- Every verification needs a stated purpose.
- Consent must be scoped and logged.
- Data-rights requests should use formal DSR routes.
- Results are source-backed signals, not guarantees.
- Support should not receive raw identity secrets.
Overview
Purpose
Every verification should have a stated, understandable reason.
Consent
Consent should be scoped to the requested data and purpose.
Data minimization
Collect and expose only what the workflow needs.
Retention
Records should follow published or contracted retention needs.
DSR
Access, correction, erasure, nomination, and related requests need formal routing.
Grievance
Unresolved privacy complaints should use the grievance route.
DPDP operating model
Purpose
Requester explains why the check is needed.
Consent
Data principal approves the scoped flow.
Minimization
Sensitive fields stay out of chat, logs, and unnecessary screens.
Retention
Records are kept only for valid policy, contract, audit, billing, or dispute needs.
DSR
Rights requests are tracked through DSR.
Grievance
Unresolved complaints move to the grievance route.
What to do
- 1Confirm requester and purpose.
- 2Show data categories, purpose, retention context, and withdrawal path.
- 3Run verification through the guided flow only.
- 4Route access, correction, erasure, nomination, and grievance requests through DSR or grievance pages.
Related trust links
Frequently asked questions
What is DPDP and why does it matter?›
DPDP is India’s personal data protection framework. PRAMAAN presents plain-language product information here, not legal advice.
What consent does PRAMAAN collect?›
PRAMAAN aims to capture purpose, scope, timestamp, actor, and withdrawal path before verification processing.
Can a user withdraw consent?›
Yes. Withdrawal affects future processing in scope, while valid retention needs may still apply to some records.
Who can see the result?›
Access should be limited to the requester, authorized users, PRAMAAN operators where needed, and the verified person where the workflow provides it.
Does PRAMAAN send personal data outside India?›
Use PRAMAAN’s current trust and India-region pages for the latest architecture wording. Avoid absolute residency claims unless the published policy supports them.
How do I raise a DSR?›
Use the DSR route for access, correction, erasure, nomination, and related requests.
What happens for minors?›
Use PRAMAAN’s under-18 trust guidance and human handoff for any unclear or sensitive case.
When should I file a grievance?›
File a grievance when a privacy or data-rights issue remains unresolved after the normal support or DSR route.
Glossary terms
When to talk to a human
Use DPO, DSR, or grievance paths for legal, privacy, account-specific, or unresolved DPDP questions.
Use formal routes for data rights
Access, correction, erasure, nomination, consent withdrawal, and grievance requests should use DSR, DPO, or grievance pages so scope and handling are tracked.
Was this helpful?
Feedback helps PRAMAAN improve support answers without collecting raw identity data.
Move safely from answer to action
Use the route that matches the sensitivity of your case. Keep raw documents out of support messages unless a controlled workflow asks for them.