← Back to Home

Privacy Policy

Last Updated: January 3, 2026

Welcome to Karuna Nidhan. We are deeply committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains in comprehensive detail how we collect, use, protect, and safeguard your data when you use our animal rescue application and services.

1. Information We Collect and Legal Basis (DPDP Act 2023)

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), we collect and process data only when there is a lawful basis. All data collection is performed with your explicit consent and for legitimate purposes as defined by Indian law.

1.1 Personal Information Collected

The following categories of personal data are collected:

Identity Information: First name, last name, username, date of birth for account creation, verification, and communication purposes
Contact Information: Email address (required), phone number (optional), residential address (if voluntarily provided)
Account Credentials: Encrypted password, security questions, authentication tokens, session identifiers
Profile Data: Profile picture, bio/description, user role (individual reporter, NGO staff, volunteer), category of involvement
Location Data: GPS coordinates, precise latitude/longitude, altitude data when submitting rescue reports; approximate location data for venue discovery
Organization Information: For NGO and institutional users: registration number, organization name, address, official contact persons, registration certificates
Rescue Report Content: Descriptions of injured animals, animal species, condition severity, photographs, GPS location, timestamp, and any attached documentation

1.2 Sensitive Personal Data - Camera and Photo Access

Camera and Photo Permissions - Explicit Consent Required

Our application requires explicit permission to access your device's camera and photo library:

Camera Activation: Activated only when you explicitly click the camera button to capture photos
Photo Selection: You control which photos are submitted from your device gallery
Permitted Uses: Photo capture of injured animals, rescue documentation, profile picture selection, case evidence
Zero Background Access: We NEVER access your camera or photos without your active engagement
Explicit Consent Requirement: Operating system permission is required and managed by your device settings
User Override: You can revoke camera permissions at any time through device settings

Photo Storage and Security Measures:

Encryption Standard: All photos encrypted using TLS 1.3 during transit and AES-256 at rest
Secure Storage Provider: Photos stored on Cloudflare R2 with certified security compliance
Access Control: Only authorized rescue coordinators can access photos relevant to rescue cases
No Facial Recognition: We do NOT employ facial recognition, iris scanning, or biometric analysis
EXIF Data Handling: Photo metadata is processed to extract only location and timestamp; other EXIF data is discarded
User Deletion Rights: You can request deletion of any uploaded photo at any time

1.3 Automatic/Technical Information Collection

We automatically collect technical information for security, analytics, and service improvement:

Device Information: Device make/model, operating system version, app version, device identifier
Network Information: IP address, internet service provider, network type (WiFi/cellular)
Usage Analytics: Features accessed, pages/screens viewed, action history, time spent on features, user flow patterns
App Performance Data: Crash logs, error messages, response times, performance metrics for optimization
Interaction Records: App installation timestamp, last login time, frequency of app use
Log Data: Server access logs containing IP addresses and timestamps (standard infrastructure logging)

Legal Basis (DPDP Act): Collection of technical data is based on legitimate interest for service provision and security.

1.4 Communication and Operational Data

In-App Messages: Communications between users, NGOs, and rescue coordinators regarding specific rescue cases
Push Notifications: Delivery logs of notifications sent to users via OneSignal
Support Communications: Support tickets, inquiries, feedback, and complaint records
Rescue Report Records: Complete history of rescue reports including updates, status changes, resolution notes

1.5 Data NOT Collected

To be absolutely clear, we explicitly do NOT collect:

Government ID numbers (Aadhaar, Passport, Voter ID, Driver License)
Financial/payment information or banking details
Biometric data (fingerprints, iris scans, voice recording, facial features)
Health or medical records
Religious or political affiliation information
Caste or community information
Sexual orientation or gender identity information
Genetic or DNA information
Racial or ethnic origin information

2. Lawful Basis for Data Processing (DPDP Act 2023 Compliance)

Under Section 6 of the DPDP Act 2023, we process your personal data only on the following lawful bases:

2.1 Consent-Based Processing

Account Creation: Your explicit consent to create and maintain a user account
Photo Uploads: Your explicit consent each time you submit photos or media
Location Sharing: Your explicit consent to share GPS location when submitting rescue reports
Communication: Your consent to receive push notifications and in-app messages

Consent Withdrawal: You can withdraw consent at any time through your account settings or by contacting us. Data collection will cease within 24 hours of withdrawal.

