Plain-language summary: Sakshama collects only the data needed to connect women entrepreneurs with government schemes, mentorship, and community. We do not sell your data. Government agencies and GAIB (Government AI & Big-Data) portals may receive anonymised, aggregated information for policy purposes only — never your personal details without your consent.
01. Introduction
Sakshama ("we", "our", "us") is a digital initiative dedicated to empowering women entrepreneurs across India, with a special focus on Maharashtra. Operated under the aegis of women-empowerment mandates of the Government of Maharashtra's WCD (Women & Child Development) and aligned with the National Mission for Empowerment of Women (NMEW), our platform aggregates government schemes, mentorship networks, and skill-building resources.
This Privacy Policy governs the collection, storage, processing, and disclosure of personal data submitted through the Sakshama website (sakshama.co.in), mobile applications, and any related services (collectively, the "Platform"). By registering or using the Platform you accept this policy.
02. Scope & Application
This policy applies to:
- All registered women entrepreneurs, aspiring founders, and mentors on the Platform.
- Visitors who browse the Platform without registering.
- Partner organisations, government departments, and NGOs that access the Platform's data APIs.
- Employees, contractors, and volunteers of Sakshama who process personal data on our behalf.
This policy does not apply to third-party government portals (e.g. udyamregistration.gov.in, mahaonline.gov.in) that you may navigate to via links on our Platform. Those portals are governed by their own privacy policies.
03. Definitions
- Personal Data: Any information that identifies or can identify a natural person — name, Aadhaar, PAN, phone, email, address, business details, etc.
- Sensitive Personal Data (SPDI): Financial data, health records, biometrics, sexual orientation, or religious beliefs as defined under IT (Amendment) Act 2008.
- Data Principal: The individual (woman entrepreneur or user) whose data is collected.
- Data Fiduciary: Sakshama — the entity that determines the purpose and means of data processing.
- GAIB: Government AI & Big-Data initiatives including schemes under MeitY, NITI Aayog, and Maharashtra's MahaIT — used for anonymised policy analytics.
- WCD: Department of Women & Child Development, Government of Maharashtra.
- Processing: Any operation performed on personal data — collection, storage, use, disclosure, erasure.
04. Data We Collect
A. Information you provide directly
- Full name, date of birth, gender, contact number, email address.
- Home district, state (Maharashtra focus), and PIN code.
- Business name, MSME/Udyam registration number, business category, and turnover range.
- Aadhaar number (last 4 digits only, for KYC verification — full Aadhaar is not stored).
- Bank account details (IFSC + account number) for direct-benefit transfer linkage — stored encrypted.
- Caste / community (SC / ST / OBC / General) — optional, to match reserved-category schemes.
- Self-Help Group (SHG) membership, Mahila Bachat Gat affiliation if applicable.
- Uploaded documents: business plan, photographs, certificates — stored securely.
B. Information collected automatically
- IP address, device type, browser, operating system.
- Pages visited, time spent, links clicked, search queries within the Platform.
- Location data (city/district level only, if location permission granted).
- Session tokens, cookies, and similar technologies (see Section 14).
C. Information from third parties
- DigiLocker-verified document confirmations (business registration, educational certificates).
- Government database matches (Udyam, Jan Dhan, PMEGP) — for scheme eligibility checks only.
- Social login data (Google, LinkedIn) — name, email, profile photo if you choose social sign-in.
05. Purpose of Collection
We collect and process personal data for the following specific, lawful, and transparent purposes:
- Scheme Matching: Identifying government and state-level schemes you are eligible for based on your business, location, and category.
- Mentorship Pairing: Connecting you with appropriate mentors, incubators, and business networks.
- Application Assistance: Pre-filling government application forms to reduce administrative burden.
- Workshop Registration: Enrolling you in relevant training, webinars, and WEP events.
- Platform Improvement: Analysing usage patterns to improve features (using aggregated, anonymised data only).
- Communications: Sending you scheme updates, deadlines, workshop invitations, and newsletters (with opt-out).
- Legal Compliance: Meeting obligations under Indian law, court orders, or regulatory directions.
- Policy Research: Contributing anonymised, de-identified data to government and GAIB policy research on women entrepreneurship in Maharashtra and India.
06. Legal Basis for Processing
Our processing is grounded in the following legal bases under the Digital Personal Data Protection (DPDP) Act, 2023 and the IT Act, 2000 (as amended):
- Consent: Explicit consent obtained at registration for collection of personal and sensitive data.
- Contractual Necessity: Processing necessary to provide the services you have enrolled for.
- Legitimate Interests: Platform security, fraud prevention, and service improvement — balanced against your fundamental rights.
- Legal Obligation: Compliance with government directives, court orders, tax laws (GST), and regulatory filings.
- Public Interest / State Functions: Supporting government women-empowerment programmes under Articles 15(3) and 39 of the Constitution of India.
08. Government Integration & GAIB (AI/Big-Data)
Sakshama participates in India's Government AI & Big-Data (GAIB) framework under MeitY and NITI Aayog's India AI Mission to help shape evidence-based women-entrepreneurship policy.
We share data with government AI/Big-Data systems strictly on these terms:
- Anonymised only: No name, Aadhaar, PAN, or phone number is ever shared. Data is aggregated at district level before transmission.
