Skip to main content
Swarajya AI
Translation pending. This document is currently available in English while we complete legal review and Marathi/Hindi translations.

Privacy Policy

Last updated: 2026-05-26

A. Who We Are

This Privacy Policy applies to the Swarajya AI platform and related services operated by Swarajya AI Private Limited ("Swarajya AI", "we", "us") as a technology service provider.

Swarajya AI builds, hosts, and maintains digital citizen service platforms on behalf of local government bodies — including municipal corporations, nagar panchayats, and other local authorities (collectively, "the government body"). The government body is the owner, controller, and data fiduciary of citizen service data. Swarajya AI Private Limited acts as the technology provider and data processor, operating the digital platform as per the government body's instructions.

This policy applies to our marketing website at swarajya.tech and to citizen-facing applications and services that reference this policy. For specific applications deployed for a government body, a supplementary schedule naming that body and the data categories specific to that deployment will be made available within the application.

Grievance and Privacy Contact: Email: hello@swarajya.tech Subject line: "Privacy Inquiry" or "Grievance — Privacy"

B. Data We Collect

The categories of personal data we may collect depend on the services you use. On the Swarajya AI marketing website, we collect standard web server request logs. In addition, when a visitor grants Analytics consent through our cookie consent banner, Google Analytics 4 (loaded via Google Tag Manager) collects measurement data in that visitor's browser — the categories and identifiers involved are detailed in Section H (Cookies and Web Analytics). When you submit the Request a Demo form, we additionally collect the contact details and message you provide (see Section I for the full disclosure). On citizen service applications deployed for a government body, we may collect the following categories:

Identity and Contact Information

  • Full name
  • Mobile number
  • Email address
  • Residential address, ward, or zone

Service and Grievance Data

  • Complaint or service request descriptions
  • Department or category selected for grievance filing
  • Status updates, responses, and closure records
  • Supporting documents, photographs, audio clips, or videos uploaded by the citizen

Authentication Data

  • Login credentials or Google account identifier (when Google Sign-In is used)
  • Session tokens and authentication logs

Location Data

  • Location information submitted voluntarily for grievance mapping, if the application feature is enabled

Financial Reference Data

  • Payment transaction reference numbers for property tax or other civic payment services
  • We do not collect or store full card numbers, bank account details, or UPI credentials

Device and Usage Data

  • Device type, operating system version, and app version
  • Application usage logs and session data
  • IP address

AI Assistant Interactions

  • Queries, grievance descriptions, and conversation history submitted to the AI assistant

Officer and Administrative Data

  • Officer actions, status updates, approval or rejection records, and audit logs (for government officer accounts)

C. Why We Use Data

We process personal data for the following purposes:

Citizen Service Delivery To register and process grievance and service requests, route them to the correct department, track progress, and communicate status updates to citizens.

Account Management and Authentication To create, verify, and maintain citizen and officer accounts; to enable secure login and session management.

AI-Assisted Guidance To process citizen queries through the AI assistant and provide classification, department routing suggestions, and service guidance. See Section D for the AI assistant clause.

Payment Processing To facilitate government payment collection by passing transaction references to authorised payment gateways or government treasury systems.

Service Improvement and Analytics To analyse usage patterns, service request volumes, resolution times, and department performance for the purpose of improving service quality and operational accountability. On the marketing website, this includes — on opt-in only — measuring traffic, content engagement, and referral sources using Google Analytics 4 via Google Tag Manager. See Section H (Cookies and Web Analytics) for the full disclosure of what is collected and how to withdraw consent. Data submitted through the Request a Demo form is used solely to respond to your demo inquiry; see Section I for the full purpose and retention disclosure.

Security and Fraud Prevention To detect and prevent unauthorised access, misuse, spam, and fraudulent activity.

Legal, Audit, and Administrative Compliance To comply with applicable laws, government instructions, audit requirements, and dispute resolution processes.

