarvam AI service. In doing so, certain metadata like language or length of audio is collected. The transcription result is returned to us. The Sarvam API might log the request for a short period for performance monitoring. We have agreements in place to ensure they do not use your audio data for any purpose except to provide the service to us (they should not retain or analyze it beyond what's necessary).

  • Location (Continuous/Background): If you grant background location access (for features like real-time local alerts), we may collect location data periodically even when not actively using the app. We will explicitly ask for this permission; if given, it helps provide up-to-date local info (for example, if you move to a new locality, the app can update your feed). You can always disable this in your device settings if you change your mind.

1.3 Information from Third-Parties: Sometimes we might receive information about you from others:

  • Social Login: If we allow social media sign-up (e.g., using Google or Facebook to create account), we obtain info from that account such as your name, email, and profile photo. We only collect the basic info needed (we'll explicitly show you what we request, and you can decline).

  • Contacts (Invite Friends): If you choose to invite friends or find friends on panchayath, you might grant us access to your contacts. We would use this only to show you which contacts are on panchayath or to send invites (with your consent). We don't store your address book permanently – often it's hashed matching or one-time use.

  • Service Provider Transactions: If you interact with a service provider through panchayath (for example, book a service or make a payment), we might receive details about that interaction from the payment gateway or the service provider. This could include confirmation of payment, amount, or a service completion note, etc. We treat this as part of your usage data.

  • Public Sources: For verifying businesses or volunteers, we might use public databases or social media (for example, to verify an NGO's registration we might check a government registry). That's generally not personal data beyond confirming authenticity.

  • Third-Party Partners: If we run a campaign with a partner (say a local NGO runs a cleanliness drive sign-up on panchayath), they might share info back with us about which users participated, etc. We ensure any such data sharing is communicated and with consent.

We will always aim to minimize collection – i.e., gather only what is needed for the feature to work or for legal compliance. If we ever introduce new data collection that is not covered here, we will update this policy and notify you as required.

2. How We Use Your Information

We use the collected information for various legitimate purposes aligned with providing a great service to you, in a manner that is lawful, fair and transparent. Here's a breakdown:

2.1 To Provide and Maintain the Service:

  • Account Management: We use your email/phone to create your account, log you in, and communicate essential information (like OTPs for login, or important alerts about your account).

  • Community Feed Personalization: Your location and interests help us show you relevant posts (e.g., if your location is Bengaluru, you'll see posts from Bengaluru; if you indicated interest in "civic issues," we may prioritize those posts). Your usage patterns (what you engage with) also train our feed algorithm to show more of what you like – this is personalized feed generation. We might use machine learning on your past interactions to rank posts, but note we do not have invasive profiling beyond that purpose. It's similar to how your Twitter or Facebook feed works, but focused on local content and your chosen preferences.

  • Content Creation and Social Functions: We use your content (posts, comments) to obviously display back to other users as you intend. It might also be used to notify relevant people (for instance, if you post in a neighborhood group, others in that group get notified). If you tag someone or mention them, we use that info to direct the message appropriately.

  • Communication Features: If our platform supports messaging, we use your data to route messages between users. For group chats or forum threads, we maintain those communications for participants.

  • Service Transactions: If you book or request something from a Service Provider, we use your data to facilitate that: e.g., sharing your contact/address with the provider (with your agreement when you make the request), or sending your request details to them. We use transaction data to keep a record (so you can see your past service requests, etc., and so providers can manage their orders).

  • Transcriptions and Assistive Features: If you record voice posts, we send the audio to Sarvam API and use the returned text to display subtitles or to index the content for search. Similarly, if we have a voice assistant feature (say, you ask panchayath via voice "What's happening nearby?"), we use your input to give you an answer (possibly using an AI service). All such uses are only to serve your request.

2.2 To Improve and Analyze the Service:

  • Analytics: We continuously analyze usage data (how many users post daily, which features are popular, where users drop off in onboarding, etc.) to improve the user experience. For example, if we see many users from a particular city signing up but not completing profile, we might simplify the profile step. Analytics might be done in-house or with third-party tools, but typically aggregated and not aimed at identifying you individually.

  • Research and Development: We may use data (often in aggregated or pseudonymized form) to research new features or understand community needs. E.g., analyzing posts tagged under "safety" to see if a certain area has more issues could lead us to develop a special alert system for that area. Or analyzing volunteer activity to create better training content.

  • Personalization: Beyond the main feed, we might personalize various aspects: which community groups are suggested to you, which local events or service providers are recommended, etc., based on your profile and behavior. The aim is to make panchayath more relevant to each user. This may involve profiling, but only using data you've provided or actions you've taken on the app. We do not purchase third-party data to augment profiles. And we do not make decisions that have legal or similar significant effects on you purely by automated means without human review (e.g., banning you purely by algorithm – we don't do that without a human in loop, except perhaps for obvious spam bots).