2.2 Contractual Performance

Processing necessary to provide services you have requested
Maintaining your account and user profile
Processing rescue reports and assignments

2.3 Legitimate Interest

Preventing fraud, abuse, and unauthorized access to our platform
Maintaining platform security and preventing data breaches
Improving our services and user experience through analytics
Complying with legal obligations and supporting law enforcement

2.4 Legal Obligation

Compliance with IT Act, 2000 and information preservation requirements
Reporting obligations for CSAM and child exploitation
Response to court orders and government requests

2.5 How We Use Your Information

We use collected personal data exclusively for the following purposes:

Service Delivery: Providing, operating, maintaining, and improving the Karuna Nidhan platform
Account Management: Creating accounts, verifying identity, managing user profiles, sending account-related notices
Rescue Report Processing: Receiving, processing, assigning rescue reports to appropriate NGOs/volunteers, and tracking outcomes
Location-Based Services: Identifying and notifying nearby NGOs and volunteers when rescue reports are submitted
Communication: Sending push notifications, in-app messages, and emails regarding rescue status and updates
User Support: Responding to queries, providing technical support, addressing complaints and feedback
Platform Security: Detecting, preventing, and addressing fraud, abuse, unauthorized access, and security threats
Legal and Regulatory Compliance: Complying with IT Act 2000, DPDP Act 2023, and other applicable Indian laws
Child Protection: Detecting, reporting, and preventing CSAM as required under law
Analytics and Improvement: Analyzing usage patterns to improve features, fix issues, and enhance user experience
Legal Process Support: Responding to court orders, government requests, and law enforcement inquiries

Non-Use Clarification:

We do NOT sell your data to advertisers or third parties for commercial purposes
We do NOT use your data for behavioral profiling or targeted advertising
We do NOT share your personal information with unrelated third parties
We do NOT use your data for purposes beyond what is stated in this policy

Our Absolute Commitment to Child Safety

Karuna Nidhan maintains zero tolerance for Child Sexual Abuse Material (CSAM). We employ comprehensive technical, operational, and legal measures to prevent, detect, and eliminate CSAM from our platform.

3.1 What is CSAM?

Child Sexual Abuse Material refers to any visual depiction of sexually explicit conduct involving a minor. Every piece of CSAM represents real abuse, trauma, and exploitation of an actual child victim.

3.2 Our CSAM Prevention Measures

Automated Scanning: All uploaded images are automatically scanned using hash-matching technology and ML-based classifiers
Human Review: Trained content moderators review flagged content following strict protocols
Immediate Removal: Any confirmed CSAM is removed within minutes of detection
Account Termination: Permanent ban for users who upload or distribute CSAM
Law Enforcement Notification: Immediate reporting to NCMEC and relevant authorities

3.3 User Responsibilities and Reporting

If You Encounter Suspected CSAM:

Do not download, share, or forward the content. Report it immediately:

In-App Reporting: Use the "Report" button and select "Child Exploitation/CSAM"
Email: Show email →
Emergency: If a child is in immediate danger, contact local law enforcement

safety@karunanidhan.org

Subject: "URGENT: CSAM Report"

3.4 User Content Responsibility and Disclaimer

Critical User Responsibility Notice

YOU ARE SOLELY RESPONSIBLE FOR ALL CONTENT YOU UPLOAD, POST, OR SHARE ON KARUNA NIDHAN.

By using this platform, you explicitly acknowledge and agree that:

Full Legal Responsibility: You bear complete legal responsibility for any content you submit
Content Verification: You are responsible for verifying your content is lawful and appropriate
No Platform Liability: Karuna Nidhan is not responsible for user-generated content
Consequences of Violations: Uploading illegal content may result in account termination and legal action

Prohibited Content - Zero Tolerance Policy

The following types of content are strictly prohibited:

Child Sexual Abuse Material (CSAM): Any content exploiting or sexualizing minors
Illegal Activities: Content that promotes or facilitates illegal activities
Violence and Hatred: Content that incites violence or discrimination
Harassment and Abuse: Content that harasses or threatens any individual

4. Data Storage and Security

We implement industry-leading security measures to protect your personal information:

Encryption in Transit: All data uses TLS 1.3 encryption
Encryption at Rest: All stored data uses AES-256 encryption
Secure Cloud Infrastructure: Data hosted on certified cloud platforms
Access Controls: Strict role-based access controls
Security Audits: Regular third-party security audits and penetration testing

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in limited circumstances:

With Your Consent: When you authorize specific data sharing
NGO and Volunteer Coordination: Essential information shared to facilitate rescue operations
Legal Requirements: When required by law or legal process
CSAM Reporting: Information reported to NCMEC and law enforcement

6. Your Rights and Choices

You have comprehensive rights regarding your personal data:

Right to Access: Request copies of your personal information
Right to Correction: Request correction of inaccurate data
Right to Deletion: Request deletion of your personal information
Right to Data Portability: Request a copy of your data in machine-readable format

To exercise any of these rights, please contact us →

privacy@karunanidhan.org

Include "Data Request" in subject line

Request Account Deletion

If you wish to permanently delete your account and all associated data, submit a deletion request below. We will process your request within 30 days.

