← Back to Home

Privacy Policy

Last Updated: December 8, 2025

Welcome to Karuna Nidhan. We are deeply committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains in comprehensive detail how we collect, use, protect, and safeguard your data when you use our animal rescue application and services.

1. Information We Collect and Legal Basis (DPDP Act 2023)

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), we collect and process data only when there is a lawful basis. All data collection is performed with your explicit consent and for legitimate purposes as defined by Indian law.

1.1 Personal Information Collected

The following categories of personal data are collected:

Identity Information: First name, last name, username, date of birth for account creation, verification, and communication purposes
Contact Information: Email address (required), phone number (optional), residential address (if voluntarily provided)
Account Credentials: Encrypted password, security questions, authentication tokens, session identifiers
Profile Data: Profile picture, bio/description, user role (individual reporter, NGO staff, volunteer), category of involvement
Location Data: GPS coordinates, precise latitude/longitude, altitude data when submitting rescue reports; approximate location data for venue discovery
Organization Information: For NGO and institutional users: registration number, organization name, address, official contact persons, registration certificates
Rescue Report Content: Descriptions of injured animals, animal species, condition severity, photographs, GPS location, timestamp, and any attached documentation

1.2 Sensitive Personal Data - Camera and Photo Access

Camera and Photo Permissions - Explicit Consent Required

Our application requires explicit permission to access your device's camera and photo library:

Camera Activation: Activated only when you explicitly click the camera button to capture photos
Photo Selection: You control which photos are submitted from your device gallery
Permitted Uses: Photo capture of injured animals, rescue documentation, profile picture selection, case evidence
Zero Background Access: We NEVER access your camera or photos without your active engagement
Explicit Consent Requirement: Operating system permission is required and managed by your device settings
User Override: You can revoke camera permissions at any time through device settings

Photo Storage and Security Measures:

Encryption Standard: All photos encrypted using TLS 1.3 during transit and AES-256 at rest
Secure Storage Provider: Photos stored on Cloudflare R2 with certified security compliance
Access Control: Only authorized rescue coordinators can access photos relevant to rescue cases
No Facial Recognition: We do NOT employ facial recognition, iris scanning, or biometric analysis
EXIF Data Handling: Photo metadata is processed to extract only location and timestamp; other EXIF data is discarded
User Deletion Rights: You can request deletion of any uploaded photo at any time

1.3 Automatic/Technical Information Collection

We automatically collect technical information for security, analytics, and service improvement:

Device Information: Device make/model, operating system version, app version, device identifier
Network Information: IP address, internet service provider, network type (WiFi/cellular)
Usage Analytics: Features accessed, pages/screens viewed, action history, time spent on features, user flow patterns
App Performance Data: Crash logs, error messages, response times, performance metrics for optimization
Interaction Records: App installation timestamp, last login time, frequency of app use
Log Data: Server access logs containing IP addresses and timestamps (standard infrastructure logging)

Legal Basis (DPDP Act): Collection of technical data is based on legitimate interest for service provision and security.

1.4 Communication and Operational Data

In-App Messages: Communications between users, NGOs, and rescue coordinators regarding specific rescue cases
Push Notifications: Delivery logs of notifications sent to users via OneSignal
Support Communications: Support tickets, inquiries, feedback, and complaint records
Rescue Report Records: Complete history of rescue reports including updates, status changes, resolution notes

1.5 Data NOT Collected

To be absolutely clear, we explicitly do NOT collect:

Government ID numbers (Aadhaar, Passport, Voter ID, Driver License)
Financial/payment information or banking details
Biometric data (fingerprints, iris scans, voice recording, facial features)
Health or medical records
Religious or political affiliation information
Caste or community information
Sexual orientation or gender identity information
Genetic or DNA information
Racial or ethnic origin information

2. Lawful Basis for Data Processing (DPDP Act 2023 Compliance)

Under Section 6 of the DPDP Act 2023, we process your personal data only on the following lawful bases:

2.1 Consent-Based Processing

Account Creation: Your explicit consent to create and maintain a user account
Photo Uploads: Your explicit consent each time you submit photos or media
Location Sharing: Your explicit consent to share GPS location when submitting rescue reports
Communication: Your consent to receive push notifications and in-app messages

Consent Withdrawal: You can withdraw consent at any time through your account settings or by contacting us. Data collection will cease within 24 hours of withdrawal.

2.2 Contractual Performance

Processing necessary to provide services you have requested
Maintaining your account and user profile
Processing rescue reports and assignments

2.3 Legitimate Interest

Preventing fraud, abuse, and unauthorized access to our platform
Maintaining platform security and preventing data breaches
Improving our services and user experience through analytics
Complying with legal obligations and supporting law enforcement

2.4 Legal Obligation

Compliance with IT Act, 2000 and information preservation requirements
Reporting obligations for CSAM and child exploitation
Response to court orders and government requests

2.5 How We Use Your Information

We use collected personal data exclusively for the following purposes:

