DPDP Rules 2025: Key Changes, Obligations & Implementation Guide
Read here

Privacy Policy for IndiaConsent

Effective Date: April 10, 2026

Last Updated: April 11, 2026 | Version 1.1

IndiaConsent (“Platform”) is operated by Jobihood Technologies Pvt Ltd, having its registered office at B-46, Ground Floor, Gujranwala Town-1, Delhi-110009, India (“Company”, “we”, “us”, “our”).

This Privacy Policy is issued in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the DPDP Rules, 2025.

IndiaConsent operates (or is preparing to operate) as a Consent Manager registered (or intending to register) with the Data Protection Board of India. We provide a single, accessible, transparent, and interoperable platform that enables Data Principals to give, manage, review, and withdraw consent, and to exercise data portability where applicable.

1. Our Role as Consent Manager

We act solely as a neutral, data-blind intermediary and owe direct fiduciary duties to Data Principals under the DPDP Act and First Schedule of the DPDP Rules, 2025.

  • We do not act as a Data Fiduciary or Data Processor with respect to the underlying personal data shared between Data Principals and Data Fiduciaries.
  • We do not read, access, store, or process the actual personal data flowing through our platform. All such personal data is routed in an encrypted, unreadable manner to us (as required under First Schedule, Part B, item 2).
  • Data Fiduciaries remain fully responsible for the lawfulness of their processing, including the provision of clear, itemised notices under Rule 3.

2. Categories of Personal Data We Collect

2.1 From Data Principals

  • Mobile number (for authentication and communication)
  • Consent artefacts and events, including:
    • Consent grant/deny/revoke status
    • Timestamps
    • Purpose of processing
    • Categories of personal data
    • Data Fiduciary identifiers
    • Cryptographically signed receipts and tamper-evident logs

2.2 From Data Fiduciaries (for platform access and integration)

  • Company name, email address, phone number
  • Securely hashed password
  • Company metadata (GSTIN, address, website, etc.)

We maintain these records in a tamper-evident, cryptographically verifiable form to ensure non-repudiation, auditability, and integrity of consent transactions.

3. Purposes of Processing

We process the above data strictly for:

  • Facilitating the consent lifecycle (giving, managing, reviewing, withdrawing consent)
  • User authentication and account management
  • Maintaining tamper-evident audit logs and compliance records
  • Security, fraud prevention, and platform integrity
  • Responding to grievances and exercising Data Principal rights

We do not use data for advertising, profiling, selling, or any monetisation.

4. Legal Basis

Processing is based on:

  • Consent of the Data Principal (where applicable)
  • Our legal obligations as a Consent Manager under the DPDP Act and Rules

5. Data Storage and Localisation

All data is stored in India (AWS India Region). No cross-border transfer of personal data occurs.

6. Data Retention

  • Consent records, notices, audit logs, and related artefacts are retained for a minimum of 7 years (or longer if required by law or specifically agreed with the Data Principal), as mandated by First Schedule, Part B, item 4.
  • Other account-related data is retained only as long as necessary to fulfil the purposes above or comply with legal obligations.

7. Data Sharing and Disclosure

We do not sell or commercially share personal data.

Limited disclosure may occur:

  • To the relevant Data Fiduciary as part of the consent workflow (in a manner that keeps underlying personal data unreadable by us)
  • To operational service providers (e.g., SMS/OTP providers like MSG91) under strict contractual safeguards and for limited purposes only
  • To competent authorities when required by law

We do not sub-contract or assign any of our core Consent Manager obligations.

8. Security Safeguards

We implement reasonable security practices and safeguards, including encryption in transit, hashed credentials, access controls, and infrastructure-level protections. We maintain effective audit mechanisms for ongoing compliance.

No system is completely secure; we will notify relevant authorities and affected Data Principals in case of a breach affecting consent records, as required under the DPDP framework.

9. Your Rights as Data Principal

You have the right to:

  • Access your consent records and related information
  • Review, grant, withdraw, or modify consent (withdrawal is as easy as giving consent)
  • Request a machine-readable export of your consent records
  • Raise a grievance

To exercise these rights, email us at contact@indiaconsent.com. We will verify your identity and respond within the timelines prescribed under the DPDP Rules (expected to align with 30 days or as notified).

10. Children’s Data

IndiaConsent does not knowingly process personal data of children below 18 years of age. Our platform is not designed for users under 18. If we become aware that personal data of a child has been collected without verifiable parental consent, we will promptly delete it in accordance with DPDP requirements.

11. Conflicts of Interest and Transparency

As required under the First Schedule (Part A & Part B), we maintain strict zero-conflict-of-interest policies. None of our promoters, directors, key managerial personnel, senior management, or significant shareholders (>2%) have any direct or indirect pecuniary relationship, employment, or other conflicting interest with any Data Fiduciary.

Full details of our promoters, directors, KMP, senior management, and shareholding pattern (for holdings >2%) are available on our platform for transparency.

Any material change in our governance requires prior approval from the Data Protection Board where mandated.

12. Third-Party Services

We use limited third-party services (e.g., MSG91 for OTP delivery) solely for operational needs. These providers are bound by contractual obligations and do not receive underlying personal data from consent flows. We do not use analytics or marketing trackers.

13. Grievance Redressal

Grievance Officer: Charanjeet

Email: contact@indiaconsent.com

We will acknowledge your grievance within 48 hours and endeavour to resolve it as per timelines under the DPDP Rules. If unsatisfied, you may escalate to the Data Protection Board of India.

14. Updates to This Policy

We may update this Privacy Policy periodically to reflect regulatory changes or improvements in our practices. Material changes will be notified on the Platform. Continued use after updates constitutes acceptance of the revised policy. We encourage you to review it regularly.

15. Limitation of Liability

This Policy describes our practices as a Consent Manager. We are not responsible for:

  • The accuracy or lawfulness of processing by any Data Fiduciary
  • Any misuse of personal data outside our platform

Our liability remains subject to the DPDP Act and applicable law.

16. Contact Us

For any privacy-related queries or to exercise your rights, please write to:

contact@indiaconsent.com

We also maintain a separate Cookie Policy (linked in the footer/cookie banner). We use only essential cookies necessary for authentication, security, and platform functionality. No non-essential or marketing cookies are used.

© Jobihood Technologies Pvt Ltd. All rights reserved.

We use cookies to ensure that you get the best experience on our website. By continuing to use this site, you give your consent to our Cookie policy.