Privacy Policy

DPDP Act 2023 — §11 Notice of Processing

Last updated: 2026-05-24 · Version 1.0

1. Who we are

Bharat OS is operated by [Operating entity, to be inserted at registration], a data fiduciary registered under India's Digital Personal Data Protection Act 2023 ("DPDP Act"). Our role under the Act is that of a Data Fiduciary — we determine why and how your data is processed within the Bharat OS platform.

2. What data we collect

Bharat OS deliberately collects the minimum data needed to deliver the features you ask for. Specifically:

Display name + language. Captured when you create your identity. No last name, no Aadhaar number, no phone number are required.
Your Ed25519 public key. Generated on identity creation. Used to verify that an action came from your device. Public — not secret.
Your private key + vault key. Generated on identity creation. Held on the server during the Phase 2a demo period only; Phase 2b moves these to your device's hardware keystore. Even today, they are never exposed via export endpoints (see §6).
Action records. Each time you ask Bharat OS to do something (book a cab, look up a record, mint an attestation), we store a structured receipt: the intent text, the action type, the decision the policy engine made, and the receipt the tool adapter returned. These are visible to you and only you.
Consent records. Every time a tool reads or writes data on your behalf, a signed consent receipt is recorded in the ledger. You can revoke any consent at any time.
Mesh participation events. If you opt in to share compute or storage, each contribution event is logged with the payout amount.
Health document captures, when you opt in. OCR text runs on-device; only the structured fields you confirm go to ABHA.

We do not collect: your contact list, your location history, your messages, your browsing history, your raw transaction data, your Aadhaar number, your biometric templates, the contents of other apps on your phone. Bharat OS is not a tracking platform.

3. Why we collect it (Purpose)

We process your data only for the following purposes, each tied to an explicit consent you gave us:

To deliver the action you requested. Booking a cab needs to know who is booking; pulling your health record needs to know whose record to pull.
To prove your action happened. Signed receipts let you (or a verifier with your consent) confirm that an action ran.
To pay you, when you participate in mesh / federated rounds. UPI payouts need a record of what you contributed.
To honour government compliance requirements we are subject to (tax, anti-money-laundering on UPI escrow, RBI rules on financial workflows).

We do not use your data for advertising. We do not sell your data. We do not train models on your data without your explicit per-round federated_donation consent.

4. Who we share it with

When you ask Bharat OS to do something that involves a third party (book a cab through ONDC, verify an Aadhaar attestation, file a claim with DigiLocker), we share only the data the third party strictly needs, and only after your explicit consent. The audit trail records exactly what was shared and with whom.

When you create a Trust Passport attestation and share it with a landlord / employer / bank, the verifier sees only the band-or-boolean claims you chose to disclose — never the underlying raw values.

We never share your data with advertisers, data brokers, foreign governments outside of Indian legal process, or any party without a legitimate purpose that you have consented to.

5. How long we keep it

Bharat OS keeps your records for as long as you maintain an account. When you exercise your Right to Erasure, every record is destroyed and all references in our audit ledger are anonymised.

Some categories — UPI escrow receipts, tax-relevant transaction records — may be retained for the period required by Indian law (typically 7 years), but only in anonymised form once you've exercised your erasure right. No personally identifying information remains.

6. Your rights under the DPDP Act

Right to access (§11): you can download a complete export of every record we hold about you. Profile → Settings → Download my data.
Right to correction (§12(1)): you can revoke any consent and re-issue with corrected fields.
Right to erasure (§12(3)): you can request complete deletion. Profile → Settings → Delete my account. We cascade through every section of our store and anonymise ledger entries; the action is permanent.
Right to nominate (§14): you can designate a person to exercise your rights on your behalf, e.g. in the event of death or incapacity. Contact our DPO to register a nomination.
Right to grievance redressal (§13): if you are dissatisfied with how we handle your data, escalate to our Data Protection Officer (contact in §7) within 30 days.

We respond to all DPDP requests within 30 days (the statutory ceiling). If we cannot complete a request in that window we will write to you with the reason and the expected completion date.

7. Grievance Officer

As required by DPDP §13, we name a Data Protection Officer whose contact details are:

[Loading current DPO contact from /api/dpdp/grievance …]

If your grievance is not resolved within 30 days you may escalate to the Data Protection Board of India at www.dpdpb.gov.in.

8. Cryptographic key material

Your Ed25519 private key and vault encryption key are protected by your 12-word recovery phrase. The phrase is deterministically derived from your public key — we cannot recreate it for you if you lose it. Bharat OS cannot recover your account if you lose your recovery phrase.

Phase 2b will move private key custody from the server to your device's hardware-backed keystore (Android Keystore). Until then, your private key is held server-side for the demo period only and is excluded from data exports to prevent attack surface (a stolen export file would otherwise be a fully usable identity).

9. Children

Bharat OS is not intended for users under 18. DPDP §9 requires verifiable parental consent for the processing of children's data; we do not offer that workflow today. If you are a parent or guardian and believe a child has created an account, contact our DPO and we will erase the account.

10. Changes to this policy

We will notify you of material changes via the Bharat OS app and (when implemented) via your registered contact method. The version number and "last updated" date at the top of this page change with every revision; an audit trail of prior versions is available on request.