1. Introduction: Our Commitment to Your Privacy
Welcome to the Rashtrawadi Connect App. This Privacy Policy explains how DesignBoxed Innovations Pvt. Ltd. ("Company," "we," "us," "our"), as the Data Fiduciary, collects, uses, shares, and protects your personal data when you use our mobile application ("App").
We are committed to protecting your privacy and handling your data in an open and transparent manner, in compliance with India's Digital Personal Data Protection (DPDP) Act, 2023. This policy applies to all personal data we process through the App.
2. Your Consent
Your privacy is paramount. We will only process your personal data after obtaining your explicit consent. During the registration process and before collecting any personal data, we will present you with a clear and easily understandable notice describing the data we need and the specific purposes for which we will use it.
In accordance with the DPDP Act, 2023, your consent must be "free, specific, informed, unconditional, and unambiguous with a clear affirmative action". This means you will be required to take a positive step, such as ticking a checkbox, to confirm your agreement.
You have the right to withdraw your consent at any time through the settings within the App. Upon withdrawal, we will cease processing your personal data, unless retention is required by law. Please note that withdrawing consent may result in your inability to access certain features or the entirety of the App.
3. The Personal Data We Collect
To provide and improve our services, we collect various types of personal data. We have categorized this data based on how we collect it:
A. Data You Provide to Us (User-Provided Data):
- Registration & Profile Data: When you create an account, we collect your full name, email address, phone number, residential address, age, gender, and the state you belong to. We also require you to take a mandatory profile picture via a selfie at the time of registration. Where you share sensitive personal data (e.g., political affiliation, location, or contact information of third parties), such data will be handled with heightened security measures, including restricted access and additional audit trails.
- Login Credentials: We collect your password for account access. You also have the option to use social logins (Facebook, Google) or biometric authentication (fingerprint/Face ID). When using biometrics, the authentication is processed securely on your device, and we do not receive or store your biometric data on our servers.
- User-Generated Content: Any content you create or share on the App, including posts, comments, photos, videos, and messages within the one-to-one and group chat features.
- Task & Survey Data: Information, remarks, and media (photos, videos) you upload as proof of task completion. We also collect your responses to any surveys, quizzes, or polls conducted through the App.
- Third-Party Data: Personal data of other individuals that you voluntarily provide through the Grievance Management module or the Cadre Onboarding feature, such as a voter's name and grievance details, or a new member's contact information. If you upload or share personal data of third parties, you confirm you have obtained their consent and have informed them about this Privacy Policy.
B. Data We Collect Automatically (Automatically-Collected Data):
- Location Data: With your permission, we collect your precise real-time GPS location when the App is in use. This is used to auto-detect your location during registration, to geotag media uploads for task verification, and to enable location-based features like heatmaps. For certain volunteer roles, we may also collect GPS trail data during fieldwork to track progress and performance.
- Device & Usage Information: We automatically collect information about your device and your interaction with our App, including your unique device ID, IP address, mobile operating system, browser type, and detailed user activity logs (e.g., login timestamps, features accessed, time spent on different screens).
- Transaction & Reward Data: We maintain logs of all rewards you earn, the criteria met, redemption requests, and fulfillment tracking information, including dispatch and delivery confirmation data.
4. Purpose of Data Processing (Why We Use Your Data)
The DPDP Act, 2023, requires that you are informed of the specific purpose for which your data is being processed. A generic statement is insufficient for legal compliance and transparency. The following table maps each category of personal data we collect to the specific purposes for which it is used. This structure ensures you can make a fully informed decision when providing consent.
| Personal Data Category | Purpose(s) of Processing |
|---|
| Registration & Profile Data | To create, secure, and manage your user account; To verify your identity as a legitimate party worker; To personalize your in-app experience. |
| Login Credentials | To authenticate and provide secure access to your account and its features. |
| Location Data | To enable geotagging for task verification; To provide location-based analytics (e.g., heatmaps of activity); To track volunteer fieldwork for performance assessment and resource allocation. |
| User-Generated Content | To enable the core communication and content sharing features of the App; To monitor and moderate content to ensure compliance with our Terms and Conditions. |
| Task & Survey Data | To manage, assign, and verify the completion of tasks; To calculate and allocate rewards based on performance; To gather feedback and political insights through surveys and polls. |
| Device & Usage Information | To monitor and improve the performance, stability, and security of the App; For fraud detection and prevention; To generate aggregated and anonymized statistical analytics. |
| Third-Party Data (GMS/Onboarding) | To process grievances and onboard new members as initiated and explicitly authorized by you, on behalf of the third party. |
| Analytics & Scoring Data | To generate leaderboards based on performance; To calculate behavior scores for volunteers; To power AI-driven suggestions for optimizing party activities and campaigns. |
5. Data Sharing and Third-Party Disclosures
We do not sell your personal data. We only share your data in the following limited circumstances:
- With Service Providers: We engage trusted third-party companies to perform services on our behalf, such as cloud hosting and database services (Google Cloud Platform and Firebase), SMS and email delivery (Txtlocal, Sendgrid), and in-app chat functionality (Agora). These providers are contractually obligated to protect your data and are only permitted to use it for the specific services they provide to us.
- Within the Party Hierarchy: Your data, including performance metrics and task completions, is shared with your designated superiors (e.g., Managers, Admins) within the party structure for the purpose of management, oversight, and coordination, based on a strict role-based access control system.
- For Legal Obligations: We may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, a court order, or a request from a government or law enforcement agency.
6. Your Rights as a Data Principal
Under the DPDP Act, 2023, you have several rights concerning your personal data. You can exercise these rights by contacting us.
- Right to Access Information: You have the right to request and obtain a summary of your personal data that we are processing, the processing activities undertaken, and the identities of all other data fiduciaries or processors with whom your data has been shared.
- Right to Correction and Erasure: You have the right to correct inaccurate or incomplete personal data. You also have the right to request the erasure of your personal data once the purpose for which it was collected is no longer being served, or when you withdraw your consent.
- Right of Grievance Redressal: You have the right to a readily available means of registering a grievance with us. You can contact us for any concerns. You also have the right to escalate the matter to the Data Protection Board of India.
- Right to Nominate: You have the right to nominate another individual who can exercise your rights on your behalf in the event of your death or incapacity.
7. Data Retention and Security
Retention Policy:
Personal data is retained for up to 24 months after account deletion unless required longer by law or pending dispute. Upon account deletion or withdrawal of consent, your data will be erased from our active systems, subject to any legal obligations to retain it for a longer period.
Security Measures:
We are committed to protecting your data and have implemented "reasonable security safeguards" as required by the DPDP Act. These measures include:
- Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
- Secure Hashing: Passwords are never stored in plain text; they are securely hashed using industry-standard algorithms like bcrypt or Argon2.
- Access Control: We employ a strict role-based access control (RBAC) system to ensure that data is only accessible to authorized personnel on a need-to-know basis.
- Infrastructure Security: Our backend infrastructure is protected by Web Application Firewalls (WAF), regular security patching, and intrusion detection systems.
8. Processing of Children's Data
Our App is not intended for or directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without verifiable parental consent, we will take immediate steps to delete that information from our servers.
9. Cross-Border Data Transfers
Your personal data is primarily stored and processed on secure Google Cloud Platform servers located within India. If we need to transfer your data outside of India, we will only do so to countries that have been approved by the Government of India as providing an adequate level of data protection, in full compliance with the DPDP Act.
10. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy within the App and, where feasible, by sending an in-app notification or email.