Legal & Transparency

Privacy Policy

Sakshama is committed to protecting the privacy and dignity of every woman entrepreneur on our platform. This policy explains how we collect, use, and safeguard your data — transparently and in full compliance with Indian law.

Effective: 1 January 2026 Last Updated: 1 June 2026 DPDP Act 2023 Compliant
Home Privacy Policy
"ती" चे डेटा संरक्षण — आमची जबाबदारी
Protecting her data is our responsibility.

Plain-language summary: Sakshama collects only the data needed to connect women entrepreneurs with government schemes, mentorship, and community. We do not sell your data. Government agencies and GAIB (Government AI & Big-Data) portals may receive anonymised, aggregated information for policy purposes only — never your personal details without your consent.

01. Introduction

Sakshama ("we", "our", "us") is a digital initiative dedicated to empowering women entrepreneurs across India, with a special focus on Maharashtra. Operated under the aegis of women-empowerment mandates of the Government of Maharashtra's WCD (Women & Child Development) and aligned with the National Mission for Empowerment of Women (NMEW), our platform aggregates government schemes, mentorship networks, and skill-building resources.

This Privacy Policy governs the collection, storage, processing, and disclosure of personal data submitted through the Sakshama website (sakshama.co.in), mobile applications, and any related services (collectively, the "Platform"). By registering or using the Platform you accept this policy.

02. Scope & Application

This policy applies to:

  • All registered women entrepreneurs, aspiring founders, and mentors on the Platform.
  • Visitors who browse the Platform without registering.
  • Partner organisations, government departments, and NGOs that access the Platform's data APIs.
  • Employees, contractors, and volunteers of Sakshama who process personal data on our behalf.

This policy does not apply to third-party government portals (e.g. udyamregistration.gov.in, mahaonline.gov.in) that you may navigate to via links on our Platform. Those portals are governed by their own privacy policies.

03. Definitions

  • Personal Data: Any information that identifies or can identify a natural person — name, Aadhaar, PAN, phone, email, address, business details, etc.
  • Sensitive Personal Data (SPDI): Financial data, health records, biometrics, sexual orientation, or religious beliefs as defined under IT (Amendment) Act 2008.
  • Data Principal: The individual (woman entrepreneur or user) whose data is collected.
  • Data Fiduciary: Sakshama — the entity that determines the purpose and means of data processing.
  • GAIB: Government AI & Big-Data initiatives including schemes under MeitY, NITI Aayog, and Maharashtra's MahaIT — used for anonymised policy analytics.
  • WCD: Department of Women & Child Development, Government of Maharashtra.
  • Processing: Any operation performed on personal data — collection, storage, use, disclosure, erasure.

04. Data We Collect

A. Information you provide directly

  • Full name, date of birth, gender, contact number, email address.
  • Home district, state (Maharashtra focus), and PIN code.
  • Business name, MSME/Udyam registration number, business category, and turnover range.
  • Aadhaar number (last 4 digits only, for KYC verification — full Aadhaar is not stored).
  • Bank account details (IFSC + account number) for direct-benefit transfer linkage — stored encrypted.
  • Caste / community (SC / ST / OBC / General) — optional, to match reserved-category schemes.
  • Self-Help Group (SHG) membership, Mahila Bachat Gat affiliation if applicable.
  • Uploaded documents: business plan, photographs, certificates — stored securely.

B. Information collected automatically

  • IP address, device type, browser, operating system.
  • Pages visited, time spent, links clicked, search queries within the Platform.
  • Location data (city/district level only, if location permission granted).
  • Session tokens, cookies, and similar technologies (see Section 14).

C. Information from third parties

  • DigiLocker-verified document confirmations (business registration, educational certificates).
  • Government database matches (Udyam, Jan Dhan, PMEGP) — for scheme eligibility checks only.
  • Social login data (Google, LinkedIn) — name, email, profile photo if you choose social sign-in.

