← Back to Home

Privacy Policy

Last updated: April 5, 2026

1. Introduction

This Privacy Policy describes how DIGISETU SERVICES PRIVATE LIMITED ("we", "us", or "our"), operating under the trade name Digi SetuSeva, collects, uses, stores, and protects information through the Digi SetuSeva platform ("Service").

Digi SetuSeva is an offline-first government-services management platform designed for Aadhaar Seva Kendra and Aaple Seva Kendra operators ("Operators"). Operators use the Service to manage citizen service applications, documents, and billing on behalf of the citizens they serve. The Service runs on Windows desktop (Electron), web (browser), and Android (mobile) platforms.

In this context, Operators are the primary users and data controllers for the citizen data they manage. Digi SetuSeva acts as a data processor, providing the tools and infrastructure for Operators to process citizen information securely.

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Operator Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a one-way bcrypt hash; we never store your plaintext password)
  • Phone number (encrypted at rest using AES-256-GCM)
  • User identifier and assigned role
  • Subscription and billing status
  • WebAuthn/passkey credentials (for passwordless login, if enabled)
  • Multi-factor authentication secrets (encrypted)
  • Recovery PIN (stored as a one-way hash)

2.2 Google Account Data

If you choose to sign in with Google, we receive:

  • Your name, email address, and profile picture URL
  • OAuth scopes requested: openid, userinfo.email, and userinfo.profile

If you enable Google Drive backup, we request the drive.file scope, which grants access only to files created by Digi SetuSeva within your Google Drive. We do not access, read, or modify any other files in your Drive.

We do NOT access your Gmail, Google Calendar, Google Contacts, or any other Google service data.

Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.3 Family and Citizen Data

Operators enter and manage the following citizen data through the Service. All personally identifiable fields are encrypted at rest:

  • Full name (AES-256-GCM encrypted)
  • Date of birth (AES-256-GCM encrypted)
  • Gender (AES-256-GCM encrypted)
  • Phone number (AES-256-GCM encrypted)
  • Address — state, district, taluka, village (stored in plaintext for search functionality)
  • Aadhaar number — stored only as a SHA-256 hash for deduplication; the raw Aadhaar number is never stored in any database
  • Operator notes and remarks (encrypted)

2.4 Application and Service Data

  • Government service application details and status
  • Uploaded documents (encrypted with unique per-document encryption keys)
  • Bill and payment transaction records
  • Receipts and financial summaries

2.5 Technical Data

  • Session tokens stored in httpOnly cookies (never in localStorage)
  • CSRF tokens for request verification
  • Device name, platform, and application version (for sync and audit)
  • IP address and user agent (recorded in audit logs only)

We do not use any third-party analytics services, tracking pixels, advertising SDKs, or telemetry providers. All system telemetry is internal and used exclusively for data synchronization and integrity verification.

3. How We Use Your Information

We use the information we collect to:

  • Process and manage government service applications on behalf of Operators
  • Authenticate Operators and manage role-based access control
  • Process subscription billing and payments
  • Provide offline-first data synchronization across Operator devices
  • Generate bills, receipts, and financial records
  • Perform encrypted document backup (to Google Drive or cloud storage, when enabled)
  • Maintain audit logs for security and compliance purposes
  • Communicate important service updates and notifications

We do NOT use your data for advertising, user profiling, behavioral targeting, or selling to third parties.

3.1 Legal Basis for Processing

  • Operator data: Processed under contractual necessity — to provide and maintain the Service you have subscribed to
  • Citizen data: Operators are the data controllers for citizen information. The Company processes citizen data solely as a data processor under the Operator's instructions, as required to deliver the Service
  • Audit and security data: Processed under legitimate interest — to protect the security and integrity of the Service and comply with legal obligations

You may withdraw your consent at any time by discontinuing use of the Service and requesting account deletion. Withdrawal of consent does not affect the lawfulness of processing performed prior to withdrawal.

4. Data Storage and Security

4.1 Offline-First Architecture

Digi SetuSeva is designed with an offline-first architecture. All data is stored primarily on the Operator's local device using an SQLite database. The Service functions fully without an internet connection. Cloud synchronization is optional and must be explicitly enabled by the Operator.

4.2 Encryption

We employ a four-layer encryption hierarchy to protect sensitive data:

  • Layer 1 — Device Master Key: Derived from the device identity and Operator password hash, stored in the operating system's secure storage (Windows DPAPI or macOS Keychain)
  • Layer 2 — Center Key: A 256-bit random key, split into three shares using Shamir's Secret Sharing (2-of-3 threshold). No single share can reconstruct the key. Shares are distributed across device storage, a cloud vault, and a physical recovery card held by the Operator
  • Layer 3 — Family Key: A unique 256-bit key per family group, encrypted by the Center Key. Used to encrypt all citizen PII (name, phone, DOB, gender)
  • Layer 4 — Document Key: A unique 256-bit key per document, encrypted by the Family Key. Used to encrypt uploaded document files

Additional cryptographic measures:

  • AES-256-GCM for all field-level encryption
  • bcrypt (cost factor 10+) for password hashing
  • SHA-256 for Aadhaar number hashing (one-way, irreversible)

4.3 Cloud Storage (When Enabled)

If cloud synchronization is enabled, data is stored in:

