Privacy is the
architecture.

This policy applies to the Asmita platform - the website you are reading now, the case dashboard you sign in to with an email one-time-code, and any notices, evidence packages, or correspondence the platform produces on your behalf.

It does not cover the websites of any platform Asmita sends a takedown notice to, the cybercrime portal at cybercrime.gov.in, the Grievance Officers we email, or any third-party service you visit from a link in our pages. Those services have their own privacy policies.

Asmita (अस्मिता) is a free, India-specific platform built to help women remove non-consensual intimate content from the internet. It operates as a privacy-first notice and tracking service under the framework of the IT Rules 2021 and the Digital Personal Data Protection Act, 2023.

Asmita is currently in a pre-launch phase. The legal entity that will operate the production service, and the registered office address, will be published at this section before public launch. For the time being, all enquiries should be sent to the Grievance Officer email listed in section 16.

The data Asmita stores can be divided into five categories. None of it is collected for marketing, profiling, or sale.

• Account data. Your email address (used only to send one-time login codes), and the timestamp of each sign-in. Asmita does not store passwords because Asmita does not use passwords.
• Case data. The URLs you submit (as text strings), the platform name detected from each URL, the digital declaration you sign when you create a case, and any notes you choose to add to the case. URLs are stored encrypted at rest.
• Notice and response data. The text of the takedown notices we send on your behalf, the timestamps of each delivery attempt, and the contents of any reply the platform sends to our handling address.
• Operational logs. Limited server logs that record IP address, user-agent, request path, status code, and timestamp - used for abuse detection and security incident review. These are kept for 30 days and then automatically purged.

Some things Asmita refuses to collect by design - meaning the architecture would have to be re-built before it could ever start collecting them.

• The intimate content itself. We do not request, fetch, render, download, proxy, cache, hash, thumbnail, transcode, or otherwise interact with the media behind any URL you share. URLs are opaque text tokens. A network-level monitor blocks outbound requests to any submitted URL host as a defence in depth.
• Passwords or biometric templates. Authentication is by email one-time code only.
• Aadhaar, PAN, or any government ID. Asmita does not collect, request, or accept Aadhaar offline-XML bundles, PAN cards, or any other government identity document. The email you sign in with is the verified identity tied to your case.
• Tracking pixels, advertising identifiers, or cross-site cookies. See section 12.

Each piece of data exists because a specific feature would not work without it. We list the purposes explicitly so you can hold us to them.

• Email address - to authenticate you (one-time codes), to send case status updates, and to receive replies from platforms on your behalf.
• URL strings - to identify which platform each notice is addressed to, to compose the notice, and to record what was sent for your audit trail.
• Declaration text - to satisfy the legal requirement that the person filing the notice declares ownership of the rights, under penalty of law.
• Operational logs - to detect abuse of the platform, to investigate security incidents, and to meet auditability requirements.

Under the Digital Personal Data Protection Act, 2023 (“DPDP Act”), Asmita processes your data on the basis of your explicit consent, which you give at registration and again at the point of each case creation. The consent is purpose-specific - agreeing to create a case does not consent to anything outside of preparing and routing the takedown notice you ask for.

For the limited operational logs described in section 3, Asmita relies on legitimate use under Section 7 of the DPDP Act, restricted to security and abuse prevention. These logs are not used for any other purpose.

The retention schedule below is enforced by automated jobs. Times are measured from the date the relevant event ends (case resolution, account deletion, log creation).

• Active case data: kept while the case is open and for 90 days after the case is resolved or closed, so you have time to download your audit trail and FIR package.
• Account data: kept until you delete your account.
• Account deletion: soft delete is immediate. A scheduled job permanently erases the account and all linked case data 30 days after soft delete, unless you have an open legal hold.
• Operational logs: 30 days, then auto-purged.
• Notice templates and audit metadata (anonymised): kept indefinitely for the purpose of platform-response statistics and accountability reporting. These contain no personal data.

Asmita shares your data only in the narrow circumstances listed below. We do not sell data. We do not exchange data with advertisers, data brokers, or social-media platforms outside the takedown notice itself.

