Privacy Policy

PublicShikayat (the “Service”) is operated by Scorpyns Technologies Private Limited (“Scorpyns”, “we”, “us”), an Indian private limited company with its registered office at 2254/4, Pipliwala Town, Sector-13, Manimajra, Chandigarh — 160101, India.

This Privacy Policy explains how we collect, use, share, and protect personal data when you interact with PublicShikayat — whether you are a citizen filing a grievance, a member of office staff using the platform to handle complaints, or a tenant organisation (an MP's office, an MLA's office, a municipality, etc.) that subscribes to the Service.

We follow India's Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

We collect the minimum personal data required for the Service to function. The specifics depend on who you are:

From citizens filing a grievance. Your full name, voter ID number (EPIC), email address, phone number (optional), residential address, PIN code, the department your complaint relates to, and the description of the complaint itself. If you choose to send photos, voice notes, location pins, or documents along with your complaint, we receive and store those. Voter ID and email are mandatory because they prove the complaint came from a real constituent.

From office staff and tenant administrators. Your work email, name, role, phone number (optional), and a hashed password. We log when you sign in, what cases you act on, and what messages you send through the admin panel — this is the audit trail your office needs.

From tenant organisations. Organisation name, slug, billing contact, address, GSTIN (if registered), preferred WhatsApp display name, and any custom departments or fields configured for your office.

Automatically. IP address, browser/device information, page or screen visited, and timestamps — kept in our security logs. A small number of essential cookies (described in our Cookies notice). We do not use any third-party advertising or tracking cookies.

We process personal data for the following purposes only:

• To run the platform. Route a citizen's grievance to the correct office and the correct department officer; generate a reference number; send acknowledgements and status updates; let staff respond.
• To authenticate you. Verify your phone (via WhatsApp), email (via OTP), and your voter ID (via format validation) so that complaints come from real people who live in the constituency.
• To communicate. Transactional messages over WhatsApp and email — the acknowledgement when you file, status updates as the case moves, and a note when it's resolved.
• To improve and secure the Service. Detect abuse, prevent fraud and spam, fix bugs, and improve flows. We do not use citizen complaint content to train any AI model.
• To comply with the law. Respond to lawful directions from government authorities and courts, comply with statutory record-keeping obligations.

We share personal data only as needed to deliver the Service and only with the following categories of recipients:

• The tenant office whose grievance line you used. If you file a grievance with the office of an MP, MLA, or municipality, that office's authorised staff see your complaint. They are the data controller for the substance of the complaint; we are their data processor.
• The department officer your case is forwarded to. When the office forwards your case (for example, to a Tehsildar or PSPCL officer), that officer receives your reference number, the description, your locality, and a tokenised link to respond. Officers do not get your full voter ID.
• Service providers we use to deliver the platform. WhatsApp / Meta (for messaging via the Cloud API), Google (Gmail SMTP for transactional email), and our own MongoDB and MinIO storage running on Scorpyns infrastructure in India.
• Government authorities and courts, where required by a lawful order or to comply with statutory obligations.

We do not sell your personal data, share it with advertisers, or use it for any purpose unrelated to running the Service.

Each tenant office may publish a public “audit” page that lists every grievance filed with that office. This is core to the Service and the reason it exists — civic accountability requires visibility.

On the public audit page we always redact the following before display:

• Your full name → reduced to a first name and initials of subsequent names.
• Your full voter ID → only the last four characters appear.
• Your full phone number → only the last four digits appear.
• Your email → never displayed publicly.
• Your full address → never displayed; only the assembly segment, if any.
• Your description of the complaint → not displayed publicly at all.

What is public on the audit page: the reference number, the department, the status, dates, and the redacted complainant attribution. The point is to make the office's responsiveness measurable, without exposing complainants.

Personal data is stored on infrastructure owned and operated by Scorpyns in India — primarily our MongoDB cluster and MinIO object storage hosted in Punjab. Operational metadata about messages necessarily transits Meta and Google global networks when we use WhatsApp and Gmail to deliver acknowledgements; the underlying message content sits encrypted in transit.

We retain personal data only as long as needed for the purposes above:

• Citizen grievances and the public audit ledger. Retained for the lifetime of the case and for up to seven (7) years thereafter as part of the office's public record.
• Citizen contact details (email, phone, voter ID). Stored against the grievance for as long as the grievance is retained, then redacted in line with the public audit redaction rules above.
• Office staff accounts. Retained while the account is active and for one (1) year after deactivation, after which the personal identifiers are removed and only the activity metadata remains for audit-trail purposes.
• Security and access logs. Retained for ninety (90) days.
• Tenant billing records. Retained for the period required by tax and accounting law in India (currently eight years).

As a Data Principal under the DPDP Act, 2023, you have the right to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate or out-of-date data and complete incomplete data.
• Erase your personal data, subject to exceptions for ongoing grievances, statutory record-keeping, and the public-audit redactions described above.
• Withdraw consent for any processing that relies on consent.
• Nominate another individual to exercise your rights in the event of your death or incapacity.
• Lodge a grievance with our Grievance Officer (below) and, if unresolved, with the Data Protection Board of India.

To exercise any of these rights, write to [email protected]. We respond within thirty (30) days.

We apply reasonable security practices proportionate to the sensitivity of the data:

• TLS / HTTPS for all data in transit.
• Encrypted storage at rest for backups and object storage.
• Bcrypt hashing for passwords; tenant API keys hashed in the database.
• Per-tenant origin allowlisting on the public submit endpoint.
• Role-based access control inside the admin panel — staff see only their tenant's data.
• An append-only audit log of every staff action, retained alongside the case.
• Regular dependency updates, signed Docker images, and infrastructure on our own server hardware in India.

No system is perfectly secure. If you believe your account or any personal data has been compromised, please write to [email protected] immediately.

PublicShikayat is intended for adults. We do not knowingly accept grievances from a Data Principal under the age of eighteen (18). If you believe a minor has filed a grievance through the Service, please contact us so we can review and remove the data.

We may update this Policy from time to time to reflect changes in our practices or in applicable law. The updated version takes effect from the “Last updated” date shown at the top. Material changes will be communicated by email to tenant administrators and via a banner on this Service for at least fourteen (14) days.

For any concern, request, or grievance relating to your personal data, contact our Grievance Officer:

Grievance Officer
Scorpyns Technologies Private Limited
2254/4, Pipliwala Town, Sector-13, Manimajra, Chandigarh — 160101, India
Email: [email protected]
Phone: +91 97790 04443

We acknowledge grievances within seven (7) working days and resolve them within thirty (30) days, in line with the DPDP Act and the IT Rules, 2011.