05. Purpose of Collection

We collect and process personal data for the following specific, lawful, and transparent purposes:

  • Scheme Matching: Identifying government and state-level schemes you are eligible for based on your business, location, and category.
  • Mentorship Pairing: Connecting you with appropriate mentors, incubators, and business networks.
  • Application Assistance: Pre-filling government application forms to reduce administrative burden.
  • Workshop Registration: Enrolling you in relevant training, webinars, and WEP events.
  • Platform Improvement: Analysing usage patterns to improve features (using aggregated, anonymised data only).
  • Communications: Sending you scheme updates, deadlines, workshop invitations, and newsletters (with opt-out).
  • Legal Compliance: Meeting obligations under Indian law, court orders, or regulatory directions.
  • Policy Research: Contributing anonymised, de-identified data to government and GAIB policy research on women entrepreneurship in Maharashtra and India.

07. Data Sharing & Disclosure

We do not sell your personal data. We share it only in these circumstances:

  • With your explicit consent: When you apply for a scheme, your application data is shared with the relevant government department or nodal agency.
  • Service Providers: Cloud hosting (AWS / Azure India regions), SMS/email gateways, and payment processors — bound by data processor agreements.
  • Mentors & Partners: Only name, business sector, and city — no financial or identity documents — shared with verified mentors you agree to connect with.
  • NGO & CSR Partners: Aggregated, anonymised data only (e.g., district-wise business registrations) for research and programme design.
  • Legal Authorities: If required by a competent court, CERT-In, or law enforcement — we will inform you where legally permissible.
  • Business Transfers: In the event of a merger or acquisition, data will be transferred only to an entity committed to this privacy policy.

08. Government Integration & GAIB (AI/Big-Data)

Sakshama participates in India's Government AI & Big-Data (GAIB) framework under MeitY and NITI Aayog's India AI Mission to help shape evidence-based women-entrepreneurship policy.

We share data with government AI/Big-Data systems strictly on these terms:

  • Anonymised only: No name, Aadhaar, PAN, or phone number is ever shared. Data is aggregated at district level before transmission.
  • Purpose-limited: Shared exclusively for policy research, scheme effectiveness evaluation, and National Women Entrepreneurship Index (NWEI) computation.
  • NITI Aayog Alignment: Contributing to the Women Entrepreneurship Platform (WEP) national dataset in compliance with WEP Data Sharing Protocol v2.0.
  • MahaIT Integration: The Platform integrates with Maharashtra's Aaple Sarkar and MahaOnline portals solely to auto-fill eligible scheme applications — integration follows MahaIT API Security Guidelines 2024.
  • Jan Dhan & PMEGP: For direct benefit transfer linkage, encrypted bank details are transmitted via MeitY-approved secure channels only.
  • Audit Trail: Every government API call is logged and available for your review upon request within 30 days.

09. Maharashtra-Specific Compliance

महाराष्ट्र शासन — महिला उद्योजकता धोरण २०२३
Maharashtra Government — Women Entrepreneurship Policy 2023

Our Platform is aligned with the following Maharashtra-specific frameworks:

  • Maharashtra IT Policy 2023: Data residency within India (Pune/Mumbai data centres); strict access controls for citizen data.
  • Mahila Arthik Vikas Mahamandal (MAVIM): We facilitate scheme referrals to MAVIM without sharing identifiable data beyond your explicit consent.
  • Mahila Bachat Gat (MBG) / SHG Data: SHG membership details are stored with enhanced encryption and shared only with WCD Maharashtra for subsidy processing — with member consent.
  • Ladki Bahin Yojana Integration: Eligible women registered on Sakshama may be linked to the Ladki Bahin Yojana portal with full disclosure and a separate consent flow.
  • Divyang Women & Tribal (Adivasi) Women: Sensitive community data (ST, disability status) is handled under heightened data minimisation — collected only when scheme eligibility requires it, deleted after processing.
  • Grievance Redressal: Complaints related to Maharashtra-specific data may also be escalated to the Maharashtra Cyber Cell (MCC) or State Information Commission (SIC).

