Legal

Privacy Policy

Effective date: 22 March 2026  ·  Version 2.0  ·  Last updated: June 2026

The short version

Your data belongs to you. We collect it only with your consent, use it only for the purpose you approved, and never sell it. All data is stored in India. You can delete everything at any time — and when you do, every employer who received your data is legally required to delete their copies too.

On this page
Who we areWho this applies toWhat we collectHow we use your dataConsent and controlWho we share withData storage and localisationHow long we keep dataYour rights under DPDP 2023Sensitive personal dataSecurityChanges to this policyGrievance redressalContact
1. Who we are

Datagate ("Datagate", "we", "us", "our") operates the consent-based employment verification platform at datagate.co.in. The platform is owned and operated by Datagate, Hyderabad, Telangana, India.

Datagate acts as a Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 ("DPDP Act"). We determine the purpose and means of processing personal data on this platform.

Employers who access employee data through this platform are independent Data Fiduciaries for their own processing activities and are bound by Datagate's Employer Terms and Data Sharing Agreement.

2. Who this policy applies to

This policy applies to:

  • Employees (Data Principals) — individuals who create a verified employment profile on Datagate
  • Employers — organisations that request access to employee profiles for background verification or onboarding
  • BGV Vendors — background verification agencies assigned by employers to conduct checks through the platform
  • Visitors — anyone who accesses datagate.co.in without creating an account
3. What we collect

From employees:

  • Full name, email address, mobile number
  • Identity: Aadhaar number (masked — last 4 digits only stored and displayed), PAN number
  • Employment history: employer names, designations, dates of joining and exit, UAN, PF account details
  • Education: qualifications, institutions, years of passing, certificate references
  • Documents uploaded by you: certificates, payslips, relieving letters, offer letters
  • Digital signature (where applicable, for consent records)
  • Consent event logs: timestamps of every approval and withdrawal

From employers:

  • Company name, registered address, GST number (where provided)
  • Authorised representative name, designation, work email
  • Records of consent requests submitted and their stated purposes
  • BGV vendor assignments made through the platform

From BGV vendors:

  • Agency name, registered address, operating licences (where applicable)
  • Authorised contact name and email
  • Case records, check outcomes, and final reports submitted through the platform

Automatically collected:

  • IP address, browser type, device type, and session identifiers — for security and fraud prevention only
  • Platform usage logs — for platform integrity and debugging only
We do not collect: Biometric data, caste, religion, political opinion, financial account credentials, or any data not listed above.
4. How we use your data
PurposeData usedLegal basis
Create and maintain your verified profileAll employee dataYour consent
Process consent requests between you and employersProfile data, consent logsYour consent
Notify you of requests, approvals, withdrawalsEmail, mobileLegitimate interest / consent
Route BGV checks to assigned vendorProfile data (employer-approved only)Your consent + employer consent
Maintain audit trail of all data access eventsConsent logs, timestampsLegal obligation (DPDP Act)
Comply with lawful orders from competent authoritiesAs required by the orderLegal obligation
Prevent fraud and platform abuseSession data, IP logsLegitimate interest
We do not: sell your data, use it for advertising, train AI models on it, or share it with any party you have not personally approved.
5. Consent and control

Every data share on Datagate requires your active, informed consent. The consent mechanism works as follows:

  • You receive a notification identifying the employer and their stated purpose before any data is shared
  • You must click Approve — we never pre-approve, auto-approve, or infer consent on your behalf
  • Each consent is purpose-limited: if an employer's purpose changes, a new consent request is required
  • You can withdraw consent at any time from your dashboard — withdrawal is instantaneous
  • On withdrawal, the employer's access is revoked immediately and they are notified of their obligation to delete
  • Every approval, access event, and withdrawal is cryptographically logged with a timestamp
Your consent log is your record. You can view every consent event — who requested, what purpose was stated, when you approved, and when access was revoked — from your account dashboard at any time.
6. Who we share your data with

Employers you approve: Only after your explicit consent, strictly for the purpose you approved. Employers are bound by our Employer Terms and Data Sharing Agreement.

BGV vendors assigned by your employer: When an employer assigns a BGV vendor to conduct background checks on their behalf, your data (already approved by you for the employer) may be routed to that vendor through the platform. BGV vendors are separately bound by Datagate's BGV Vendor Terms and operate only within the scope of the employer's authorised check.

