Compliant with DPDP Act 2023. We collect minimum necessary data and never sell your information.
1
Information We Collect
| Type | Examples | Required? |
|---|
| Identity | Name, gender, DOB | Yes |
| Contact | Mobile, email | Mobile required |
| Govt IDs | Aadhaar, PAN, Voter ID | Service-dependent |
| Address | Address, district, pincode | Yes |
| Documents | Photos, PDFs of IDs | Service-dependent |
| Financial | Wallet transactions, UTR | When paying |
| Technical | IP, browser, device | Automatic |
2
How We Use Your Data
- Process and submit government service applications on your behalf
- Verify your identity as required by government departments
- Send application status updates via SMS and notifications
- Provide customer support
- Prevent fraud and unauthorised access
- Comply with legal obligations
We never use your data for advertising or sell it to any third party.
3
Aadhaar Data Protection
We strictly follow UIDAI guidelines for Aadhaar data handling.
- Aadhaar encrypted at rest using AES-256
- Always masked in displays (e.g., XXXX XXXX 9935)
- Used only for the specific service that requires it
- We do not perform biometric authentication
- Never shared with any party other than the relevant government department
4
Data Sharing
- Government Departments: Application data to process your service
- Razorpay: Transaction data for payment processing only
- SMS Provider: Mobile number for OTPs and notifications
- Legal: If required by law or court order
We do NOT share data with advertisers, data brokers, or commercial third parties.
5
Data Security
HTTPS/TLS
All data encrypted in transit
AES-256
Sensitive data encrypted at rest
bcrypt (cost 12)
All passwords hashed
CSRF Protection
All forms protected
Secure Sessions
HTTPOnly cookies
Access Control
Documents restricted
6
Cookies & Tracking
- Session Cookie (SK_SESSION): Essential for login
- Language Preference: Stores EN/KN/TE choice
- Theme Preference: Stores colour theme
We do NOT use advertising cookies, Google Analytics, or any cross-site tracking.
7
Data Retention
| Data Type | Period | Reason |
|---|
| Application Records | 7 years | Government compliance |
| Uploaded Documents | 3 years | Legal compliance |
| Transaction Records | 8 years | Financial audit |
| Account Data | Until deletion + 30 days | Account management |
| Access Logs | 90 days | Security monitoring |
8
Your Rights — DPDP Act 2023
AccessView all data we hold
CorrectionCorrect inaccurate data
ErasureRequest account deletion
Withdraw ConsentStop data processing
PortabilityGet data in readable format
GrievanceLodge a complaint
Email privacy@sevakendra.in to exercise any right. Response within 30 days.
9
Children's Privacy
SevaKendra is not intended for children under 18. Applications for minors must be submitted by a parent or legal guardian.
10
Third-Party Services
- Razorpay — Payment processing. Their Privacy Policy
- Hostinger — Cloud hosting (India/Singapore region)
- QR Server API — QR code generation (no personal data sent)