Under India's Digital Personal Data Protection Act, 2023 (DPDP Act): Processing of personal data is conducted on the basis of consent obtained at the point of account creation or service request, or as required by law or government instructions. Consent notices describe the personal data category and the specific purpose. Citizens are entitled to access notice in English or an Eighth Schedule language where supported by the application.

D. AI Assistant Clause

The Swarajya AI platform includes an AI assistant designed to help citizens navigate government services, submit grievances, and obtain guidance on civic processes.

What the AI assistant does:

Our AI assistant may process user questions, grievance descriptions, uploaded information, and relevant government service information to provide guidance, classify requests, suggest appropriate departments, and assist with service workflows.

What the AI assistant does not do:

AI-generated responses are provided for assistance and guidance only and do not represent a final official decision. Final approvals, rejections, sanctions, certificates, payment confirmations, or legal actions are handled exclusively by authorised government officers or applicable government systems. The AI assistant has no authority to commit government resources or make binding determinations.

User responsibility:

Citizens should not submit unnecessary sensitive personal information — such as full financial details, detailed health records, or politically sensitive information — unless the specific government service explicitly requires it.

Reporting incorrect or harmful AI outputs:

If you encounter AI-generated content that appears incorrect, misleading, offensive, or harmful, please report it immediately to hello@swarajya.tech with the subject line "AI Output Report". We take such reports seriously and investigate promptly.

E. Data Sharing

We share personal data only as described below. We do not sell personal data.

Government Departments and Officers Citizen service data is shared with the relevant municipal departments, authorised officers, and administrators within the government body, as required to process and close service requests.

Technology Sub-processors We use technology providers to operate the platform, including hosting providers, cloud storage services, and communication services. A current list of sub-processors is maintained at swarajya.tech/legal/subprocessors.

Communication Providers When notification features are enabled, we work with SMS gateway, email, or WhatsApp Business Service Provider (BSP) providers to send status updates to citizens.

Payment Gateways and Government Treasury Systems Payment transaction references are passed to authorised payment gateways or government treasury systems. We do not store or process full financial credentials.

AI and Infrastructure Providers Query data processed by the AI assistant may be transmitted to underlying AI infrastructure providers under data processing agreements. These providers are bound by confidentiality obligations and are prohibited from using the data for their own purposes.

Legal and Regulatory Authorities We may disclose data to law enforcement, courts, or regulatory authorities when required by applicable law, government order, or court direction.

We do not share personal data with third parties for advertising, marketing profiling, or any purpose unrelated to the citizen service platform's operation.

F. Google Sign-In and OAuth

If you choose to sign in using Google, we may receive basic profile information such as your name, email address, profile picture, and Google account identifier, depending on the permissions you approve at sign-in.

We use this information only for the following purposes:

  • Authentication and account creation
  • Associating your service requests and account history with your identity
  • Security and fraud prevention

We do not use Google account data for:

  • Training AI models
  • Advertising or marketing profiling
  • Resale or transfer to unrelated third parties
  • Any purpose not described in this Privacy Policy

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements. The specific Google OAuth scopes requested by any Swarajya AI application are disclosed on the OAuth consent screen presented to you at sign-in.

G. Data Retention and Deletion

Retention Principles

We retain personal data for as long as is necessary to:

  • Provide active citizen services and maintain service records
  • Meet legal, regulatory, and audit requirements applicable to government records
  • Resolve disputes and respond to complaints
  • Comply with instructions from the relevant government body

Government Records

Certain records — including grievance filings, service applications, payment references, audit trails, and official government communications — may be classified as government records. Such records may be retained beyond account deletion in accordance with applicable government record-keeping requirements, even after a citizen requests account or data deletion.

Account Deletion

Citizens may request deletion of their account and associated personal data by:

  1. Using the in-app account deletion flow in the application's Settings section (where available)
  2. Submitting a deletion request by email to hello@swarajya.tech with subject "Account Deletion Request", including your registered mobile number or email address for identification

For full details on the deletion process, timeline, and what data is retained versus deleted, see our Data Deletion Policy.