Infrastructure and service providers: We use the following sub-processors to operate the platform. All are bound by data processing agreements and act only on our instructions:

ProviderPurposeLocation
Amazon Web Services (AWS)Cloud infrastructure, storage, computeMumbai, India (ap-south-1)
Email delivery providerTransactional notificationsIndia / EU (SCCs in place)

Legal authorities: We may disclose data if required by a lawful order from a competent Indian authority. We will notify you of any such request where legally permitted to do so.

We do not share your data with data brokers, advertisers, analytics companies, or any party not listed above.

7. Data storage and localisation

All personal data processed by Datagate is stored exclusively on servers located in India — specifically on Amazon Web Services' Mumbai region (ap-south-1). No personal data is transferred outside India except where required by a lawful order of a competent authority or where you explicitly consent to cross-border transfer for a specific purpose.

DPDP Act compliance: This storage architecture is designed to comply with data localisation requirements under the Digital Personal Data Protection Act, 2023.
8. How long we keep your data
Data typeRetention period
Employee profile and documentsWhile your account is active. Deleted within 7 days of account deletion request.
Consent event logs7 years from the date of the consent event (legal compliance requirement)
Employer notification records (deletion / withdrawal)7 years (evidence of obligation communicated)
Session and security logs90 days
BGV case recordsAs required by applicable law; minimum 2 years from case closure
Why we retain consent logs: Even after your account is deleted, we retain cryptographic logs of consent events. This protects you — it is evidence that your consent was properly obtained and that employers were notified of their deletion obligation. We do not retain your profile data, documents, or personal information after deletion.
9. Your rights under the DPDP Act, 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

  • Right to access — request a summary of personal data we hold about you and a list of all entities it has been shared with
  • Right to correction — request correction of inaccurate, incomplete, or outdated personal data
  • Right to erasure — delete your account and all associated personal data at any time
  • Right to withdraw consent — revoke any employer's access at any time, instantly, from your dashboard
  • Right to grievance redressal — raise a complaint with our Grievance Officer (see Section 13)
  • Right to nominate — nominate another individual to exercise these rights on your behalf in the event of your death or incapacity

To exercise any right, use your account settings or contact grievance@datagate.co.in. We respond within 7 business days. If you are not satisfied with our response, you may escalate to the Data Protection Board of India.

10. Sensitive personal data

The following data elements collected on Datagate are classified as sensitive and handled with additional controls:

  • Aadhaar number: Collected with your explicit consent for employment verification purposes only. The full number is never stored or displayed — only the last 4 digits are retained and visible to any party, including employers. We do not authenticate Aadhaar against UIDAI databases.
  • PAN number: Stored in encrypted form. Shared with employers only on your explicit approval and only for the verification purpose stated.
  • UAN / PF details: Used to source EPFO-linked employment records. Shared only after your approval.

We do not collect health data, financial account credentials, biometric data, caste, religion, or political affiliations.

11. Security

We implement the following technical and organisational measures:

  • All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access to production systems restricted to authorised personnel only
  • All consent events cryptographically logged and tamper-evident
  • Infrastructure on AWS Mumbai region with VPC isolation
  • Automated smoke tests on every deployment to detect regressions
  • Periodic security reviews of the platform architecture

If you suspect a security issue involving your account or data, contact us immediately at security@datagate.co.in. We treat all security reports as urgent.

In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by applicable law.

12. Changes to this policy

We may update this policy as the platform evolves or as legal requirements change. For material changes — those that affect your rights or how your data is used — we will notify you by email at least 14 days before the change takes effect and display a prominent notice on the platform. The version date at the top of this page records when it was last updated.

Continued use of Datagate after the effective date of a material change constitutes your acceptance of the updated policy.

13. Grievance redressal

In accordance with the Digital Personal Data Protection Act, 2023, we have designated a Grievance Officer to address any complaints or concerns about the processing of your personal data.

Grievance Officer

Datagate Support Team

Hyderabad, Telangana, India


Email: grievance@datagate.co.in

Response time: Within 7 business days


If you are not satisfied with the resolution provided by the Grievance Officer, you may escalate your complaint to the Data Protection Board of India as established under the DPDP Act, 2023.

14. Contact
General enquiries  ·  Datagate

Email: support@datagate.co.in


Security issues: security@datagate.co.in

Grievances: grievance@datagate.co.in


We respond within 7 business days.