  • Advertising and Announcements: As of now, panchayath might not have ads, but if we do: We could use some data to show you relevant ads or sponsored posts (for instance, a local shop promotion). We would use non-sensitive profiling such as your location and general interests. We will not provide your personal data to advertisers without your consent. We might present ads in categories (like "an advertiser wants to target users interested in fitness in Mumbai" – we show it, but we don't hand over who you are to them). You'll have options to opt-out of targeted advertising if you wish, or a setting to limit ads. Any such use will be compliant with DPDP Act's consent requirements.

  • Quality Assurance: Information like crash logs or user feedback is used to fix bugs and ensure the app runs smoothly across devices. For example, device info and logs help us diagnose why a crash happened and fix it in an update.

2.3 To Communicate with You:

  • Service Communications: We will send you important communications about your account or the service. For example, email/SMS verifications, password reset, changes to terms or policies, security alerts (like if a new login is detected), or if we suspend your account (with reasons). These are not promotional; you cannot opt out of critical service communications except by deleting your account.

  • In-App Notifications: Within the app, we'll notify you of things like someone replied to your comment, new posts in your area, or new features introduced. You can control some notification preferences in settings (like turning off certain types of alerts).

  • Marketing Communications: With your consent (or as allowed under law), we might send occasional emails or push notifications about new features, tips on using panchayath, or events and surveys. For example, a newsletter or a note "This week on panchayath: Top community helpers!" You can opt out of these at any time (via an unsubscribe link or app settings for push notifications). If required by law, we will ensure such messages are only sent with prior opt-in consent.

  • Transactional Communications: If you engage in transactions (like payments to service providers), we'll send confirmations, receipts, or related info. Also, if a volunteer is helping with your grievance, we might facilitate communications there.

2.4 To Ensure Safety, Security and Legal Compliance:

  • Moderation: We may use automated systems to scan content for red flags (like known illegal images using hashes, or keyword flags for hate speech) as part of content moderation. Data may be processed for these purposes to catch violations of our Terms or legal requirements. E.g., scanning messages for spam patterns to block bots, or detecting multiple account fraud. Some of this is automated, but final actions often involve human review for confirmation.

  • Security Monitoring: We use data like device info, IP addresses, and log-ins to detect suspicious activities (like if multiple accounts are coming from one device to spam, or an account suddenly logs in from two countries far apart – potential compromise). We may block certain actions if we suspect malicious activity (like rate-limiting posts, or prompting re-verification of account).

  • Enforcing Terms: Information about violations (including reports from other users) will be used to investigate and enforce our Terms. For instance, if you are reported for harassment, we will review the related content (which might include your posts, profile info, etc.) to decide what action to take. We keep records of violations and actions taken, to identify repeat offenders and for potential legal defense if needed (e.g., if someone claims we removed content unfairly, we have our analysis logged).

  • Legal Obligations: We might need to process and retain certain data to comply with laws. For example:

    • Data Retention: The Intermediary Guidelines require that upon taking down any content, we keep a record of it and associated metadata for 90 days in case law enforcement needs it. We will do so when applicable.

    • Law Enforcement Requests: If we receive an official legal request (court order or duly authorized governmental demand) for user data, we will check it and comply if valid. That could involve producing logs or content to authorities. We will strive to notify affected users unless the request legally forbids notice or is an emergency.

    • Preventing Illegal Activities: We may process and share data necessary to prevent fraud, cyber attacks, or other unlawful activities. For instance, if we detect a botnet, we might share relevant identifiers with cybersecurity researchers or other platforms as permitted by law to help curb the threat. If users engage in doxxing or threats, we might preserve evidence and inform law enforcement proactively to prevent harm.

  • Dispute Resolution: If you ever have a dispute with us or another user, and it goes to a legal or mediation process, we will use relevant data in our possession to resolve the issue. For example, if you claim someone defamed you on panchayath, we would review the posts and might have to share them in a court proceeding.

2.5 Other Purposes (with Consent): If we ever need to use your data for a purpose not covered by the above, we will seek your consent. For instance, if we want to use a quote from your post and your name in a marketing testimonial, we'd ask you. Or if we plan a new feature like a public user directory, we would make it opt-in. Your consent is the basis for any new usage beyond what's in this policy. And you can withdraw that consent anytime.

We ensure that usage of data is within the boundaries of what a user would reasonably expect when using panchayath, or otherwise we will take explicit permission. All usage aligns with the principle that data should only be used for the purpose it was collected.

