PrajaPulsePrajaPulse.

    Privacy Policy

    How PrajaPulse collects, uses, and protects your data.

    Last updated: June 2026

    Introduction

    PrajaPulse ("we", "our", or "the Platform") is a community-driven civic awareness platform that helps citizens document, organise, and track civic issues publicly. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the choices you have. By using PrajaPulse, you agree to the practices described here.

    1. Legal Basis for Processing

    We process your personal data under the Digital Personal Data Protection Act, 2023 (DPDP Act) based on:

    Your consent, provided at registration and when you voluntarily submit reports, photos, and other content.

    Legitimate interests in operating a civic awareness platform, preventing fraud, and ensuring platform safety.

    Legal obligations under applicable Indian law (IT Act 2000, IT Rules 2021).

    You may withdraw consent at any time by deleting your account. Withdrawal does not affect the lawfulness of processing done before withdrawal.

    2. Information We Collect

    We collect only what is necessary to operate the platform effectively and ensure accountable civic participation.

    Account & IdentityName, email address, and profile photo provided during registration or via Google Sign-In.
    Location DataState, district, taluk, ward, and area you select, plus optional GPS coordinates when tagging an issue.
    Civic ContentIssue reports, descriptions, photos and videos you upload, comments, support votes, and community verifications.
    Reputation & ActivityTrust score, reputation tier, volunteer status, civic group memberships, and activity history on the platform.
    Technical & SecurityIP address, login timestamps, device type, and browser agent — used exclusively for security auditing.
    NotificationsYour notification preferences and any in-app or email alerts you receive about issue progress.

    3. How We Use Your Information

    Your data is used exclusively for the following purposes:

    Operate and personalise the PrajaPulse civic platform.

    Help citizens document and organise issues by the likely responsible department (for community reference only — we do not officially submit reports to any government body).

    Calculate trust scores and reputation tiers to promote accountable participation.

    Send transactional emails (issue updates, two-factor codes, volunteer confirmations).

    Send best-effort notifications to designated officials who have voluntarily registered on the platform.

    Detect and prevent fraud, spam, and abuse.

    Improve platform features based on aggregated, anonymised usage patterns.

    Respond to support requests and legal obligations.

    We will NEVER sell, rent, or trade your personal data to advertisers, data brokers, or any third party for commercial purposes — ever.

    4. Anonymous Reporting — What It Means

    PrajaPulse supports anonymous civic participation. When you choose to post anonymously, your name and profile photo are hidden from the public and other users.

    Important: "Anonymous" means your identity is hidden from other users. It does NOT mean we do not know who you are. We retain an internal record (your account ID) linking anonymous reports to your account. This is necessary for platform integrity, preventing abuse, and tracking issue progress. This internal record may be disclosed under valid legal orders from Indian courts.

    5. Disclosure Under Legal Obligation

    We may disclose your personal data (including data associated with anonymous reports) if compelled by:

    A valid court order from an Indian court of competent jurisdiction.

    A lawful government direction under applicable Indian law.

    Legal obligations under the IT Act 2000, IT Rules 2021, or DPDP Act 2023.

    Prevention of imminent harm to life or public safety.

    We will notify you of such disclosure unless legally prohibited from doing so.

    6. Data Sharing & Third-Party Services

    We share data with a limited set of trusted service providers who are contractually bound to handle your data securely. We do not share data with government authorities unless legally required (see Section 5).

    Google / FirebaseOAuth sign-in, authentication, push notifications, and cloud messaging.
    CloudflareCDN delivery, DDoS protection, and SSL termination for all platform traffic.
    Cloudflare R2Secure object storage for photos and media attached to issue reports.
    Hostinger SMTPTransactional email delivery for notifications, 2FA codes, and account alerts.

    7. Cookies & Local Storage

    PrajaPulse uses browser cookies and local storage solely for:

    Maintaining your authenticated session (JWT tokens).

    Saving your theme preference (light / dark / system).

    Caching civic data for faster page loads.

    We do not use tracking, advertising, or analytics cookies. Cloudflare may set security cookies as part of its DDoS protection layer.

    8. Data Retention

    We retain your personal data for as long as your account is active or as needed to provide the platform's services. Issue reports may be retained for a longer period to maintain community accountability records.

    When you delete your account, we remove your personal identifiers (name, email, profile photo) within 30 days. Anonymised, aggregated civic data (e.g., issue statistics per ward) may be retained indefinitely for public interest purposes.

    9. Data Security

    We employ industry-standard safeguards to protect your data:

    All data in transit is encrypted with TLS 1.2 / 1.3 (HTTPS enforced).

    Media files are stored in private, access-controlled cloud storage buckets.

    Passwords are never stored in plain text — we use secure hashing via Django's authentication framework.

    JWT access tokens are short-lived with rotating refresh tokens.

    Failed login attempts are rate-limited and monitored.

    No system is 100% secure. If you believe your account has been compromised, contact us immediately at [email protected].

    10. Data Breach Notification

    In the event of a data breach that may affect your personal data, we will notify affected users within 72 hours of becoming aware of the breach, as required under the DPDP Act 2023, and report to the Data Protection Board of India as applicable.

    11. Your Rights

    Under the DPDP Act 2023 and applicable Indian law, you have the following rights over your personal data. To exercise any of these, email us at [email protected].

    AccessRequest a copy of the personal data we hold about you.
    RectificationCorrect inaccurate information in your profile at any time via account settings.
    ErasureRequest deletion of your account and associated personal data.
    PortabilityReceive your data in a structured, machine-readable format.
    ObjectionObject to specific processing activities where we rely on legitimate interests.
    WithdrawalWithdraw consent at any time without affecting prior lawful processing.
    NominationNominate a person to exercise your data rights in case of your death or incapacity (as per DPDP Act 2023).

    We will respond to all data rights requests within 30 days. We may need to verify your identity before processing the request.

    12. Users of All Ages

    PrajaPulse is open to users of all ages. We do not knowingly collect age-specific data. If you are under 18, you confirm that you have parental or guardian consent to use the Platform. The Platform strictly prohibits nudity, sexual content, and material harmful to minors.

    If you believe a minor's data has been collected without appropriate consent, contact us at [email protected] and we will take appropriate action.

    13. Governing Law

    This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the IT (Intermediary Guidelines) Rules, 2021. Disputes shall be subject to the exclusive jurisdiction of courts in Bengaluru, Karnataka, India.

    14. Changes to This Policy

    We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. If changes are material, we will notify you via email or an in-app notice at least 7 days before the changes take effect.

    15. Grievance Officer & Contact

    For any privacy questions, data requests, content takedown requests, or concerns about how your data is handled, contact our Grievance Officer:

    Acknowledgement within 24 hours. Resolution within 15 days (as per IT Rules 2021).