We aim to process deletion requests within 30 days of receipt of a verified request.

Demo-request form data is retained for 365 days from submission and then automatically deleted. See Section I for the full retention and erasure details.

H. Cookies and Web Analytics

This section applies to visitors to the Swarajya AI marketing website at swarajya.tech. It does not apply to citizen service applications deployed for government bodies, which have separate consent and data practices.

Cookie categories

We use three categories of cookies and similar storage mechanisms on this website.

Strictly Necessary These are required for the website to function correctly. They include the storage key that records your cookie consent choices (swarajya-consent-v1), so that your preferences are remembered across page loads and visits. Strictly necessary cookies are always active and cannot be switched off.

Analytics (off by default — requires your opt-in) Google Analytics 4, loaded through Google Tag Manager, is used to measure how visitors use this site. This category is disabled by default. It is activated only if you explicitly choose to accept Analytics cookies in the consent banner. We implement Google Consent Mode v2 with default-denied settings, meaning no Analytics measurement data is sent to Google before consent is granted.

Marketing (off by default — no active tags) This category exists for future use. No marketing or advertising tags are currently active on this website. Like Analytics, this category is disabled by default and will only be activated with your consent if marketing tags are added in the future.

Identifiers set when Analytics consent is granted

When you accept Analytics cookies, the following cookies and identifiers are placed in your browser by Google Analytics 4:

NamePurposeRetention
_gaDistinguishes unique visitors (Google Analytics)~13 months
_ga_<container-id>Maintains GA4 session state~13 months
_gidIdentifies a session (used by GA4 in some configurations)24 hours

The _ga cookie stores a GA4 Client ID — a randomly generated identifier assigned to your browser. This Client ID is persistent across sessions and, combined with your browsing activity on this site, constitutes personal data under the Digital Personal Data Protection Act, 2023 (DPDP Act), Section 2(t).

Your IP address is collected at the point of the network request and used by Google for coarse, region-level geo-location only. We have configured GA4 to use region-level location data — city-level precision is not enabled. Google Signals is disabled. We do not enable any GA4 features that link your Analytics data to a Google account.

How we use Analytics data

We use Analytics data for the following purposes only:

  • Measuring total and unique traffic to the website
  • Identifying which pages and content are read most frequently
  • Understanding referral sources (for example, whether visitors arrived from a search engine or a shared link)
  • Improving the structure, content, and performance of the website

We do not use Analytics data for advertising, retargeting, interest-based profiling, or any purpose not listed above. We do not share Analytics data with third parties other than Google as the Analytics service provider.

Cross-border transfer of Analytics data

When Analytics is enabled, data is transmitted to and processed by Google LLC on servers located in the United States and other countries outside India where Google operates data centres. As of May 2026, the Central Government of India has not published a restricted-country list under DPDP Act Section 16. If such a list is published and affects the transfer of Analytics data, this policy will be updated and the consent banner will be revised accordingly.

How to withdraw Analytics consent

You can update or withdraw your cookie consent at any time by clicking "Cookie preferences" in the footer of any page on this website. Withdrawing consent is as easy as granting it, in accordance with DPDP Rules 2025, Rule 9. Withdrawal of Analytics consent stops new measurement data from being sent to Google from that point forward. It does not automatically delete data already collected — see the section below for deletion.

How to request deletion of your Analytics data

If you wish to request deletion of measurement data already associated with your GA4 Client ID:

  1. Email hello@swarajya.tech with the subject line: GA4 data deletion request
  2. Include the approximate date range of your visits and any information that may help identify your browser's Client ID (for example, the value of the _ga cookie if you can access it)

For full details on how we process the request, the timeline, and the Client ID format required, see the Analytics Data Deletion section of our Data Deletion Policy. For general account and platform data deletion, see the same policy's Web Request Flow.