3. How We Share Information

We do not sell your personal data to third-party marketers. We only share information in the following contexts, all aimed at running the platform or as required by law, and mostly with your knowledge and consent:

3.1 With Other Users: panchayath is a social platform, so inherently some of your information is shared with other users:

  • Public Profile: By default, some basic profile info (your name, photo, bio, and general location like city) is visible to other users. You can control some visibility settings (for example, maybe you can hide your exact neighborhood or last name – we will provide such privacy controls as feasible). Volunteers and Service Providers might have special badges or indicators that are public.

  • Posts and Content: Anything you post in a public or group forum on panchayath is visible to other members of that forum (and generally to others in your local area if it's a neighborhood feed). For example, a post in "Mumbai/Cuffe Parade Community" is visible to users in that community. If a community is private or invite-only (feature we might have for certain groups), then only those members see your content there. Direct messages are only seen by the recipients.

  • Interactions: When you engage with content (like or react, comment, etc.), other users involved may see that. For example, if you like a post, the post's author might see " liked this." Or if you comment, obviously that comment (and your profile name) is visible to whoever can see the original post.

  • Service Providers: If as a regular user you request a service or interact with a Service Provider listing, you may choose to share contact info or details with them. For instance, if you click "Contact Plumber" and fill a form with your phone number and address for them to visit, that information goes to that Service Provider. They are third-parties (see below) but we treat that as you intentionally sharing data to avail a service. We impose contractual obligation on service providers to use that data only for the intended purpose (fulfilling your request) and not retain or misuse it.

  • Volunteer Helpers: If you raise a local issue ("e.g., street light not working") or a grievance, a Verified Volunteer or Moderator may reach out to help or ask for more info. In doing so, some of your info (the issue details, your name/contact if needed) might be shared with them. Volunteers are bound by our policies to keep such info within the platform's use (e.g., a volunteer might call you if you provided a number for follow-up on a complaint, but they shouldn't misuse your number).

  • Community Broadcasts: If you RSVP to an event or join a community initiative on panchayath, your participation might be visible to others (e.g., "Alice is attending the neighborhood cleanup"). If that bothers you, you can choose not to publicly RSVP or ask the organizer if there's a way to join privately.

3.2 With Third-Party Service Providers (Processors): We use certain trusted third parties to perform functions on our behalf – they are contractually obligated to only use your data for our specified purposes and to protect it. Key examples:

  • Infrastructure: panchayath runs on cloud infrastructure (e.g., Microsoft Azure data centers in India). Your data (including personal data and content) is stored on their servers. They don't access it except for storing and retrieving as we direct (and Azure is a reputable provider with security and compliance standards).

  • Database & Analytics: MongoDB is mentioned – if we use MongoDB Atlas (a cloud database), similarly your data resides there. We might also use analytics services or crash reporting services (like Google Analytics for Firebase, etc.) which would process usage data and device identifiers to give us insights. These providers might gather certain info from your app usage (which could include, say, a pseudonymous user ID and event data). We ensure analytics doesn't collect any unnecessary personal info like text of your posts, etc., unless it's extremely important for debugging (and even then, we'd anonymize).

  • Sarvam API (Transcription): When you use voice features, we send the audio to the Sarvam AI speech-to-text API. That third-party will receive the audio data to process and return text. We share only what's needed (the audio clip, and maybe the language code). Sarvam is obligated not to use the audio for anything beyond the transcription service (as per their privacy terms). We do not expect them to store or analyze your content beyond providing the result. However, by design some providers might keep data briefly to improve their models; we rely on Sarvam's terms and will disclose to you if that's the case. Using voice features implies consent to this processing – if you are not comfortable, you can avoid using voice or disable the feature.

  • Communication Tools: We may use third-party services to send communications – for example, an SMS gateway for OTP, an email service for sending verification emails or newsletters. These providers (like SMS providers or SendGrid for emails) get the necessary info (your phone number or email and the message content) to deliver the message. They cannot use it for other purposes.

  • Payments: If down the line we integrate a payment gateway (like Razorpay, PayTM, etc.) for any in-app purchases or service provider transactions, when you engage in a payment, you are effectively sharing data with that payment processor (like your card info, UPI, etc.). We do not receive your sensitive payment details except confirmation of transaction. Payment processors are PCI-DSS compliant etc., and they handle the financial data. We might store a transaction ID or receipt information.

  • Map Services: If we show maps or location selection (e.g., using Google Maps or Mapbox APIs), those services might receive some data like your device's request for map tiles or geocoding your address. Using those in-app may share minor info (like coordinates) with them. We'll mention in the app when third-party map/places services are used and include their terms by reference.