• Platforms, when you send a notice. The notice we send on your behalf contains the URLs you submitted, the platform name, your declaration text, and the contact email you authorised the platform to reply to. Nothing else.
• Government bodies, only when compelled. We disclose data to a law-enforcement agency only on receipt of a valid order under Indian law. We will attempt to notify you of any such order unless we are legally prohibited from doing so.
• NGO partners, only when you ask. If you choose to vouch through an NGO partner (for example, where a survivor cannot reasonably attest independently), the NGO sees only what you authorise it to see for that vouching action.
• Infrastructure providers, under contract. Asmita uses managed infrastructure for database, email delivery, and hosting. These providers process data under written agreements that bind them to use it only for providing the service to Asmita.

Security is a stack of overlapping controls. None of them is perfect alone; together they make compromise expensive.

• Encryption. All data at rest is encrypted at the disk layer. Sensitive fields - submitted URLs, declaration text, KYC bundles - are also encrypted at the application layer with per-case keys before storage.
• Network isolation. The application servers run inside a private network with no outbound access to the public internet, except for the specific platform endpoints needed for notice delivery.
• Authentication. Email one-time codes only, with rate limits on requests and on URL submissions (10 URLs per 24 hours per account).
• CSRF and session integrity. All state-changing requests are CSRF-protected. Session cookies are HTTP-only, Secure, and SameSite-Lax.
• Audit logging. Every access to sensitive data by an administrator is recorded in an append-only security event log.
• No-fetch monitor. A live integrity check verifies the no-fetch invariant - that the application does not make outbound HTTP requests to user-submitted URLs. If it ever did, alerting fires immediately.

The Digital Personal Data Protection Act, 2023 gives you a set of rights over your own data. Asmita honours each of them without charge.

• Right to access. You can download every piece of data we hold about you, at any time, from your case dashboard.
• Right to correction. You can edit your email address, declaration text, and any free-text fields in your case. URL submissions can be withdrawn but not edited (so the audit trail stays sound).
• Right to erasure. You can delete your account at any time. After a 30-day soft-delete window - during which you can restore - the data is permanently erased.
• Right to grievance redressal. You can write to the Grievance Officer listed in section 16. We acknowledge every grievance within 72 hours and resolve or escalate within 14 days, in line with the DPDP Act and IT Rules 2021.
• Right to nominate. You can nominate another person to exercise these rights on your behalf in case of incapacity or death. Contact the Grievance Officer to set this up.

Asmita does not knowingly collect any personal data from a person under the age of 18. The age attestation at the start of every case flow routes anyone who indicates they are under 18 away from URL submission and into a curated set of child-safety resources, including CHILDLINE 1098, TakeItDown (NCMEC), and cybercrime.gov.in.

If we learn that we have collected data from a minor through an inaccurate attestation, that data is deleted immediately and the case account is closed. Concerned parents or guardians can write to the Grievance Officer.

Asmita uses two cookies, both strictly functional: a session cookie that keeps you signed in, and a language-preference cookie that remembers whether you chose English or Hindi. No third-party advertising, marketing, or tracking cookies are set by Asmita.

Asmita does not use Google Analytics, Facebook Pixel, or any equivalent third-party analytics suite. Aggregate platform-response statistics are computed from internal logs that contain no personal data.

Asmita is built for India. All personal data is stored on servers physically located in India. The list of sub-processors (database, email, hosting) is maintained in our public sub-processor register and updated whenever the list changes.

We do not transfer your data outside India, except where a specific platform you have asked us to send a notice to is located outside India - in which case the notice itself (and only the notice) crosses the border.

If a personal-data breach occurs that is likely to result in risk to you, we will notify the Data Protection Board of India and the affected users without undue delay, in accordance with the DPDP Act and the rules made under it. The notification will include the nature of the breach, the data affected, the likely consequences, and the steps we have taken to contain it.

Even when not legally required, we will notify you of any incident that affected your case data.

We will post any change to this policy at this URL, with a new “Last updated” date at the top. For material changes - anything that expands what we collect, broadens with whom we share, or lengthens retention - we will give you at least 30 days’ advance notice by email before the change takes effect.

The Grievance Officer is the named human responsible for replying to your privacy questions and grievances. The production-launch contact will be added to this section before public launch.

For now, please write to grievance@asmita.in with the subject line “Privacy grievance”, or use the contact page.

Notice templates and policy posture have been reviewed informally with Internet Freedom Foundation and SFLC.in. A full legal opinion is on file and will be linked here at production launch.