Children and behavioural tracking

This marketing website is not directed at users under 18 years of age. We do not knowingly enable Analytics or Marketing tags for users who have not confirmed they are 18 or older in the consent flow. Under DPDP Act Section 9, behavioural tracking and targeted advertising of children are prohibited, regardless of parental consent. If you believe a user under 18 has submitted data through the consent banner or Analytics has been activated for a minor, please notify us at hello@swarajya.tech.

I. Demo Request Form

Scope

This section applies to the "Request a Demo" form on swarajya.tech — the modal that opens when you click a Request a Demo call-to-action on the marketing website. It does not apply to citizen service applications deployed for government bodies.

What we collect

When you submit the form, we collect:

  • Name of the local government body or organisation
  • Contact person's first and last name
  • Phone number (with +91 country prefix)
  • Email address (optional)
  • The message text you enter in the form
  • Technical metadata: submission timestamp; a one-way hash of your IP address (HMAC-SHA256, first 16 hex characters) — used for fraud-pattern analysis; the raw IP is never written to our database and is only transmitted in-transit to Google's reCAPTCHA service for risk scoring at submission time; your User-Agent class (mobile/desktop/bot, not the full User-Agent string); and the locale you submitted from (en, mr, or hi)
  • A reCAPTCHA Enterprise risk score — a number between 0.0 and 1.0 that Google returns to help us distinguish human submissions from automated ones
  • Internal operational metadata: a Firebase App Check application identifier, the reCAPTCHA action and risk score, and email-delivery status (queued/delivered/failed) — used to operate the form, not for marketing or profiling

We do not collect credit card details, identity documents, citizen-level data, or biometric data. The form is purely a contact intake.

Lawful basis under DPDP

We process this data on the basis of your consent under Section 6(1) of the DPDP Act, 2023. You give consent by ticking the explicit DPDP-required consent checkbox before submitting the form. We do not rely on implicit consent.

Purpose

We use the information you submit only to respond to your demo inquiry: to schedule a conversation, send relevant materials, and follow up with you. We do not use this data for marketing emails, profiling, ad targeting, or to share with third parties other than the email-delivery and form-hosting infrastructure described below.

Where it is stored

Your form data is stored in Cloud Firestore in the Mumbai region (asia-south1) of Google Cloud. Form data does not leave Indian Google Cloud regions for storage purposes.

Email delivery and cross-border disclosure

When a submission arrives, a notification email is dispatched via Resend — a transactional email provider headquartered in the United States — to hello@swarajya.tech. The email body contains your form data so our team can respond promptly. This means a copy of your form submission transits through Resend's US-based servers as part of email delivery.

As of May 2026, the Central Government of India has not published a restricted-country list under DPDP Act Section 16. If such a list is published and affects transfers to the United States, this policy will be updated and the delivery mechanism reviewed.

Retention

We retain submissions for 365 days from the date of submission. A scheduled cleanup job runs daily in our backend and deletes records older than 365 days. The corresponding email in our inbox may persist longer based on standard email retention; you can request inbox-side deletion by emailing hello@swarajya.tech with the subject "Delete my demo-request inbox copy".

Right to access, correction, withdrawal, and erasure

To exercise any of these rights in relation to your demo-form submission, email hello@swarajya.tech with the subject line "Demo request — [access | correction | erasure]" and include the date of your submission or the name of the body you provided. We will acknowledge within 2 working days and complete the action within 30 days, in line with the timelines set out elsewhere in this policy.

Children (DPDP Section 9)

The demo form is intended for representatives of organisations, not children. We do not knowingly accept submissions from users under 18. If we discover that a submission was made by a user under 18, we will delete it and notify the submitter if a contact channel was provided.

Contact and Grievance Redressal

For questions about this policy, to exercise your rights under the DPDP Act, to withdraw Analytics consent, or to raise a privacy grievance, contact:

Swarajya AI Private Limited Email: hello@swarajya.tech Subject line: "Privacy Inquiry" or "Privacy Grievance"

We aim to respond to all privacy inquiries within 15 working days.

To update or revoke your Analytics consent specifically, use the "Cookie preferences" link in the site footer — no email required.

Last updated: 26 May 2026