  • Other Vendors: Perhaps for content filtering we might use a service (like a photo DNA for detecting illegal images, or a moderation AI to detect hate speech). If so, content might be sent to those algorithms. We would ensure such vendors do not store or use the data beyond the immediate analysis. Another example: if we have a push notification service or in-app support chat widget, they could process your userID or messages to operate.

We strive to keep the number of external processors minimal and carefully vetted. A list of major processors can be provided on request (and we might add a section on our website listing them for transparency).

3.3 With Business Partners (with your Consent): Sometimes we may partner with an organization for a community initiative. For instance, a city municipal body might collaborate with panchayath to push updates about civic issues, or an NGO might run a campaign through panchayath. In such cases, we might share aggregated information or, if you explicitly sign up for something, your relevant data with that partner. Example: You register through panchayath for a tree-planting drive by an NGO – we'd share your name and contact with the NGO running the drive (since you need to coordinate with them on where to meet, etc.). This will be obvious to you at the time (basically, when you sign up, it will say your info will be shared with X organizer). We don't do this behind the scenes; it's all based on your actions and clear disclosures.

3.4 For Legal and Safety Reasons: We might share information outside of panchayath if we believe in good faith that such disclosure is necessary to:

  • Comply with the law or legal process: Respond to subpoenas, court orders, or legal requests (government or law enforcement inquiries). We only share what is lawfully requested and in line with our legal obligations. If a government demands something not per proper process, we will push back or refuse.

  • Enforce our Terms and rights: If needed to address breaches of our Terms or to protect our platform from harm. For example, sharing details of spam sources with law enforcement to combat a spam ring. Or using IP logs to file a legal notice against an attacker.

  • Prevent harm: If someone's life or safety is at risk, we may share information with authorities. For instance, if we detect an imminent threat of violence or self-harm posted on the platform, we might alert police or mental health professionals, including relevant user info, to prevent tragedy.

  • Investigate illegal activities: We could provide data to government agencies if the content indicates a crime (like evidence of illegal trafficking or child exploitation). The IT Act requires us to assist law enforcement with decrypting information if lawfully ordered (though if end-to-end encryption is used for messages, we might not have access). We follow due process at all times.

We will maintain transparency where possible. Unless legally prevented, we may try to notify users of requests for their data. We may also publish transparency reports summarizing government requests.

3.5 During Business Transfers: If panchayath (or its operating company) is involved in a merger, acquisition, investment, or sale of all or a portion of its assets, your data might be transferred to the new owner or merged entity. For example, if a larger company acquires us, user information would likely be one of the assets transferred. In such events, we will ensure the new entity is bound to respect your personal data in line with this Privacy Policy (or you'll be given a chance to opt out if the policies change). We will notify users of any ownership change or data transfer in advance via the app or email so you can make choices (like deleting your data if you don't want to continue under new management).

3.6 In an Aggregated or De-identified Form: We may share information that does not identify you personally. For instance, publishing reports like "50% of our users engage in local civic issues" or "We have X thousand users in Delhi." Or sharing heatmaps of activity without personal identifiers. We may also share hashed or anonymized data with researchers or partners for social good projects (e.g., a university studying community networks might get a dataset with user IDs replaced by random codes, and messages cleaned of personal info). Proper care will be taken that such sharing cannot be traced back to individual identities.

4. Data Storage and Security

4.1 Data Location: All your personal data and content is stored on servers within India. We use Azure's India data centers and databases hosted in India. This not only improves speed for local users but also aligns with India's approach to data sovereignty. Even any backup or disaster recovery systems we use will be located in India. We will not transfer your personal data outside India unless absolutely necessary for the service or compliance (and if we do, we'll follow the DPDP Act's provisions on cross-border transfer, ensuring the recipient country is whitelisted or appropriate safeguards are in place). As of now, enjoy the peace of mind that your data stays in-country.

4.2 Security Measures: We employ a variety of security measures to protect your data from unauthorized access, use, or disclosure. These include:

  • Encryption: Data is encrypted in transit (HTTPS/TLS on our app and website, meaning your interactions are encrypted). Sensitive fields (like passwords, which are hashed & salted, or any stored ID document scans) are encrypted at rest in our databases. We also encourage using end-to-end encryption for messages if possible (we will indicate which communications are E2EE).

  • Access Controls: Our team access to personal data is strictly controlled. Only authorized personnel with a need (e.g., tech team for server maintenance, or support team when assisting you) can access user data, and even then, limited to what's necessary. We train employees on data security and confidentiality. We also implement measures like 2-factor auth for our internal admin tools.

  • Security Audits: We regularly test our systems for vulnerabilities. This may include hiring third-party security experts to do penetration testing. We also comply with "reasonable security practices" as per India's IT Act (which often implies following standards like ISO 27001 or equivalent). We might not be certified yet if we're a startup, but we aim to follow industry best practices.

