Privacy Policy

1. DATA FIDUCIARY & COMMITMENT

CiViC Bharat ("we," "us," or "our") act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDPA). We are committed to processing your personal data ("Personal Data") with the highest standards of transparency, purpose-limitation, and security.

2. LEGAL FRAMEWORK

This Privacy Policy is designed to comply with:

• Digital Personal Data Protection Act, 2023 (DPDPA)
• Information Technology Act, 2000 and related Intermediary Guidelines.

3. CATEGORIES OF DATA COLLECTED

To facilitate civic participation, we process the following categories of data:

• Identity Data: Name, verified mobile number, and email.
• Verification Data: Government-issued IDs where required for specific high-level grievance routing.
• Civic/Grievance Data: Text descriptions, geolocation data of the reported issue, images, and voice recordings.
• Technical Data: IP addresses and device identifiers to prevent bot-driven spam and coordinated misinformation.

4. LAWFUL BASIS FOR PROCESSING

We process Personal Data under the follow legal bases:

• Consent: Your clear, affirmative consent provided at the time of account creation.
• Performance of Public Duty: Processing is necessary for the performance of a public task or the exercise of any function under any law in India (Section 7 of DPDPA).
• Legitimate Interest: For the prevention of fraud, platform security, and ensuring the veracity of public grievances.

5. DATA SHARING & PURPOSE LIMITATION

We do not sell your data.

Data is shared exclusively with:

• Relevant Public Authorities: Your grievance and identity data are forwarded to the concerned government department solely for resolution.
• Cloud Service Providers: Stored on secure, Encrypted-at-Rest servers within India.
• Law Enforcement: Only upon receipt of a valid, lawful order under Indian Law.

6. DATA RETENTION & ERASURE

We retain data only for as long as necessary to fulfill the purpose of grievance facilitation or to comply with statutory legal requirements.

• Right to Erasure: Users may request deletion of their account. However, certain data may be retained if a grievance process is ongoing or if required by the IT Rules, 2021 for law enforcement cooperation.

7. DATA PRINCIPAL RIGHTS

Under the DPDPA, you have the following rights:

• Right to Access: Summaries of processed data.
• Right to Correction: Updating inaccurate information.
• Right of Erasure: Subject to legal retention mandates.
• Right to Grievance Redressal: Regarding any data processing concerns.
• Right to Nominate: Appointing a representative in the event of death or incapacity.

8. SECURITY MEASURES

We implement Industry-Standard Technical and Organizational Measures (TOMs), including AES-256 encryption, multi-factor authentication for administrative access, and regular security audits to prevent unauthorized data breaches.

9. CHILDREN'S PRIVACY

The Platform is not intended for individuals under 18. We do not knowingly process data from children without verifiable parental or guardian consent.

10. GRIEVANCE OFFICER

For any data-related queries or exercise of your rights:
Data Grievance Officer: Statutory Compliance Lead
Email: privacy@civicbharat.in