How PrajaPulse collects, uses, and protects your data.
Last updated: June 2026PrajaPulse ("we", "our", or "the Platform") is a community-driven civic awareness platform that helps citizens document, organise, and track civic issues publicly. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the choices you have. By using PrajaPulse, you agree to the practices described here.
We process your personal data under the Digital Personal Data Protection Act, 2023 (DPDP Act) based on:
Your consent, provided at registration and when you voluntarily submit reports, photos, and other content.
Legitimate interests in operating a civic awareness platform, preventing fraud, and ensuring platform safety.
Legal obligations under applicable Indian law (IT Act 2000, IT Rules 2021).
You may withdraw consent at any time by deleting your account. Withdrawal does not affect the lawfulness of processing done before withdrawal.
We collect only what is necessary to operate the platform effectively and ensure accountable civic participation.
Your data is used exclusively for the following purposes:
Operate and personalise the PrajaPulse civic platform.
Help citizens document and organise issues by the likely responsible department (for community reference only — we do not officially submit reports to any government body).
Calculate trust scores and reputation tiers to promote accountable participation.
Send transactional emails (issue updates, two-factor codes, volunteer confirmations).
Send best-effort notifications to designated officials who have voluntarily registered on the platform.
Detect and prevent fraud, spam, and abuse.
Improve platform features based on aggregated, anonymised usage patterns.
Respond to support requests and legal obligations.
PrajaPulse supports anonymous civic participation. When you choose to post anonymously, your name and profile photo are hidden from the public and other users.
Important: "Anonymous" means your identity is hidden from other users. It does NOT mean we do not know who you are. We retain an internal record (your account ID) linking anonymous reports to your account. This is necessary for platform integrity, preventing abuse, and tracking issue progress. This internal record may be disclosed under valid legal orders from Indian courts.
We may disclose your personal data (including data associated with anonymous reports) if compelled by:
A valid court order from an Indian court of competent jurisdiction.
A lawful government direction under applicable Indian law.
Legal obligations under the IT Act 2000, IT Rules 2021, or DPDP Act 2023.
Prevention of imminent harm to life or public safety.
We will notify you of such disclosure unless legally prohibited from doing so.
We share data with a limited set of trusted service providers who are contractually bound to handle your data securely. We do not share data with government authorities unless legally required (see Section 5).
PrajaPulse uses browser cookies and local storage solely for:
Maintaining your authenticated session (JWT tokens).
Saving your theme preference (light / dark / system).
Caching civic data for faster page loads.
We do not use tracking, advertising, or analytics cookies. Cloudflare may set security cookies as part of its DDoS protection layer.
We retain your personal data for as long as your account is active or as needed to provide the platform's services. Issue reports may be retained for a longer period to maintain community accountability records.
When you delete your account, we remove your personal identifiers (name, email, profile photo) within 30 days. Anonymised, aggregated civic data (e.g., issue statistics per ward) may be retained indefinitely for public interest purposes.
We employ industry-standard safeguards to protect your data:
All data in transit is encrypted with TLS 1.2 / 1.3 (HTTPS enforced).
Media files are stored in private, access-controlled cloud storage buckets.
Passwords are never stored in plain text — we use secure hashing via Django's authentication framework.
JWT access tokens are short-lived with rotating refresh tokens.
Failed login attempts are rate-limited and monitored.
No system is 100% secure. If you believe your account has been compromised, contact us immediately at [email protected].
In the event of a data breach that may affect your personal data, we will notify affected users within 72 hours of becoming aware of the breach, as required under the DPDP Act 2023, and report to the Data Protection Board of India as applicable.
Under the DPDP Act 2023 and applicable Indian law, you have the following rights over your personal data. To exercise any of these, email us at [email protected].
We will respond to all data rights requests within 30 days. We may need to verify your identity before processing the request.
PrajaPulse is open to users of all ages. We do not knowingly collect age-specific data. If you are under 18, you confirm that you have parental or guardian consent to use the Platform. The Platform strictly prohibits nudity, sexual content, and material harmful to minors.
If you believe a minor's data has been collected without appropriate consent, contact us at [email protected] and we will take appropriate action.
This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the IT (Intermediary Guidelines) Rules, 2021. Disputes shall be subject to the exclusive jurisdiction of courts in Bengaluru, Karnataka, India.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. If changes are material, we will notify you via email or an in-app notice at least 7 days before the changes take effect.
For any privacy questions, data requests, content takedown requests, or concerns about how your data is handled, contact our Grievance Officer:
Acknowledgement within 24 hours. Resolution within 15 days (as per IT Rules 2021).