Privacy notice

Privacy Notice

This notice explains what PRAMAAN collects, why it is collected, how it is shared, how long it is retained, and which rights under the Digital Personal Data Protection Act, 2023 (DPDPA 2023) users can exercise.

Exercise DPDP rights Contact DPO

Last reviewed: 2026-05-21
Law: DPDPA 2023
Template: NYAYA v1.1
Rights channel: DSR portal

Consent-first verification

Every check is tied to an explicit, scoped consent record.

Purpose-limited use

Data is used for the stated verification, badge, support, rights, or reliability purpose.

No data sale

PRAMAAN does not sell verification data or display third-party advertising.

Retention clarity

Default retention periods and erasure paths are listed below.

Entity disclosure

Data Fiduciary

PRAMAAN / TALPRO INDIA PRIVATE LIMITED

PRAMAAN is operated by TALPRO INDIA PRIVATE LIMITED.

CIN: U74999KA2020PTC135946
Registered office: Bengaluru, Karnataka — 560068
DPO: [email protected]
Grievance Officer: [email protected]

Structured categories

What We Collect

Personal data categories collected by PRAMAAN
Category	Data	Primary purpose
Verifier account data	Name, email, phone, role, and optional company information.	Account access, consent requests, billing, support, and audit trail.
Data Principal verification data	Aadhaar offline XML, PAN where consented, address proof, face photo, court-record sweep results, and employment or education references where consented.	To complete the specific verification requested with explicit consent.
Worker badge data	Identity/KYC status, phone OTP, skill self-declarations, and employer references for W-Pro/Premium where applicable.	To issue and maintain a portable worker trust badge.
Usage and analytics data	Privacy-first analytics events and product usage signals without cross-site tracking.	Reliability, abuse prevention, product improvement, and aggregate reporting.
Communication and support data	Emails or submissions sent to support, the DPO, or the Grievance Officer.	Responding to support, rights, and grievance requests.
Payment processor data	Razorpay receives payment details needed to process cards, UPI, invoices, refunds, and payment disputes.	Payment authorization, reconciliation, fraud checks, refunds, and statutory accounting.

Category: Verifier account data
Data: Name, email, phone, role, and optional company information.
Primary purpose: Account access, consent requests, billing, support, and audit trail.

Category: Data Principal verification data
Data: Aadhaar offline XML, PAN where consented, address proof, face photo, court-record sweep results, and employment or education references where consented.
Primary purpose: To complete the specific verification requested with explicit consent.

Category: Worker badge data
Data: Identity/KYC status, phone OTP, skill self-declarations, and employer references for W-Pro/Premium where applicable.
Primary purpose: To issue and maintain a portable worker trust badge.

Category: Usage and analytics data
Data: Privacy-first analytics events and product usage signals without cross-site tracking.
Primary purpose: Reliability, abuse prevention, product improvement, and aggregate reporting.

Category: Communication and support data
Data: Emails or submissions sent to support, the DPO, or the Grievance Officer.
Primary purpose: Responding to support, rights, and grievance requests.

Category: Payment processor data
Data: Razorpay receives payment details needed to process cards, UPI, invoices, refunds, and payment disputes.
Primary purpose: Payment authorization, reconciliation, fraud checks, refunds, and statutory accounting.

Purpose limitation

Why We Collect It

PRAMAAN collects data to deliver the verification or worker-badge service requested by the verifier and consented to by the Data Principal. Each check has an explicit, scoped, granular consent record linked to the stated purpose.

Retention and erasure

Retention Table

PRAMAAN retention periods
Record type	Default retention	Reason	Erasure path
Verification records	36 months default	Verifier auditability and dispute handling.	Use DSR erasure where legally available.
Consent log	7 years	Evidentiary record for consent, purpose, and workflow trace.	Restricted where retention is needed for legal evidence.
Account data	Until account closure + 90 days	Account operations, billing, and compliance wind-down.	Close account or use DSR.
Worker badges	While badge remains active	Badge portability and scan verification.	Deactivate badge or use DSR.

Record type: Verification records
Default retention: 36 months default
Reason: Verifier auditability and dispute handling.
Erasure path: Use DSR erasure where legally available.

Record type: Consent log
Default retention: 7 years
Reason: Evidentiary record for consent, purpose, and workflow trace.
Erasure path: Restricted where retention is needed for legal evidence.

Record type: Account data
Default retention: Until account closure + 90 days
Reason: Account operations, billing, and compliance wind-down.
Erasure path: Close account or use DSR.

Record type: Worker badges
Default retention: While badge remains active
Reason: Badge portability and scan verification.
Erasure path: Deactivate badge or use DSR.

Rights request paths