Important Notice: Account deletion is permanent and irreversible. All your data will be permanently removed and cannot be recovered.

7. Children's Privacy

Our service is not directed to children under 13. If you believe your child has provided us with personal information, please contact us →

privacy@karunanidhan.org

Subject: "Child Privacy Concern"

8. Data Retention

We retain your personal information only as long as necessary:

Account Information: Retained while active and for 90 days after deletion
Rescue Reports: Retained for 7 years for legal compliance
Communication Records: Retained for 3 years

9. Google Analytics and Tracking Technologies

9.1 Google Analytics Overview

We use Google Analytics to understand how users interact with our platform and to improve our services. Google Analytics is a web analytics service provided by Google LLC that tracks and reports user behavior on our website and mobile application.

9.2 Data Collected by Google Analytics

Google Analytics collects the following information:

Pageviews and Screen Views: Pages/screens you visit, time spent on each page, and navigation patterns
User Interactions: Clicks, form submissions, scroll depth, and button interactions
Device Information: Device type, browser type, operating system, screen resolution
Location Data: Geographic location derived from IP address (country, region, city level)
Traffic Source: How you arrived at our platform (direct, search engine, referral, social media)
User ID (when enabled): Unique identifiers to track user behavior across sessions and devices
Audience Insights: Age, gender, interests (when Google Signals is enabled and users are signed into their Google accounts)

9.3 Google Signals and User-Provided Data

We have enabled Google Signals in our Google Analytics configuration, which means:

Cross-Device Tracking: Google can link your activity across multiple devices when you are signed into your Google account
Demographic Data: Age range, gender, and interest categories from your Google account profile
Consent Requirement: This feature requires users to have enabled "Ads Personalization" in their Google Account settings
User-Provided Data: We may enhance Google Analytics data with information you provide (email address, user ID) to create a more complete understanding of your interactions

9.4 How We Use Google Analytics Data

Service Improvement: Identifying which features are most used and which need improvement
Performance Monitoring: Tracking page load times, error rates, and technical performance issues
User Experience Optimization: Understanding user behavior to design better features and navigation
Security and Fraud Prevention: Identifying unusual patterns that may indicate security threats
Conversion Tracking: Measuring effectiveness of rescue report submissions and user engagement
Audience Analysis: Understanding our user demographics to better serve different communities

9.5 Data Sharing with Google

Your data is transmitted to and processed by Google's servers. Google may:

Store analytics data on servers located in multiple countries
Use aggregated, anonymized data to improve its own products and services
Combine your data with other users' data for analysis purposes
Use data for machine learning and artificial intelligence training (in anonymized form)

Legal Basis (DPDP Act): Google Analytics data sharing is based on legitimate interest for service improvement and analytics. Users consent by continuing to use our platform.

9.6 Analytics as Essential Service

Google Analytics is essential for operating and improving our platform. It is not optional and is automatically enabled for all users. This data collection is necessary to:

Monitor platform performance and security
Understand user behavior to improve features
Identify and resolve technical issues
Ensure service reliability and uptime

By using our platform, you consent to Google Analytics data collection as described in this section.

9.7 Google Analytics Privacy Policy

For more information about how Google processes data and your privacy rights, please review:

9.8 Data Retention for Analytics

Google Analytics data is retained according to the following schedule:

Default Analytics Data: Retained for 14 months before automatic deletion
Event Data: Retained for 2-12 months depending on event type
User ID Data: Retained for a maximum of 25 months

9.9 Other Tracking Technologies

In addition to Google Analytics, we may use:

Cookies: Small files stored on your device to remember your preferences and track activity
Web Beacons: Transparent pixel images used to track conversions and user engagement
Local Storage: Browser-based storage for application state and user preferences
Session Identifiers: Unique tokens to track your session across our platform

Cookie Policy: You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through the application.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

For General Inquiries: Show email →

hello@karunanidhan.org

For Privacy Concerns: Show email →

privacy@karunanidhan.org

For CSAM & Safety: Show email →

safety@karunanidhan.org

Responds within 24 hours

We will respond to your inquiry within a reasonable timeframe, typically within 30 days for standard requests and within 72 hours for urgent safety or CSAM-related matters.