Your privacy is important to us. This policy explains what data we collect, why, and how we protect it — in compliance with the Information Technology Act, 2000, SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023.
1. Information We Collect
Information you provide
- Identity details: name, date of birth, mobile, email, address, profile photo
- Government IDs (optional but recommended): Aadhaar, PAN
- Bank account details (for payouts)
- Supporting documents for donation applications (marriage cards, medical reports, admission letters, death certificates, etc.)
Information collected automatically
- IP address, device info, browser type
- Pages visited, time spent, referrer URL
- Cookies and similar tracking technologies
2. How We Use Your Information
- To create and manage your donor account
- To verify identity and process payouts
- To send you payment reminders, updates, and notifications (via email, SMS, WhatsApp)
- To comply with legal, tax, and regulatory requirements
- To prevent fraud, abuse, or misuse of the platform
- To improve our services and communicate with donors
3. Sharing of Information
We do not sell your personal data. We share limited information only with:
- Payment gateway (Razorpay) — to process payments securely
- Service providers — SMS/email/WhatsApp delivery partners, cloud storage
- Auditors, legal counsel — under confidentiality obligations
- Regulatory authorities — when required by law
- Hospitals/institutions/vendors — when funds are disbursed directly for your approved application
4. Public Display (Campaign Pages)
If you choose to make your donation case publicly visible on our Crowdfunding page, your name, city, story, and photo may appear publicly. This is always opt-in and can be withdrawn. Sensitive medical records are never publicly displayed.
5. Data Security
- SSL/TLS encryption for all data transfer
- Documents stored in encrypted cloud storage (Cloudflare R2) with access controls
- Payment card details never stored on our servers — handled entirely by PCI-DSS compliant Razorpay
- Role-based access for staff with audit logs
6. Retention
We retain your data for as long as your donor account is active, plus 7 years after termination to meet statutory/tax obligations. After this period, we delete or anonymize personal data.
7. Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct or update inaccurate information
- Request deletion of data (subject to legal retention rules)
- Withdraw consent for marketing communications at any time
- File a complaint with the Data Protection Board of India
To exercise any of these rights, email privacy@easylifefoundation.org. We respond within 30 days.
8. Cookies
We use essential cookies for login sessions and analytics cookies (Google Analytics) to understand site usage. You can disable cookies in your browser, but some features may not work.
9. Children's Privacy
Our platform is not intended for individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided us data, please contact us for immediate removal.
10. Changes to This Policy
We may update this policy. Material changes will be notified via email and WhatsApp with 30 days' advance notice.
11. Contact — Data Protection Officer
Name: Data Protection Officer, Easy Seva Foundation
Email: privacy@easylifefoundation.org
Phone: +91 98765 43210
Address: Registered Office, Patna, Bihar