Service Delivery: Providing, operating, maintaining, and improving the Karuna Nidhan platform
Account Management: Creating accounts, verifying identity, managing user profiles, sending account-related notices
Rescue Report Processing: Receiving, processing, assigning rescue reports to appropriate NGOs/volunteers, and tracking outcomes
Location-Based Services: Identifying and notifying nearby NGOs and volunteers when rescue reports are submitted
Communication: Sending push notifications, in-app messages, and emails regarding rescue status and updates
User Support: Responding to queries, providing technical support, addressing complaints and feedback
Platform Security: Detecting, preventing, and addressing fraud, abuse, unauthorized access, and security threats
Legal and Regulatory Compliance: Complying with IT Act 2000, DPDP Act 2023, and other applicable Indian laws
Child Protection: Detecting, reporting, and preventing CSAM as required under law
Analytics and Improvement: Analyzing usage patterns to improve features, fix issues, and enhance user experience
Legal Process Support: Responding to court orders, government requests, and law enforcement inquiries

Non-Use Clarification:

We do NOT sell your data to advertisers or third parties for commercial purposes
We do NOT use your data for behavioral profiling or targeted advertising
We do NOT share your personal information with unrelated third parties
We do NOT use your data for purposes beyond what is stated in this policy

Our Absolute Commitment to Child Safety

Karuna Nidhan maintains zero tolerance for Child Sexual Abuse Material (CSAM). We employ comprehensive technical, operational, and legal measures to prevent, detect, and eliminate CSAM from our platform.

3.1 What is CSAM?

Child Sexual Abuse Material refers to any visual depiction of sexually explicit conduct involving a minor. Every piece of CSAM represents real abuse, trauma, and exploitation of an actual child victim.

3.2 Our CSAM Prevention Measures

Automated Scanning: All uploaded images are automatically scanned using hash-matching technology and ML-based classifiers
Human Review: Trained content moderators review flagged content following strict protocols
Immediate Removal: Any confirmed CSAM is removed within minutes of detection
Account Termination: Permanent ban for users who upload or distribute CSAM
Law Enforcement Notification: Immediate reporting to NCMEC and relevant authorities

3.3 User Responsibilities and Reporting

If You Encounter Suspected CSAM:

Do not download, share, or forward the content. Report it immediately:

In-App Reporting: Use the "Report" button and select "Child Exploitation/CSAM"
Email: Show email →
Emergency: If a child is in immediate danger, contact local law enforcement

safety@karunanidhan.org

Subject: "URGENT: CSAM Report"

3.4 User Content Responsibility and Disclaimer

Critical User Responsibility Notice

YOU ARE SOLELY RESPONSIBLE FOR ALL CONTENT YOU UPLOAD, POST, OR SHARE ON KARUNA NIDHAN.

By using this platform, you explicitly acknowledge and agree that:

Full Legal Responsibility: You bear complete legal responsibility for any content you submit
Content Verification: You are responsible for verifying your content is lawful and appropriate
No Platform Liability: Karuna Nidhan is not responsible for user-generated content
Consequences of Violations: Uploading illegal content may result in account termination and legal action

Prohibited Content - Zero Tolerance Policy

The following types of content are strictly prohibited:

Child Sexual Abuse Material (CSAM): Any content exploiting or sexualizing minors
Illegal Activities: Content that promotes or facilitates illegal activities
Violence and Hatred: Content that incites violence or discrimination
Harassment and Abuse: Content that harasses or threatens any individual

4. Data Storage and Security

We implement industry-leading security measures to protect your personal information:

Encryption in Transit: All data uses TLS 1.3 encryption
Encryption at Rest: All stored data uses AES-256 encryption
Secure Cloud Infrastructure: Data hosted on certified cloud platforms
Access Controls: Strict role-based access controls
Security Audits: Regular third-party security audits and penetration testing

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in limited circumstances:

With Your Consent: When you authorize specific data sharing
NGO and Volunteer Coordination: Essential information shared to facilitate rescue operations
Legal Requirements: When required by law or legal process
CSAM Reporting: Information reported to NCMEC and law enforcement

6. Your Rights and Choices

You have comprehensive rights regarding your personal data:

Right to Access: Request copies of your personal information
Right to Correction: Request correction of inaccurate data
Right to Deletion: Request deletion of your personal information
Right to Data Portability: Request a copy of your data in machine-readable format

To exercise any of these rights, please contact us →

privacy@karunanidhan.org

Include "Data Request" in subject line

Request Account Deletion

If you wish to permanently delete your account and all associated data, submit a deletion request below. We will process your request within 30 days.

Important Notice: Account deletion is permanent and irreversible. All your data will be permanently removed and cannot be recovered.

7. Children's Privacy

Our service is not directed to children under 13. If you believe your child has provided us with personal information, please contact us →

privacy@karunanidhan.org

Subject: "Child Privacy Concern"

8. Data Retention

We retain your personal information only as long as necessary:

Account Information: Retained while active and for 90 days after deletion
Rescue Reports: Retained for 7 years for legal compliance
Communication Records: Retained for 3 years

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through the application.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

For General Inquiries: Show email →

hello@karunanidhan.org

For Privacy Concerns: Show email →

privacy@karunanidhan.org

For CSAM & Safety: Show email →

safety@karunanidhan.org

Responds within 24 hours

We will respond to your inquiry within a reasonable timeframe, typically within 30 days for standard requests and within 72 hours for urgent safety or CSAM-related matters.