  • Anomaly Detection: Our systems have checks for unusual activities (as mentioned in how we use data for security). We also monitor for brute-force attempts or bots to prevent account compromise. Features like OTP verification, login alerts, and rate limiting help prevent misuse.

  • Data Minimization: We try not to collect or retain more data than needed. If something is not needed, we don't store it. If we only need aggregated results, we anonymize data. This way, even in an unlikely breach, the impact is minimized.

  • Physical Security: Though we're on cloud, the data centers we use (Azure) have robust physical security (guards, biometric access, etc.). For any physical documents (like if you send a written grievance), our office keeps them secure and only authorized staff can see them.

4.3 Data Breach Response: In the unlikely event of a data breach (unauthorized access to our systems causing compromise of personal data), we will follow all legal requirements of breach notification. The DPDP Act requires notifying the Data Protection Board of India and possibly affected users upon certain types of breaches. We will promptly inform users of what happened, what data is affected, and what we are doing about it. We might do this via in-app notification, email, or even public notice if broad. We will also take immediate steps to contain and mitigate the breach, like patching any vulnerability and possibly forcing password resets if needed.

4.4 User Responsibilities: We also urge you to take steps to secure your own account. Keep your password or OTP confidential. Use a strong unique password if using that method. Don't share verification codes. If you use a public/shared device, always log out. We cannot guarantee security if your own login info is compromised due to negligence on your side. Also beware of phishing – we will never ask for your password via phone or unsolicited emails. If you suspect any security issue, contact us right away.

Despite our best efforts, no system is 100% secure. However, we are committed to keeping abreast of new security technologies and updating our defenses. Your trust is paramount.

5. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Here's how retention generally works on panchayath:

  • Active Account Data: As long as you have an account with us, we will retain the information you provide (profile, posts, messages, etc.) so that the service functions. This includes your content, which remains available to other users or communities unless you delete it or delete your account.

  • Deleted Content: If you delete a specific piece of content (like remove a post or comment), it will no longer be visible to other users. However, we might keep a backup copy for a short period (to enable restoration in case you deleted by accident, or to aid any investigation of misuse). Generally, standard deletion will clear it from active database, but remnants might linger in backups for up to [X days, e.g., 30 days] after which our backups rotate. If the content was subject to a report or legal inquiry, we may retain it as needed until that matter is resolved.

  • Account Deletion: If you choose to delete your account, we will initiate deletion of your personal data. This means your profile will be deactivated and eventually removed from our systems. Posts you made will typically be dissociated from your identity (for example, we might show them as from a "Deleted User" in public threads, or remove them entirely – we will clarify in our help center how that works). Direct messages you sent may remain in recipients' inboxes (similar to how emails remain in someone's inbox even if you delete your email account). We aim to complete full deletion of your personal data from production systems within [for example, 30 days] of the request, barring data we must retain (see next point). We'll also wipe you from active user lists and stop any further processing.

  • Legal/Required Retention: Certain data we might need to keep even after account deletion or content removal:

    • As mentioned, intermediary law requires us to keep records of particular removed content and related information for 90 days in case authorities need it. So if you posted something that was removed, we may archive it securely for that period.

    • Transactional Records: If any financial transactions occurred, we keep records as required by tax and accounting laws (e.g., invoice data might be kept for 7 years).

    • Grievance and Support Logs: If you had a dispute or grievance, we might retain those communications and outcomes to defend against future legal claims or to show regulatory compliance, typically for a legally advised period (perhaps 3 years, unless a specific case needs longer).

    • Backup Storage: Our backups may store data for a certain retention cycle (e.g., encrypted backups retained for up to 90 days). These are not readily accessible but are erased on schedule.

    • Anonymized Data: We might retain anonymized or aggregated data (which is no longer linked to your identity) indefinitely for analytics. For example, overall platform usage stats aren't deleted just because one user left, because they're not tied to personal info.

When retention periods expire, we securely delete or anonymize the data. For physical documents, that means shredding or incineration; for electronic, permanent deletion from storage.

If you wish to know if specific data of yours still lingers after deletion, you can contact us – we'll clarify if anything was retained and why. Rest assured, we do not keep data longer than we truly need to.

6. Your Rights and Choices

As a user (or "Data Principal" under DPDP terminology), you have several rights regarding your personal data that we respect and uphold:

  • Right to Access: You can request a copy of the personal data we hold about you. This typically includes data like your profile info, the content you provided (posts, comments), and log info associated with your account. We aim to provide this in a reasonable format, usually electronic. Some data (like sensitive logs or proprietary algorithmic output) might be exempt, but we'll be transparent. You can also see much of your info in-app (e.g., your profile details, your posts). For anything not directly viewable, contact us.

