logo

Privacy Policy

Last Updated: October 25, 2025

1. Introduction

Welcome to e-Records. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our e-Records Software as a Service (SaaS) platform designed for Indian government departments.

This policy is compliant with the Digital Personal Data Protection Act (DPDP Act), 2023 and other applicable Indian data protection laws.

2. Information We Collect

2.1 Personal Data

We collect personal data that you provide directly to us, including but not limited to:

  • Name, designation, and employee identification details
  • Email address and phone number
  • Digital signature certificates (DSC) and Aadhaar eSign credentials
  • Login credentials and authentication tokens
  • Department and organizational hierarchy information

2.2 File and Record Data

As a document management system, we process:

  • Files, documents, and correspondence uploaded to the platform
  • Notings, drafts, and comments made on files
  • Metadata including creation dates, modification history, and version information
  • Workflow and approval data

2.3 Usage Data

We automatically collect certain information when you use our platform:

  • IP addresses and device information
  • Browser type and operating system
  • Pages viewed and features accessed
  • Date and time stamps of activities
  • Search queries and AI prompt usage

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve the e-Records platform
  • Authentication: To verify your identity and ensure authorized access
  • Workflow Management: To facilitate file movement, approvals, and collaboration
  • Compliance: To maintain audit trails as required by the Public Records Act, 1993
  • Security: To detect, prevent, and address technical issues and security threats
  • Analytics: To understand usage patterns and improve user experience
  • Legal Obligations: To comply with RTI requests, audits, and legal proceedings

4. Data Localization & Storage

In compliance with Indian data protection requirements:

  • 100% Data Localization: All data (primary, backup, and logs) is stored exclusively within data centers located in India
  • MeitY-Empanelled CSP: We use only government-approved Cloud Service Providers
  • No Cross-Border Transfer: Your data never leaves Indian territory
  • Encryption: Data is encrypted both at rest (on disk) and in transit (over network)

5. Data Sharing & Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

  • Within Your Department: As per role-based access controls and file workflows
  • With National Archives of India: For permanent records as per Public Records Act, 1993
  • Legal Compliance: When required by law, court order, RTI Act, or government directive
  • Service Providers: With vetted third-party service providers bound by confidentiality agreements (e.g., hosting, security audits)
  • Emergency Situations: To protect the rights, property, or safety of users or the public

6. Your Rights Under DPDP Act

As a Data Principal, you have the following rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Correction: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to Grievance Redressal: Contact our designated Grievance Officer
  • Right to Nominate: Nominate another person to exercise your rights in case of death or incapacity

To exercise these rights, please contact our Data Protection Officer at dpo@erecords.gov.in

7. Data Retention

We retain your data in accordance with:

  • Record Retention Schedules: As defined by your department (Class A, B, or C)
  • Public Records Act, 1993: Permanent records are preserved indefinitely
  • Legal Hold: Data subject to litigation or RTI requests is retained until resolved
  • Audit Logs: Maintained for a minimum of 7 years as per government norms

8. Security Measures

We implement industry-standard security measures:

  • End-to-end encryption (TLS/SSL for transit, AES-256 for storage)
  • Multi-factor authentication (MFA) and Single Sign-On (SSO)
  • Role-Based Access Control (RBAC) with principle of least privilege
  • Immutable audit logs tracking every action
  • Regular security audits and STQC certification
  • Intrusion detection and prevention systems
  • Regular backups with disaster recovery protocols

9. Data Breach Notification

In the event of a data breach affecting your personal data:

  • We will notify the Data Protection Board of India within 72 hours
  • Affected users will be notified promptly via email and platform notifications
  • We will provide details of the breach, affected data, and remedial measures
  • Incident details will be logged in our Breach Notification Tool

10. Cookies & Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your login session and authentication state
  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Enhance security and prevent fraud

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

11. Third-Party Services

Our platform integrates with:

  • Aadhaar eSign: For digital signatures (governed by UIDAI privacy policy)
  • Government SSO Systems: For authentication (governed by respective department policies)
  • AI Providers: For document generation (data is anonymized and encrypted)

These services have their own privacy policies. We recommend reviewing them.

12. Children's Privacy

This platform is intended for use by government employees only. We do not knowingly collect data from individuals under 18 years of age.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in legal requirements
  • Updates to our services or practices
  • Feedback from users and regulatory bodies

Material changes will be notified via email and platform announcements at least 30 days before taking effect.

14. Contact Information

Data Protection Officer (DPO):

Email: dpo@erecords.gov.in

Phone: 1800-XXX-XXXX

Grievance Officer:

Email: grievance@erecords.gov.in

Response Time: Within 30 days as per DPDP Act

Mailing Address:

e-Records Data Protection Office

Department Address]

India

15. Governing Law

This Privacy Policy is governed by the laws of India, including but not limited to:

  • Digital Personal Data Protection Act, 2023
  • Information Technology Act, 2000
  • Public Records Act, 1993
  • Right to Information Act, 2005

Any disputes shall be subject to the exclusive jurisdiction of courts in New Delhi, India.

For questions about this Privacy Policy, please contact us at contact@erecords.gov.in

Ready to Transform Your Department?

Join the digital governance revolution with e-Records

Request Demo

An end-to-end e-Office platform for Indian Government departments — built to meet CSMOP standards and fully aligned with DPDP and Public Records Act compliance.

Quick Links

Quick Links

Contact

Copyright © 2025 e-Records. All rights reserved. | Hosted on .gov.in Infrastructure