10. Data Retention

  • Active accounts: Retained for the duration of your account plus 3 years after closure (for compliance with GST and MSME audit obligations).
  • Application documents: Retained for 5 years as required by MSME/government scheme audit norms.
  • Financial data (bank details): Deleted within 30 days of the relevant transaction being completed, unless required by law.
  • Aadhaar verification tokens: Not stored; verification is performed through DigiLocker and only confirmation status is retained.
  • Analytics & logs: Anonymised after 90 days; raw logs deleted after 12 months.
  • Inactive accounts: You will receive a 60-day notice before we archive an account inactive for 3 years. You may request deletion at any time.

11. Security Measures

  • Encryption: AES-256 at rest; TLS 1.3 in transit for all data channels.
  • Access Control: Role-based access — team members can only access data necessary for their function. All access is logged.
  • Vulnerability Testing: Quarterly penetration testing by empanelled CERT-In security auditors.
  • Breach Protocol: In the event of a data breach, we will notify affected users within 72 hours and report to CERT-In as required by DPDP Act 2023.
  • Server Location: AWS ap-south-1 (Mumbai) — data never leaves Indian territory without explicit notification and consent.
  • Two-Factor Authentication (2FA): Available and strongly encouraged for all registered accounts.

12. Your Rights as a Data Principal

Under the DPDP Act 2023 and applicable Indian law, you have the following rights:

  • Right to Access: Know what personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data (subject to legal retention obligations).
  • Right to Withdraw Consent: Withdraw consent at any time — this will not affect lawfulness of past processing.
  • Right to Grievance Redressal: Raise a complaint with our Grievance Officer (Section 15) or directly with the Data Protection Board of India once constituted.
  • Right to Nomination: Nominate a person to exercise your rights in case of death or incapacity (DPDP Act provision).

To exercise any right, write to info@sakshama.co.in with subject "Data Rights Request — [Your Registered Name]". We will respond within 30 days.

13. Children & Minors

The Platform is intended for individuals aged 18 years and above. We do not knowingly collect personal data from minors. If a parent or guardian believes their child has provided data without consent, please contact info@sakshama.co.in immediately for deletion.

For special youth entrepreneurship programmes targeting women aged 16–18 under Maharashtra's Kishori Shakti Yojana, parental/guardian consent is collected via a separate documented process before any data is processed.

14. Cookies & Tracking

  • Essential cookies: Session management and security — always active; cannot be disabled.
  • Functional cookies: Language preference, last-viewed schemes — stored locally; cleared on log-out.
  • Analytics cookies: Google Analytics (anonymised IP) to understand Platform usage — opt-out available in your account settings.
  • No advertising cookies: We do not use advertising networks, retargeting pixels, or social tracking cookies.

You may manage cookie preferences via the Cookie Settings link in the footer or through your browser settings.

15. Grievance Officer

Grievance & Data Protection Officer

Sakshama Initiative — Maharashtra

info@sakshama.co.in +91-20-XXXX-XXXX (Mon–Fri, 10 AM – 5 PM IST) Sakshama Kendra, WCD Maharashtra, Pune – 411 001 Response within 30 calendar days

If your grievance is not resolved within 30 days, you may escalate to the Data Protection Board of India (once constituted under DPDP Act 2023) or the Maharashtra Cyber Cell at cybercell.maharashtra.gov.in.

16. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our services. When material changes are made:

  • We will update the "Last Updated" date at the top of this page.
  • We will notify registered users via email and an in-Platform banner at least 15 days before changes take effect.
  • Continued use of the Platform after the effective date constitutes acceptance of the revised policy.
  • Previous versions of this policy are archived and available upon request.

17. Contact Us

For any privacy-related queries, data requests, or concerns not covered above, please reach out through any of the following:

  • Email: info@sakshama.co.in
  • Portal: sakshama.co.in/contact → select "Privacy / Data Request"
  • Postal: Grievance Officer, Sakshama Initiative, WCD Maharashtra, Near Senapati Bapat Road, Pune – 411 016, Maharashtra, India

Have a question about your data?

Our team is here to help — respond within 30 days.

Email Us