  • Right to Correction: If any of your personal data is inaccurate or outdated, you have the right to have it corrected. Most basic info you can edit yourself (like changing your profile details). If you need something corrected that you can't edit (say, a volunteer status detail, or an error in data we have), let us know and we will update it after verification. We may ask for proof for certain changes (e.g., if you want to correct your name spelling, we might need to verify identity to prevent fraud).

  • Right to Erasure (Deletion): You have the right to request deletion of your personal data. You can delete individual pieces of content or your entire account. As described in Data Retention, we will honor such requests and remove your data, except for the limited cases where we must retain certain data (which we will inform you about). If you want a clean slate, deleting your account is the straightforward way – that triggers removal of most data. For selective deletion (like "please delete my voice recordings but not my text posts"), you can contact us and we'll try to accommodate if it's feasible. Do note, once data is deleted, it's irreversible – we cannot recover it.

  • Right to Withdraw Consent: Where we rely on your consent to process data (e.g., for receiving marketing emails, or for sharing data with a service provider), you can withdraw that consent at any time. For example, you can opt out of promotional notifications, or disable location access if you no longer want us to use precise location. If you withdraw consent for something like voice transcription, you can still use the app but that particular feature won't function (since we need the processing to provide it). Withdrawal of consent doesn't affect the legality of processing we did prior to withdrawal.

  • Right to Grievance Redressal: As explained, if you have any issues or feel your rights are being infringed, you can lodge a grievance with our CGO. Additionally, under DPDP Act, if you're not satisfied with our resolution, you can escalate to the Data Protection Board of India once it's established. We hope to resolve directly, but the right is there.

  • Right to Portability: This right (common in many regimes) allows you to get your data in a machine-readable format so you could reuse it elsewhere. If you request, we will provide your core data (like posts, profile info, contacts) in a structured format (likely JSON or CSV exports). However, this may not include data that has intermingled info of others (like comment threads), for privacy reasons of others. We'll do our best to give what's yours. Note: DPDP Act doesn't explicitly list portability like GDPR, but we aim to be user-friendly.

  • Right to Object/Opt-out: You can object to certain processing (like if we started a new data use, you could say no). For instance, if we ever do any direct marketing calls or something (we currently do not), you can opt out. Or if you don't want your public posts to be included in any aggregate trend or something, you can tell us – though normally aggregated data isn't personally identifiable.

  • Right to Nominate: Uniquely, the DPDP Act allows you to nominate someone to exercise your rights in case of death or incapacity. If you want, you can provide us with details of a nominee (perhaps through account settings or by written request) – for example, a trusted family member – who can reach out to us to handle your account/data if you're no longer able. This could include requesting deletion or memorialization of your account. We will verify such requests thoroughly to avoid misuse.

  • Right relating to Automated Decision Making: panchayath doesn't really have decisions that purely affect you legally (like credit approvals) by algorithms, but we do have feed algorithms. If you ever feel an automated process is unfair (like if we ever had an automated moderation that took action on you), you have the right to request human review. Our moderation decisions generally have human involvement anyway for important ones.

How to Exercise These Rights: Most rights can be exercised through the app settings or by contacting us (the CGO or a dedicated email like privacy@panchayath...). We may need to verify your identity for such requests (to ensure someone else isn't impersonating you to get your data). We will respond to requests within a reasonable timeframe – usually within 15 days as per grievance norms, and for data access/correction, the DPDP might specify within 30 days. We'll inform you if we need more time or if any request can't be fulfilled due to legal reasons.

There is typically no fee for these requests. But if something is excessive or unfounded (like repetitive requests), we might charge a minimal fee or refuse, as allowed by law, but we'd explain why.

We're dedicated to empowering you with control over your information. Check out the app's account settings for quick options (like download data, delete account, manage consents). And always feel free to reach out for any privacy questions.

7. Children's Privacy

panchayath is generally designed for adults and teens in the community, not young children. As we stated in Eligibility, you must be 18 or older to create an account; if you are below 18, you should only use the platform under parental consent and supervision.

No Users Under 13: We do not knowingly allow children under 13 to register. If you are below 13, please do not use panchayath. If we discover an account that appears to be of a child under 13, we will take steps to remove or disable it. A parent/guardian can contact us to request deletion of any data for a child account if one was created in violation of this rule.

