Samidha
Back to all policies

Privacy Policy

Governing collection, processing, storage, and use of personal data.

Samidha FinTech Private Limited · CIN U62010MR2026PTC474997 · Last updated: June 2026

1. Introduction and Identity of Data Fiduciary

Samidha FinTech Private Limited (hereinafter 'SAMIDHA', 'We', 'Us', or 'Our'), incorporated under the Companies Act, 2013, CIN U62010MR2026PTC474997, registered in Maharashtra, India, operates the digital donation management platform at / ('Platform').

SAMIDHA is committed to protecting the privacy, confidentiality, and security of all personal data processed through the Platform. This Privacy Policy ('Policy') sets out Our practices regarding the collection, storage, processing, use, disclosure, and protection of personal data in accordance with the Digital Personal Data Protection Act, 2023 ('DPDP Act'), the Information Technology Act, 2000 ('IT Act'), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ('SPDI Rules').

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, you must immediately discontinue use of the Platform.

2. Definitions

  • "Data Fiduciary" means Samidha FinTech Private Limited, which determines the purpose and means of processing personal data.
  • "Data Principal" means the natural person to whom personal data relates, including Donors, Users, and NGO representatives.
  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data (DPDP Act, 2023).
  • "Sensitive Personal Data or Information (SPDI)" includes financial information, payment instruments, PAN, passwords, and other categories under the SPDI Rules, 2011.
  • "Consent" means a free, specific, informed, unconditional, and unambiguous indication of agreement to processing of personal data.
  • "Donor" means any individual, organisation, or corporate entity making a donation through the Platform.
  • "NGO" means any charitable organisation, trust, society, or Section 8 company registered on the Platform.
  • "1Pay" means the authorised payment gateway partner of SAMIDHA (https://www.1pay.in).

3. Scope and Applicability

This Policy applies to all individuals who visit, register on, or use the Platform in any capacity; all Donors; all NGOs and their representatives; all campaign managers, volunteers, and administrators; and personal data collected through the Platform's website, mobile interface, emails, SMS, and WhatsApp communications.

4. Categories of Personal Data Collected

4.1 Donor Personal Data

  • Full name as per government-issued identity documents
  • Email address and mobile number
  • Residential and postal address, city, state, PIN code, and country
  • Permanent Account Number (PAN) — mandatory for 80G tax benefit under Section 80G(5)(viii), Income Tax Act, 1961
  • Passport number (NRI donors, where applicable)
  • Donation amount, purpose, and history; communication preferences

4.2 NGO and Organisational Data

  • Organisation name, type of registration, and registration details
  • PAN, 12A registration number, 80G registration number
  • FCRA registration number (where applicable)
  • NGO Darpan unique ID; bank account details for settlement
  • KYC documents of trustees, directors, and authorised signatories
  • Audited financial statements, annual reports, and compliance declarations

4.3 Payment and Transaction Data

Payment processing is handled exclusively by 1Pay. SAMIDHA does not store full card numbers, CVV, or authentication credentials. Data collected includes transaction reference numbers, gateway IDs, payment status, UPI/bank reference numbers, and refund/chargeback records.

4.4 Technical and Device Data

  • IP address, browser type, operating system, and device model
  • Session information, access timestamps, referring URLs
  • Platform usage analytics, clickstream data, and error logs

4.5 Membership Data

Where SAMIDHA provides membership management services on behalf of a Member Organisation, We collect and process member registration details, membership category, contribution records, and membership communication preferences. Such data is processed in accordance with the Membership Management Policy at /membership-policy.

5. Purposes of Data Processing

  • Processing and settlement of donations through the Platform.
  • Generation of donation receipts, 80G certificates, and tax compliance documents under the Income Tax Act, 1961.
  • Support for NGO's Form 10BD and Form 10BE filing obligations.
  • Verification of Donor identity for tax benefit eligibility.
  • Verification, onboarding, and compliance monitoring of NGOs.
  • Prevention and detection of fraud, money laundering, and platform misuse.
  • Compliance with AML, counter-terrorism financing, and sanctions obligations.
  • Maintaining audit trails and transaction records as required by law.
  • Sending donation confirmations, tax receipts, and impact updates.
  • Responding to queries, grievances, and support requests.
  • Improving Platform performance and user experience.
  • Compliance with orders of courts, tribunals, and regulatory authorities.

