PRIVACY POLICY

Last Updated: September 11, 2025

This Privacy Policy ("Policy") describes how the Organisation ("Organisation", "we", "our", or "us") collects, uses, stores, processes, and protects information provided by users ("you", "your", "User") when accessing or using the fundraising platform, website, and related services (the "Platform"). The Organisation is committed to ensuring the lawful, fair, and transparent processing of Personal Data and protecting the privacy and security of all individuals interacting with the Platform.

SCOPE & APPLICABILITY

  • This Policy applies to all Users of the Platform, including donors, visitors, NGOs, beneficiaries, and authorised representatives.
  • This Policy must be read together with the Website Terms & Conditions. By accessing or using the Platform, you consent to the practices described in this Policy.

DEFINITIONS

  • Personal Data: Any information relating to an identified or identifiable individual, including but not limited to name, Aadhaar number, PAN, email, phone, payment information, and address.
  • Sensitive Personal Data: Includes Aadhaar identifiers, financial details, passwords, and health data (if any provided).
  • Processing: Any operation performed on data, such as collection, storage, use, disclosure, transfer, or deletion.
  • KYC Data: Documents required for compliance (e.g., Aadhaar, PAN, registration certificates).
  • DPDP Act: Digital Personal Data Protection Act, 2023 and applicable rules.
  • FCRA: Foreign Contribution (Regulation) Act, 2010.

INFORMATION WE COLLECT

Information provided directly by Users

  • Full name, contact details (address, phone, email).
  • Aadhaar, PAN, Passport or other government ID (for KYC/AML compliance).
  • Financial information (bank account, payment card details, UPI IDs).
  • Organisation details of NGOs (registration certificates, trust deeds, FCRA approval letters).
  • Employment or designation information (if User is representing an NGO).

Automatically collected data

  • Device identifiers, browser type, operating system.
  • IP address, geolocation data, and access logs.
  • Usage data including pages visited, time spent, clickstream patterns.

Data from third parties

  • Payment gateway confirmations, chargeback reports, and settlement data.
  • Government verification systems (UIDAI authentication, PAN validation, FCRA filings).
  • Public records, regulatory filings, and NGO directories.

LEGAL BASES FOR PROCESSING

  • Consent: For optional data provided voluntarily (e.g., newsletter subscription).
  • Contractual Necessity: To provide services under Terms & Conditions.
  • Legal Obligation: For compliance with tax, FCRA, AML/KYC and other regulatory requirements.
  • Legitimate Interests: For fraud prevention, analytics, platform security, and donor–NGO transparency.

PURPOSES OF DATA USE

  • Verification of identity and completion of KYC.
  • Processing of donations and reconciliation with banks/payment gateways.
  • Compliance with legal and regulatory obligations (Income Tax Act, FCRA, UIDAI).
  • Issuance of donation receipts, 80G certificates, or other tax documentation.
  • Auditing, internal risk management, and fraud detection.
  • Communication with Users regarding services, campaigns, updates, or disputes.
  • Improving Platform functionality, analytics, and User experience.

USE OF AADHAAR & SENSITIVE DATA

  • Aadhaar details (if provided) will be used only for lawful KYC authentication/verification.
  • We will not store core biometric information or misuse Aadhaar identifiers.
  • Offline verification methods (QR code, XML) may be used where permitted.
  • Sensitive Personal Data shall be encrypted and accessible only to authorised personnel.

DISCLOSURE & SHARING OF DATA

  • Payment gateways, banks, and financial institutions (to process donations and settlements).
  • Regulatory authorities (Income Tax Department, FCRA authorities, UIDAI, RBI) as required.
  • Auditors, professional advisors, and service providers under confidentiality obligations.
  • Partner NGOs to provide donor details necessary for transparency and issuance of tax receipts.
  • We will never sell Personal Data to advertisers or third parties.

CROSS-BORDER TRANSFER

If donations or services involve foreign donors or international partners, Personal Data may be transferred outside India. Such transfers will occur only in compliance with applicable data transfer regulations and with reasonable safeguards in place.

DATA RETENTION

  • KYC and transaction records shall be retained for at least 8 years or as required by law/regulator.
  • Donor contact details may be retained until withdrawal of consent or account deletion.
  • Aadhaar or sensitive IDs shall not be stored beyond the lawful purpose for which they were collected.

DATA SUBJECT RIGHTS

  • Access – request a copy of their Personal Data.
  • Correction – request correction of inaccurate/incomplete data.
  • Withdrawal of Consent – withdraw consent for processing where processing is based on consent.
  • Deletion/Erasure – request erasure subject to legal retention requirements.
  • Grievance Redressal – raise complaints for misuse or unlawful processing.

Requests may be made in writing to the Data Protection Officer at the contact provided below.

SECURITY MEASURES

  • Encryption of sensitive data in transit and at rest.
  • Role-based access control and audit logs.
  • Regular vulnerability scans and penetration testing.
  • Staff training on confidentiality and data protection.

However, no system is completely secure; Users are advised to use strong passwords and maintain confidentiality of login credentials.

COOKIES & TRACKING

  • Session management.
  • Fraud prevention and security.
  • Analytics and site optimisation.
  • Remembering user preferences.

Users can adjust browser settings to refuse cookies, though this may affect functionality.

CHILDREN’S PRIVACY

The Platform is not intended for children under 18 years of age. We do not knowingly collect Personal Data from minors. If collected inadvertently, such data will be deleted promptly.

THIRD-PARTY LINKS & SERVICES

The Platform may link to third-party websites or integrate with external services (e.g., payment gateways, social logins). This Policy does not cover third-party privacy practices. Users are encouraged to review third-party policies separately.

UPDATES TO THIS POLICY

We may revise this Policy periodically. Significant changes will be notified via email or prominent notice on the Platform. Continued use of the Platform after changes constitutes acceptance.

GOVERNING LAW & JURISDICTION

This Policy is governed by the laws of India. Any disputes arising hereunder shall be subject to the exclusive jurisdiction of the competent courts at Gurgaon (Gurugram).