Ages 13–17: Teenagers between 13 and 17 may be permitted to use the platform only with a parent or guardian's verifiable consent (as required by the DPDP Act). Practically, this might mean we'll have a mechanism during sign-up for that age group to provide a parent's email/phone to send a consent request, or require some KYC of the parent. Without such consent, we cannot allow continued use. Parents/guardians are expected to supervise the teen's activities on panchayath. They also have the right to access and correct the child's data on their behalf, or even request deletion (which we will treat as if the child requested it).

Limited Features for Minors: If you are under 18, certain features may be restricted for your protection. For example:

  • We will not serve targeted ads to minors, nor profile them for advertising. Any ads, if shown, will be contextual or generic.

  • Certain sensitive community groups or topics (like a group marked 18+) will not be accessible. We might also restrict the visibility of the minor's profile details (for instance, maybe only first name and no photo visible publicly by default, to protect them).

  • Location sharing by minors might be fuzzed (we may ensure that their precise location isn't pinpointed to strangers).

  • We might display a special badge or indicator (not publicly, but internally) so moderators know a user is a minor, and can apply extra caution in interactions or content moderation (e.g., if a minor reports harassment, that's taken very seriously).

Parental Controls: We encourage guardians to guide their teens on safe internet use. If a parent wants to monitor the teen's activity, they can request a data access (to see what their ward has posted, etc.). We may provide guardians limited access or summaries if appropriate and lawful. We also allow a guardian to request deletion or to lodge complaints on behalf of the minor.

Educational Content: We aim to provide some safety tips for younger users (like prompts about not sharing personal info publicly, being cautious with strangers, etc.). We might partner with child-safety organizations to ensure our platform is as safe as possible for teens.

No Harmful Processing: We abide by the DPDP Act's mandate to refrain from any processing that can cause detrimental effects to a child's well-being. We do not do behavioral tracking on children or show any content that is age-inappropriate knowingly. If any content is rated or found to be unsuitable for minors (violence, etc.), we will try to filter it out for underage accounts, or at least provide a warning and require guardian oversight to view.

If you are a parent/guardian and discover your child under 18 is using panchayath without consent, please contact us. We will work with you to ensure the child's data is handled properly – whether that's obtaining consent correctly or deleting the data.

8. Cookies and Tracking Technologies

(If panchayath has a web interface or uses cookies in-app for any reason, we include this; if not, this section can be minimal.)

panchayath uses cookies and similar tracking technologies to improve your experience. Here's what you need to know:

  • What are Cookies? Cookies are small text files stored on your browser or device by websites or apps. They often contain an identifier and site name and some data. They help the site/app remember your preferences or recognize you on return visits. Similar tech includes local storage, pixel tags, and SDKs in apps – which function to track usage or store data in your device.

  • How We Use Them:

    • Authentication: When you log into the web portal (if we have one), a cookie might keep you logged in by remembering your session ID, so you don't have to login on every page.

    • Preferences: Cookies might store your preferences, like if you dismissed a certain intro tutorial so we don't show it again, or your chosen language on the site.

    • Analytics: We use cookies or mobile IDs for analytics purposes. For example, we might use Google Analytics which sets cookies to track page views and user interactions in aggregate. This helps us understand how people navigate panchayath, which pages are visited frequently, etc., so we can improve layout and content. The data collected is aggregated and not used to personally profile you for external purposes.

    • Feature Functionality: Some features might rely on local storage. For instance, if we implement a "remember this device" for OTP login, we might store a token on your device so next time we trust the device. Or caching certain content so the app loads faster next time.

    • Advertising (if applicable): Right now, we do not serve third-party ads that would use tracking cookies. If that changes, we will update this policy and ask consent. We commit that we will not allow third-party ad networks to collect your data without your knowledge. If any ads are shown, they might come with their own cookies (like Google Ads cookies) to avoid showing you the same ad repeatedly and measure ad performance. We would obtain appropriate consent for such cookies as per law (opt-in if required).

  • Your Choices: When using our website for the first time, we will show a cookie notice if required by law. You can choose to disable non-essential cookies. Most browsers also allow you to block or delete cookies. However, note that if you disable cookies, some features (especially the web login or preferences) might not function properly. In the app, you can reset the advertising identifier or opt-out of analytics to some extent by toggling "Limit Ad Tracking" or equivalent in your device settings (though again, we currently don't have targeted ads, but for analytics SDKs, some respect those settings). We will provide in-app toggles for analytics/ tracking where feasible, to honor any Do-Not-Track signals as well. For example, we might have a "Privacy Settings" section where you can say no to "Improve panchayath by sending usage analytics" – that would disable our analytics tracking from your app.

  • Third-Party Tracking: We minimize third-party tracking. We do not embed social media widgets that siphon data, nor do we allow unauthorized third parties to track you on panchayath. If we ever link to external sites (like a news article), once you leave our app to that site, their cookies policy applies. We encourage you to review those if concerned.