- Purpose-limited: Shared exclusively for policy research, scheme effectiveness evaluation, and National Women Entrepreneurship Index (NWEI) computation.
- NITI Aayog Alignment: Contributing to the Women Entrepreneurship Platform (WEP) national dataset in compliance with WEP Data Sharing Protocol v2.0.
- MahaIT Integration: The Platform integrates with Maharashtra's Aaple Sarkar and MahaOnline portals solely to auto-fill eligible scheme applications — integration follows MahaIT API Security Guidelines 2024.
- Jan Dhan & PMEGP: For direct benefit transfer linkage, encrypted bank details are transmitted via MeitY-approved secure channels only.
- Audit Trail: Every government API call is logged and available for your review upon request within 30 days.
09. Maharashtra-Specific Compliance
Our Platform is aligned with the following Maharashtra-specific frameworks:
- Maharashtra IT Policy 2023: Data residency within India (Pune/Mumbai data centres); strict access controls for citizen data.
- Mahila Arthik Vikas Mahamandal (MAVIM): We facilitate scheme referrals to MAVIM without sharing identifiable data beyond your explicit consent.
- Mahila Bachat Gat (MBG) / SHG Data: SHG membership details are stored with enhanced encryption and shared only with WCD Maharashtra for subsidy processing — with member consent.
- Ladki Bahin Yojana Integration: Eligible women registered on Sakshama may be linked to the Ladki Bahin Yojana portal with full disclosure and a separate consent flow.
- Divyang Women & Tribal (Adivasi) Women: Sensitive community data (ST, disability status) is handled under heightened data minimisation — collected only when scheme eligibility requires it, deleted after processing.
- Grievance Redressal: Complaints related to Maharashtra-specific data may also be escalated to the Maharashtra Cyber Cell (MCC) or State Information Commission (SIC).
10. Data Retention
- Active accounts: Retained for the duration of your account plus 3 years after closure (for compliance with GST and MSME audit obligations).
- Application documents: Retained for 5 years as required by MSME/government scheme audit norms.
- Financial data (bank details): Deleted within 30 days of the relevant transaction being completed, unless required by law.
- Aadhaar verification tokens: Not stored; verification is performed through DigiLocker and only confirmation status is retained.
- Analytics & logs: Anonymised after 90 days; raw logs deleted after 12 months.
- Inactive accounts: You will receive a 60-day notice before we archive an account inactive for 3 years. You may request deletion at any time.
11. Security Measures
- Encryption: AES-256 at rest; TLS 1.3 in transit for all data channels.
- Access Control: Role-based access — team members can only access data necessary for their function. All access is logged.
- Vulnerability Testing: Quarterly penetration testing by empanelled CERT-In security auditors.
- Breach Protocol: In the event of a data breach, we will notify affected users within 72 hours and report to CERT-In as required by DPDP Act 2023.
- Server Location: AWS ap-south-1 (Mumbai) — data never leaves Indian territory without explicit notification and consent.
- Two-Factor Authentication (2FA): Available and strongly encouraged for all registered accounts.
12. Your Rights as a Data Principal
Under the DPDP Act 2023 and applicable Indian law, you have the following rights:
- Right to Access: Know what personal data we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your data (subject to legal retention obligations).
- Right to Withdraw Consent: Withdraw consent at any time — this will not affect lawfulness of past processing.
- Right to Grievance Redressal: Raise a complaint with our Grievance Officer (Section 15) or directly with the Data Protection Board of India once constituted.
- Right to Nomination: Nominate a person to exercise your rights in case of death or incapacity (DPDP Act provision).
To exercise any right, write to info@sakshama.co.in with subject "Data Rights Request — [Your Registered Name]". We will respond within 30 days.
13. Children & Minors
The Platform is intended for individuals aged 18 years and above. We do not knowingly collect personal data from minors. If a parent or guardian believes their child has provided data without consent, please contact info@sakshama.co.in immediately for deletion.
For special youth entrepreneurship programmes targeting women aged 16–18 under Maharashtra's Kishori Shakti Yojana, parental/guardian consent is collected via a separate documented process before any data is processed.
15. Grievance Officer
Grievance & Data Protection Officer
Sakshama Initiative — Maharashtra
If your grievance is not resolved within 30 days, you may escalate to the Data Protection Board of India (once constituted under DPDP Act 2023) or the Maharashtra Cyber Cell at cybercell.maharashtra.gov.in.
16. Policy Changes
We may update this Privacy Policy from time to time to reflect changes in law, technology, or our services. When material changes are made:
- We will update the "Last Updated" date at the top of this page.
- We will notify registered users via email and an in-Platform banner at least 15 days before changes take effect.
- Continued use of the Platform after the effective date constitutes acceptance of the revised policy.
- Previous versions of this policy are archived and available upon request.
17. Contact Us
For any privacy-related queries, data requests, or concerns not covered above, please reach out through any of the following:
- Email: info@sakshama.co.in
- Portal: sakshama.co.in/contact → select "Privacy / Data Request"
- Postal: Grievance Officer, Sakshama Initiative, WCD Maharashtra, Near Senapati Bapat Road, Pune – 411 016, Maharashtra, India
Have a question about your data?
Our team is here to help — respond within 30 days.