Privacy Policy
1. Introduction
This Privacy Policy explains how Navodaya Network ("we", "us", "our") — operated by [Entity name pending — currently operated by Avtar Gour as a sole proprietor] — collects, uses, shares, and protects your personal data when you use the Navodaya Network platform at navodaya.network and its associated mobile applications (collectively, the "Platform").
We are a Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act"). You are the Data Principal.
This Policy is part of our Terms of Use and reflects our compliance with the DPDP Act, the Information Technology Act, 2000 ("IT Act"), and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules").
2. Personal Data We Collect
2.1 Data You Provide Directly
- Account data: name, email, mobile number, password (stored only in hashed form), date of birth, gender.
- Profile data: profile photo, cover photo, bio, current city/state/country, profession, organisation, designation, work experience, education, school connections, batch, house, blood group, languages, social/LinkedIn handles.
- Content data: posts, comments, messages, photos, videos, links, reactions, SOS requests, event RSVPs, job applications, campaign supports.
- Communications: support tickets, feedback, grievance reports.
2.2 Data Collected Automatically
- Device and log data: IP address, browser type and version, operating system, device identifiers, language, time zone, cookies (see our Cookie Policy), pages visited, referring URL, clickstream, session duration.
- Approximate location: derived from your IP address.
- Precise location: captured only when you explicitly enable it (for example, to tag a post location or use Near Me on the map).
2.3 Data from Third Parties
- When you link your LinkedIn profile, we receive the data you authorise LinkedIn to share with us.
- We may receive verification or reference data from JNV-related sources or alumni associations where you opt in.
3. Lawful Purposes and How We Use Your Data
We process your personal data only for the following lawful purposes:
- To create and operate your account and verify your identity.
- To enable the social, networking, messaging, mapping, jobs, events, SOS, campaigns, and other features you choose to use.
- To send essential service communications (security alerts, account notifications, password resets).
- To provide customer support and respond to grievances.
- To protect the safety of Users and the public, including detecting and preventing fraud, abuse, harassment, spam, and other prohibited activity.
- To moderate content in compliance with our Terms of Use and Community Guidelines.
- To comply with applicable law, court orders, or lawful government requests.
- To analyse usage, debug the Platform, and improve our features (using aggregated or de-identified data where possible).
- With your consent, to send you optional updates, newsletters, or promotional communications.
4. Children
The Platform is not directed at children under 13, and we do not knowingly collect personal data from them. For Users between 13 and 18, we process data only with verifiable parental or guardian consent and apply additional protections in line with the DPDP Act.
5. How We Share Your Data
We share your personal data only as described below:
- With other Users, based on the visibility settings you choose. You control who sees each post (Anyone / Your School / Your Batch / Connections). Your profile fields have similar visibility controls.
- With service providers who process data on our behalf under written contracts that require equivalent protection. These include hosting (AWS), email delivery, push notifications (Firebase Cloud Messaging), search (OpenSearch), content moderation tools, and analytics.
- With law enforcement and authorities where required by law, court order, or to protect the safety, rights, or property of Users, the public, or us.
- In a business transfer (merger, acquisition, restructuring), in which case we will require the recipient to honour this Policy or notify you of any material change.
We do not sell your personal data.
6. International Transfers
Your data is primarily stored and processed in India. Where we use service providers located outside India, transfers are limited to countries not restricted by the Central Government under the DPDP Act, and are governed by appropriate contractual safeguards.
7. Data Retention
We retain your personal data only as long as is necessary for the purposes set out in this Policy or as required by law.
- Active account data: retained while your account is active.
- Deleted account data: removed within 90 days of deletion, subject to legal hold or backup retention not exceeding 12 months.
- Logs and security data: typically retained for 12 months.
- Grievance records: retained for as long as required by the IT Rules 2021 (currently a minimum of 180 days).
8. Security
We implement technical and organisational security measures aligned with the SPDI Rules and industry best practices, including TLS encryption in transit, encryption at rest for sensitive fields, rate limiting, audit logging, access controls, regular security testing, and incident response procedures.
No method of transmission or storage is 100% secure. In the event of a personal data breach, we will notify you and the Data Protection Board of India in accordance with the DPDP Act.
9. Your Rights Under the DPDP Act
As a Data Principal, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete personal data.
- Erase personal data that is no longer necessary or where you withdraw consent.
- Withdraw consent at any time, subject to legal or contractual restrictions.
- Nominate another individual to exercise your rights in case of your death or incapacity.
- Grievance redressal through the channels described in Section 11 below.
- Approach the Data Protection Board of India if you are not satisfied with our response.
Most of these rights can be exercised directly from your account settings. For requests we cannot fulfil through the Platform, contact our Grievance Officer or Data Protection Officer at the addresses in Section 11. We will respond within the period required by the DPDP Act.
10. Cookies
The Platform uses cookies and similar technologies. See our Cookie Policy for details and to manage your preferences.
11. Grievance Officer and Data Protection Officer
Grievance Officer (designated under the IT Rules 2021):
- Name: Avtar Gour
- Email: grievance@navodaya.network
- Phone: A published number will be added shortly; in the meantime, please reach the Grievance Officer at grievance@navodaya.network and we will respond within 24 hours.
- Address: Pareek Colony, Kuchaman City, Rajasthan 341508, India
Data Protection Officer (designated under the DPDP Act):
- Name: Avtar Gour
- Email: dpo@navodaya.network
- Address: Pareek Colony, Kuchaman City, Rajasthan 341508, India
We aim to acknowledge complaints within 24 hours and resolve them within 15 days, or within the timeline required by law, whichever is earlier.
12. Changes to This Policy
We may update this Policy from time to time. We will notify you through the Platform or by email of material changes and update the "Last Updated" date. We encourage you to review this Policy periodically.
13. Contact
For questions about this Policy or our data practices, contact us at support@navodaya.network or write to Pareek Colony, Kuchaman City, Rajasthan 341508, India.