  • Do Not Track: Currently, industry has a mixed approach to DNT signals. But if our web portal detects a DNT header, we will treat it as an opt-out of analytics cookies at least. On mobile, as mentioned, we respect OS-level ad tracking preferences.

In summary, cookies help us make panchayath run reliably and personalize your experience, but you have control. You can delete cookies after using our site, use incognito mode, etc., for privacy. We don't use cookies to invade your privacy – just to provide the service and understand usage.

9. Third-Party Links and Services

panchayath may contain links to third-party websites, content, or services that are not owned or controlled by us. For example, a user might share a YouTube video link, or we might have an integration where tapping an "Pay Now" button opens a payment gateway's page. Additionally, as mentioned, we use third-party APIs (like maps or transcription).

This policy does not cover how those external entities process your data. If you visit a third-party link or use an external service via panchayath, their privacy policy and terms will govern your interaction there. We recommend you review the privacy practices of any third-party site or service you access.

Examples to be aware of:

If a service provider posts a link to their own website in their profile, clicking that takes you out of our app and into their domain – any data you provide there (like filling a form) is not covered by panchayath.

If we show YouTube videos within the app (embedded), YouTube might collect usage data (they often do via their iframe). We would try to use privacy-enhanced mode if possible, but some info may leak (like your IP to YouTube's servers to stream the video).

Map integration: If showing a Google Map for location selection, Google might log that a certain user (just by IP/device) requested map data.

Advertisers: If in future we display external ads, clicking an ad might take you to the advertiser's site or app store. They might track that click came from panchayath (using UTM parameters or cookies).

  • Social Media: We may have panchayath's own social media pages (Facebook, Twitter etc.) – if you follow a link to those or share content to those platforms (like a "Share on Facebook" button), the data goes to that platform.

We will not give these third parties any more info about you than necessary for the integration. For instance, if using a payment gateway, we provide the transaction details but not, say, your entire panchayath profile. We also try to sandbox content – e.g., an in-app browser for external links so you know you left panchayath (and can easily come back).

That said, once you interact with any external provider, please consider their privacy commitments. If you discover any third-party link on panchayath that you believe is malicious or violating privacy, please report it to us so we can take action (we don't want phishing links or such on our platform).

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes (e.g., we start collecting new data or change how we use data in a significant way), we will notify you clearly – likely through an app notification or email, and by updating the "Last Updated" date at the top.

For minor changes (wording clarifications, small adjustments that don't affect your rights), we might just update on our website/app and the date.

We encourage you to review this policy periodically. If you continue to use panchayath after a new version of the policy is effective, it means you accept the revised practices. If you do not agree with any update, you have the choice to stop using the service and request deletion of your data.

We will also keep an archive of past versions accessible (perhaps via our website) for transparency, so you can see what changed.

Your continued trust is important to us – we will not reduce your rights under this Privacy Policy without your explicit consent. In fact, if future Indian rules require more user rights or protection, we aim to incorporate those promptly.

11. Contact Us

If you have any questions, concerns, or requests regarding these Terms or the Privacy Policy, here's how you can reach us:

  • Chief Grievance Officer: [Name], Email: [[email protected]], Address: [Full postal address]. (For any grievances, complaints, or legal notices. As detailed in Section 10 of Terms, this is the primary contact for user grievances under law.)

  • Data Protection Contact: (If different from CGO, otherwise CGO doubles as this role.) You can use the same contact for any privacy-specific queries or requests (data access, deletion, etc.). Please mention "Data Request" or similar in the subject for clarity.

  • Support Team: For general app support or questions (not necessarily legal/privacy issues), you might reach us at [[email protected]] or via the in-app help section.

  • Office Address: [Company Name if any], [Floor/Unit], [Building], [Street], [City], [State], [PIN], India. This is our registered office where one can send correspondence. (Please note, physical mails will have slower response; email is preferred.)

We will do our best to respond promptly to any inquiry. When writing to us, do not include sensitive information like passwords. If you're contacting to exercise a right, please detail your request and include proof of identity if we ask (for sensitive requests, to ensure we're dealing with the right person).

Our goal is to be an open book – so never hesitate to reach out for clarification on any point in these Terms or our data practices. Your understanding and comfort with how we operate is crucial.

Disclaimer: panchayath is a private community platform and is not affiliated with, endorsed by, or connected to any government entity.

Footer & Confirmation: Thank you for being part of panchayath. By using our platform, you show that you agree to these Terms and have read our Privacy Policy. We are excited to help build stronger local communities with you, under these robust guidelines that protect everyone. Let's uphold these principles together and make our "digital panchayath" a model community 🎉.

(End of Terms and Privacy Policy)