Privacy Policy
Official Website: Clgkart.com · Application: Google Play · Location: Kolkata, West Bengal, India
ClgKart ("We", "Us", "Our") operates as a Data Fiduciary under the Digital Personal Data Protection (DPDP) Act, 2023. We are deeply committed to protecting the privacy of our users ("You", "Data Principal"). This Privacy Policy describes how we collect, use, process, store, and safeguard your personal data when you use our student-to-student marketplace application, wallet system, and vendor services.
Part I: Principles of Data Processing & Consent
1. Lawfulness, Fairness, and Transparency
We process your personal data strictly based on your specific, informed, unconditional, unambiguous, and freely given consent, or for designated legitimate uses permitted under applicable law.
2. Affirmative Consent Mechanism
- Active Agreement: By checking the "I Agree" box during account creation, you provide explicit consent to the collection and processing of your personal data as itemized in this policy.
- No Passive Consent: We do not rely on passive, browse-wrap, or implied consent. If you do not agree to these processing terms, you must not provide any personal details or utilize the platform.
- Right to Withdraw Consent: You have the right to withdraw your consent at any time. Withdrawal will stop further processing of your data but will not affect the lawfulness of processing based on consent before its withdrawal.
- Consent Managers: In accordance with Section 6(7) of the DPDP Act, you have the statutory right to give, manage, review, or withdraw your consent through a registered Consent Manager. Any such request routed through an authorized Consent Manager will be processed by ClgKart systematically.
- Language Accessibility: Pursuant to Section 5(3) of the DPDP Act, this Privacy Policy and our accompanying notice can be requested or accessed in English or any other official language specified in the Eighth Schedule to the Constitution of India (including Bengali and Hindi).
Part II: Complete Data Collection & Processing Matrix
To maintain transparency under Section 5 of the DPDP Act, 2023, the table below outlines exactly what personal data we collect, who can see it, and our precise legal purpose for processing it:
| Data Category | Visibility Tier | Purpose of Processing |
|---|---|---|
| Full Legal Name | Hidden / Internal System Only | Profile validation, identity verification, fraud mitigation, and account security. |
| Email Address & Mobile Number | Hidden / Internal System Only | OTP account authentication, critical service notifications, security alerts, and legal disclosures. |
| Student ID Card / Institutional Email | Hidden / Internal System Only | Mandatory verification of student status to maintain our secure, "walled" campus community. |
| College / University Name | Public / Linked on Profile | Customizing hyper-local marketplace feeds and matching you with safe, campus-specific handover zones. |
| Unique Username | Publicly Visible | Generated once per lifetime; your public-facing operational identity across the platform. |
| Profile Image | Optional / Public | Personalizing your public account interface (completely voluntary). |
| Full Delivery Address | Hidden / Isolated System Only | Internal dispatch processing and automated generation of localized third-party courier labels. |
| Payment / UPI / Bank Account Details | Hidden / Internal System Only | Executing secure escrow releases for sellers, resolving financial disputes, and processing refunds. |
| Trade License / GSTIN | Hidden / Internal System Only | Regulatory compliance and legal onboarding verification for registered commercial business store profiles. |
Part III: Data Isolation Flows & System Safeties
1. Peer-to-Peer Data Masking
Absolute Buyer Anonymity: To prevent data misuse, the physical delivery address, phone number, and contact details of a Student-Buyer are completely hidden and permanently isolated from the individual seller or commercial vendor.
Data Processors: We securely transmit necessary delivery coordinates to our trusted third-party courier partners, who act strictly as Data Processors under binding data-protection contracts. They are legally and contractually restricted from using your data for any purpose other than executing the specific delivery assignment.
2. Financial & Payment Gateway Isolation
Zero Credential Retention: Financial transactions are funneled through secure, PCI-DSS compliant third-party payment gateways. ClgKart never collects, captures, or retains your raw credit card numbers, debit card details, or internet banking passwords.
Escrow Infrastructure: Your payment is securely held in an isolated escrow system until transaction terms are successfully fulfilled. We only store structural payout tokens, UPI IDs, or bank account numbers when explicitly provided by a seller to claim earnings, or when processing a validated refund claim.
