DPDP Rules 2025: Key Changes, Obligations & Implementation Guide
Read here

Privacy Policy for IndiaConsent

Effective Date: April 10, 2026

1. Introduction

IndiaConsent (“Platform”) is operated by Jobihood Technologies Pvt Ltd, having its registered office at B-46, Ground Floor, Gujranwala Town-1, Delhi-110009, India (“Company”, “we”, “us”, “our”).

This Privacy Policy is issued in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and applicable rules.

IndiaConsent operates as a Consent Manager, enabling Data Principals to give, manage, review, and withdraw consent provided to Data Fiduciaries.

2. Nature of Services and Role

  • IndiaConsent acts solely as a Consent Manager
  • IndiaConsent does not act as a Data Fiduciary or Data Processor with respect to underlying personal data
  • IndiaConsent does not store, access, or process the actual personal data shared between Data Principal and Data Fiduciary
  • Data Fiduciaries are solely responsible for lawful processing of personal data

3. Categories of Personal Data Collected

3.1 Data Principals

  • Mobile number

  • Consent artefacts and events:

    • Consent grant/revoke status
    • Timestamps
    • Purpose of processing
    • Data categories
    • Data Fiduciary identifiers
    • Cryptographically signed receipts

3.2 Data Fiduciaries

  • Company name
  • Email address
  • Password (securely hashed)
  • Phone number
  • Company metadata (GST, address, website, LinkedIn)

4. Consent Artefacts and Audit Integrity

IndiaConsent maintains tamper-evident consent records, including:

  • Cryptographically signed consent receipts
  • Hash-chained immutable audit logs
  • Event-level traceability of consent lifecycle

These mechanisms are designed to ensure:

  • Non-repudiation
  • Auditability
  • Integrity of consent transactions

However, IndiaConsent does not guarantee absolute prevention of all unauthorized actions beyond its reasonable technical controls.

5. Purpose Limitation

We process data strictly for:

  • Consent lifecycle management
  • User authentication (OTP / credential-based)
  • Audit and compliance obligations
  • Security and fraud prevention

We do not:

  • Use data for advertising
  • Perform profiling
  • Sell or monetize personal data

6. Legal Basis of Processing

Processing is undertaken on the basis of:

  • Consent of the Data Principal
  • Compliance with legal obligations under applicable law

7. Data Storage and Localization

  • Data is stored within India (AWS India Region)
  • No cross-border transfer is performed

8. Security Safeguards

We implement reasonable security practices, including:

  • OTP-based authentication
  • Encryption in transit
  • Secure credential storage (hashed passwords)
  • Access control mechanisms
  • Infrastructure security via AWS

Despite these measures, no system can be completely secure.

9. Data Retention

Data is retained:

  • For as long as required to fulfill consent management functions
  • In accordance with applicable law, regulatory guidance, and audit requirements

Where retention requirements are undefined, data will be retained for a reasonable period necessary to demonstrate compliance.

10. Data Sharing and Disclosure

We do not sell or commercially share personal data.

Data may be disclosed:

  • To Data Fiduciaries as part of consent workflows
  • To service providers (e.g., SMS providers) strictly for operational purposes
  • To legal authorities when required by law

11. User Rights (Data Principals)

Data Principals may:

  • Access consent records
  • Grant or Withdraw consent
  • Request deletion (subject to legal retention)
  • Raise grievances

Requests may be submitted at: contact@indiaconsent.com

12. Children’s Data

IndiaConsent currently does not implement age-gating mechanisms. Users are responsible for ensuring lawful usage.

13. Third-Party Services

We use:

  • MSG91 for OTP delivery

Such providers act under contractual obligations and are limited to operational roles.

No analytics or marketing trackers are used.

14. Breach Notification

In the event of a data breach affecting consent records, we will:

  • Take reasonable steps to mitigate impact
  • Notify relevant authorities where legally required

15. Grievance Redressal

Grievance Officer: Charanjeet Email: contact@indiaconsent.com

16. Limitation of Scope

IndiaConsent is not responsible for:

  • Accuracy of information provided by Data Fiduciaries
  • Lawfulness of data processing by Data Fiduciaries
  • Misuse of data outside the Platform

17. Updates

This Policy may be updated periodically. Continued use constitutes acceptance.

18. Contact

For any privacy-related concerns, contact: contact@indiaconsent.com

We use cookies to ensure that you get the best experience on our website. By continuing to use this site, you give your consent to our Cookie policy.