  • Supabase (PostgreSQL) — structured data with Row-Level Security policies ensuring Operators can only access their own data
  • Turso (libSQL) — encrypted key vault for encryption key material only
  • AWS R2 / Cloudflare — encrypted document file storage; all documents are encrypted before upload

4.4 Transport and Application Security

  • HTTPS encryption for all network communication
  • CSRF protection using the double-submit cookie pattern
  • Rate limiting on authentication and sensitive endpoints
  • SQL injection filtering and input sanitization
  • XSS protection via Helmet.js security headers and content sanitization
  • Row-Level Security enforced on all cloud database tables

5. Third-Party Services

We use the following third-party services to operate Digi SetuSeva. Each service receives only the minimum data necessary for its function:

Service Purpose Data Shared
Google OAuth Operator authentication Email, name, profile (received from Google)
Google Drive Optional document backup Encrypted backup files only (drive.file scope)
Supabase Cloud database and authentication Encrypted operator and citizen data
Turso Encryption key vault Encrypted key material only
AWS R2 / Cloudflare Document storage Encrypted document files only
MSG91 OTP delivery for verification Operator phone number (for SMS delivery)
Razorpay Subscription billing Billing details for payment processing

No data is shared with advertising networks, data brokers, or analytics providers.

6. Cookies and Local Storage

We use a minimal set of cookies and local storage, strictly for functionality:

  • Authentication token — httpOnly, secure (in production), sameSite: lax. Used to maintain your login session
  • CSRF token — double-submit cookie for request verification
  • OAuth state nonce — short-lived (10-minute expiry), used during Google sign-in to prevent replay attacks
  • localStorage — theme preference and UI state only (no personal data is stored in localStorage)

We do not use third-party cookies, advertising cookies, or tracking cookies of any kind.

7. Data Retention

  • Active accounts: Data is retained for as long as your subscription is active and you continue to use the Service
  • Deleted data: When you delete a family record, the system performs a cascading soft-delete of the family, all members, documents, service applications, and associated notes. Soft-deleted data is permanently purged after 90 days or upon account termination, whichever comes first
  • Audit logs: Retained for 24 months from the date of creation for security and compliance purposes, after which they are automatically purged
  • Authentication tokens: JWT tokens are short-lived with configurable expiry; refresh tokens have a limited lifetime
  • OAuth nonces: Automatically purged after 10 minutes
  • Expired subscriptions: A 7-day grace period is provided after subscription expiry, after which the account is locked (data is not deleted)

8. Your Rights

As an Operator, you have the following rights regarding your data:

  • Access: You can view all data stored in your account at any time through the application interface
  • Correction: You can edit and update family and member records directly within the Service
  • Deletion: You can delete family records (cascading deletion of all associated data). To delete your entire account, see how to delete your account & data for the in-app self-service path and the email fallback
  • Data Export: You can generate and download your data from within the application
  • Withdraw Google Consent: You can disconnect your Google account and revoke Google Drive access at any time through Operator Settings. Upon disconnection, we stop accessing your Google data. Previously backed-up files remain in your Google Drive under your control
  • Account Deletion: Upon account deletion, all your data — including any Google account data (name, email, profile picture) — is permanently removed from our systems. Google Drive backup files remain in your Google Drive under your control. See the deletion instructions page for the full step-by-step procedure, what is retained for statutory reasons, and timelines

To exercise any of these rights, contact us at [email protected], or visit our contact page.

9. Children's Privacy

Digi SetuSeva is a business tool designed for government-service Operators. The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information directly from children.

Operators may enter data for minor family members as part of processing government service applications. Such data is protected with the same encryption standards applied to all citizen data within the Service.

10. International Data Transfers

The primary data storage is on the Operator's local device within India. When cloud synchronization is enabled, data may be processed by our cloud service providers (Supabase, Turso, AWS R2) in data centers located outside India.

All citizen data is encrypted before being transmitted to any cloud service. The encryption keys remain under the Operator's control and are never shared with cloud providers in plaintext.

11. Data Breach Notification

In the event of a personal data breach that may affect your data or the citizen data you manage, we will:

  • Notify affected Operators without unreasonable delay upon becoming aware of the breach
  • Notify the Data Protection Board of India as required under the Digital Personal Data Protection Act, 2023
  • Provide a description of the nature of the breach, the categories of data affected, and the measures taken or proposed to address the breach
  • Cooperate with Operators and regulatory authorities in any investigation related to the breach

As data controllers, Operators are responsible for notifying their own data subjects (citizens) of any breach affecting their personal data, in accordance with applicable law.

12. Payment Data

Digi SetuSeva does not store, process, or have access to your payment card details. All payment processing is handled securely by Razorpay, our authorized payment processor, in compliance with applicable payment security standards. Your payment information is subject to Razorpay's Privacy Policy.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify you through the application and update the "Last updated" date at the top of this page.

Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

14. Grievance Redressal

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer to address your concerns regarding data processing:

Grievance Officer: Mahesh Rameshrao Tambe

Email: [email protected]

We will acknowledge your grievance within 24 hours and endeavour to resolve it within 30 days of receipt.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

DIGISETU SERVICES PRIVATE LIMITED

Milkat No. 723, Near Jilha M Bank, Paithan, Vihamandwa,

Chhatrapati Sambhajinagar, Maharashtra 431137, India

Email: [email protected]