Privacy Policy

Last Updated: February 14, 2026

1. Introduction

Sangathan ("Platform," "We," "Us") is a governance infrastructure provider for collectives, NGOs, and community organisations. We respect your privacy and are committed to protecting the personal data you entrust to our infrastructure. This Privacy Policy explains how we collect, use, store, and share your information in compliance with the Information Technology Act, 2000, and other applicable laws in India.

2. Scope & Role

Our Role: Sangathan acts primarily as a Data Processor (Infrastructure Provider). The Organisation (your NGO, union, or collective) acts as the Data Controller.

Your Role: If you are an Organisation Admin, you control the data entered into your workspace. If you are a Member, your data is controlled by the Organisation you belong to.

3. Information We Collect

A. Information You Provide

  • Account Information: Name, Email Address, and Password for all users.
  • Phone Verification (Admins): We collect and verify mobile numbers for Organisation Admins to ensure accountability and prevent platform abuse.
  • Organisation Data: Name, Slug, Description, and structural details of the collective.
  • Member Records: Names, contact details, designations, and status of members added by the Organisation.
  • Form Submissions: Data collected via public or private forms created by an Organisation.
  • Donation Logs: Records of financial contributions (Amount, Donor Name, Date) logged by the Organisation. Note: We do not process the actual funds.

B. Information Automatically Collected

  • Audit Logs: We record critical actions (creation, deletion, updates) performed within the Platform for security and accountability.
  • System Logs: IP addresses, browser type, and timestamps are logged for security monitoring, rate limiting, and abuse prevention.

4. How We Use Information

We use your information strictly for the following purposes:

  • To provide, maintain, and improve the Platform's infrastructure.
  • To verify the identity of Organisation Admins (via phone OTP).
  • To enforce our Terms of Service and prevent abuse (spam, fraud, illegal activities).
  • To comply with legal obligations and law enforcement requests under Indian law.
  • To communicate with you regarding security updates, technical issues, or policy changes.

No Political Profiling:We do not use your data to build political profiles, target advertising, or influence your Organisation's objectives.

5. Data Storage & Security

Infrastructure: Your data is hosted on Supabase (PostgreSQL), utilizing industry-standard encryption at rest and in transit.

Isolation: We employ strict Row-Level Security (RLS) policies to ensure that data belonging to one Organisation is technically isolated from others.

Access Controls: Access to the underlying database is restricted to authorized System Administrators for maintenance, security investigation, or legal compliance purposes only.

6. Data Sharing & Third Parties

We do not sell your data. We share data only with the following infrastructure sub-processors required to operate the Platform:

  • Supabase: Database hosting and authentication services.
  • Firebase (Google): SMS delivery and phone number verification.
  • Razorpay: Processing optional "Supporter Subscription" payments. (We do not store card details).
  • Vercel: Web hosting and edge network services.

We may disclose data if required by law, such as in response to a court order or valid subpoena from Indian law enforcement agencies.

7. Data Retention & Deletion

Retention: We retain your data for as long as your account is active.

Soft Deletion:When you delete an account or Organisation, data enters a "soft-delete" state for a grace period (e.g., 7-14 days) to allow for recovery from accidental deletion. After this period, data is permanently removed from our active database.

Legal Hold: We may retain specific data (including Audit Logs and Admin contact info) beyond deletion if required for ongoing legal investigations or compliance with Indian data retention laws.

8. Your Rights

  • Access & Export: Organisation Admins can export their Organisation's data (members, logs, submissions) at any time via the dashboard.
  • Correction: You may update your account information directly through the settings.
  • Deletion: You may request the deletion of your account or Organisation via the platform settings.

9. Contact Us

If you have questions regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at: privacy@sangathan.space