6. Legal Basis for Processing

  • Consent: For marketing communications and optional personalisation features.
  • Contractual Performance: For processing donations and delivering Platform services.
  • Compliance with Law: For tax reporting, FCRA compliance, and regulatory responses.
  • Legitimate Interest: For fraud prevention and platform security.

7. Sensitive Personal Data

SAMIDHA processes SPDI, including PAN and financial information, only to the extent strictly necessary for donation processing, 80G tax receipt generation, income tax compliance, identity verification, and NGO KYC. Such data is processed with appropriate technical and organisational safeguards.

8. Consent Management

Where processing is consent-based, you may withdraw consent at any time by using the opt-out feature in your account or by writing to Our Grievance Officer. Withdrawal does not affect lawfulness of prior processing. Where processing is required by law or for contractual obligations, withdrawal may limit available services.

9. Third-Party Data Sharing and Disclosure

9.1 Payment Gateway — 1Pay. 1Pay processes payment transactions on behalf of SAMIDHA. Data shared is limited to what is necessary for payment processing, settlement, fraud detection, and regulatory compliance. 1Pay's privacy policy is available at https://www.1pay.in.

9.2 Receiving NGOs. Relevant Donor information (name, PAN, donation amount) is shared with the receiving NGO to enable 80G receipt issuance and donor record maintenance as required under the Income Tax Act, 1961.

9.3 Government and Regulatory Authorities. SAMIDHA may disclose personal data to income tax authorities, the Ministry of Home Affairs (FCRA), the Reserve Bank of India, the Ministry of Electronics and Information Technology, courts, and law enforcement agencies as required by law.

9.4 Technology Service Providers. Cloud hosting, storage, communication, analytics, and security providers are engaged subject to data processing agreements incorporating security and confidentiality obligations.

9.5 No Sale of Personal Data. SAMIDHA does not sell, rent, or commercially exploit personal data of Data Principals.

10. Cross-Border Data Transfers

Where international cloud or technology providers are used, personal data may be transferred outside India. SAMIDHA ensures such transfers comply with the DPDP Act, 2023 and any directions of the Data Protection Board of India.

11. Data Retention

  • Donation transaction records: minimum seven (7) years (Income Tax Act, 1961).
  • FCRA-related records: as prescribed under FCRA, 2010.
  • NGO verification and KYC documents: duration of registration plus five (5) years.
  • Communication and support records: three (3) years from last interaction.
  • Technical and security logs: up to one (1) year.

Upon expiry, personal data is securely deleted or anonymised.

12. Rights of Data Principals

Under the DPDP Act, 2023, you have the right to: (a) access a summary of personal data held and its processing purposes; (b) request correction of inaccurate data or erasure of data no longer necessary; (c) grievance redressal by Our Grievance Officer and, if unsatisfied, by the Data Protection Board of India; (d) nominate another individual to exercise rights in the event of death or incapacity; and (e) withdraw consent for consent-based processing. To exercise rights, submit a written request to Our Grievance Officer. We will respond within the period prescribed by law.

13. Children's Privacy

The Platform is not directed at individuals below eighteen (18) years. SAMIDHA does not knowingly collect personal data from minors. If such data is collected inadvertently, it will be deleted promptly upon discovery.

14. Security Measures

SAMIDHA implements SSL/TLS encryption for data in transit, AES-256 encryption for sensitive data at rest, role-based access controls, secure payment processing through 1Pay aligned with PCI DSS standards, regular security assessments, and comprehensive audit logging. Please refer to Our Security Policy at /security-policy for further details.

15. Data Breach Response

In the event of a personal data breach likely to cause harm, SAMIDHA will notify the Data Protection Board of India within the prescribed period, notify affected Data Principals in accordance with law, and take remedial action to prevent recurrence.

16. Grievance Officer and Contact

Grievance Officer — SAMIDHA, Samidha FinTech Private Limited.

Email: privacy@samidhadonor.in

Website: /contact

Address: Maharashtra, India. Response Time: Within thirty (30) days of receipt.

17. Updates

This Policy may be updated periodically. Material changes will be notified to registered users by email or prominent Platform notice. Continued use after notification constitutes acceptance.

Related policies

Terms and ConditionsCookie PolicyRefund PolicySecurity PolicyNGO Verification PolicyMembership Management Policy