3. Autonomous Communication Channel
All pre-sale and post-sale communications must take place exclusively through ClgKart's built-in, autonomous messaging ecosystem. We strictly prohibit the sharing of phone numbers, personal social media links, or external payment links within this system. We do not proactively monitor private chats unless an account is formally reported for scam activity or platform manipulation.
Part IV: Minor Protection and Strict Age Restrictions
ClgKart enforces strict compliance standards regarding individuals under the age of 18 ("Children" under applicable data laws):
- No Independent Accounts: Minors are strictly prohibited from creating independent profiles on ClgKart. If a minor wishes to use the platform, they must do so via an account managed exclusively by a parent or legal guardian who takes full responsibility for the data profile and transactions.
- Strict Verification Deficit Response: Our initial signup relies on basic mobile OTP verification, meaning we cannot immediately detect a user's age. However, if we receive a verified notification or discover that an account is being operated independently by a minor, we reserve the right to immediately terminate the account and permanently delete all associated personal records.
- Financial Tracking Prohibition: Any premium financial features or advanced escrow payout accounts requiring KYC verification (such as PAN details) explicitly block minors from applying. ClgKart will never knowingly collect, request, or store government-issued identity cards belonging to individuals under 18.
- Parental Authority Warranty: If a parent or guardian inputs a child's personal details (such as a specific campus delivery address), they explicitly represent and warrant that they possess the complete legal authority to share that information with us.
Part V: Marketing, Advertising, and the "No-Sale" Policy
Absolute No-Sale Policy: ClgKart does not sell, rent, lease, share, or trade your personal data to third-party data brokers, marketing agencies, or advertisers for commercial gain.
Contextual Internal Advertising: We may occasionally host contextual advertisements, student discounts, or brand promotions directly within the application interface. These campaigns are processed completely inside ClgKart's local architecture; no personal metrics, tracking cookies, user names, or identity profiles are ever shared with or exposed to external advertisers.
Part VI: Statutory Rights & Duties of the Data Principal
1. Enforceable Statutory Rights
In accordance with Chapter III of the DPDP Act, 2023, you possess robust, legally enforceable rights concerning your personal data, which can be exercised through our dashboard or by emailing our privacy team:
- Right to Access & Review: You have the right to request a summary of the personal data currently being processed by ClgKart, along with descriptions of the processing activities.
- Right to Correction & Update: You have the right to correct inaccurate data, complete incomplete records, or update outdated details across your profile metrics.
- Right to Erasure ("Right to be Forgotten"): Upon the closure of your account or the withdrawal of your consent, ClgKart will permanently and securely delete your personal data from its active production databases within a reasonable technical timeframe.
- Right to Nominate: Pursuant to Section 10 of the DPDP Act, you have the right to nominate any individual to exercise your data protection rights on your behalf in the event of your death, incapacity, or insolvency.
- Statutory Exceptions: Please note that we are legally required to retain basic transactional records, ledger entries, escrow payout parameters, and historical GST/tax documentation to comply with mandatory financial reporting, tax laws, and judicial obligations under Indian law.
2. Statutory Duties of the User
Under Section 15 of the DPDP Act, 2023, you are legally obligated to adhere to specific data discipline parameters when interacting with our platform:
- No Impersonation: You must not impersonate any other individual, use false student credentials, or input fabricated corporate documentation while registering on ClgKart.
- Honesty in Reporting: You must not suppress any material information or provide false, misleading, or malicious representations while raising complaints or reporting scams.
- No Frivolous Grievances: You are strictly prohibited from filing frivolous or false grievances with ClgKart or the Data Protection Board of India. Violations of these statutory duties may make you directly liable for legal penalties and fines as prescribed under the provisions of the DPDP Act.
Part VII: Mandatory Grievance Redressal
If you have questions about this Privacy Policy, suspect a personal data leak, wish to report a security vulnerability, or want to exercise your statutory data rights, you may file a formal complaint with our designated privacy officer:
Pritam Das
Dedicated Privacy Email: privacy@clgkart.app
Registered Address: ClgKart Operations, Kolkata, West Bengal, India
Escalation Protocol
We are committed to acknowledging and resolving all legitimate data privacy grievances within the swift timeframes mandated by law. In compliance with statutory frameworks, users are required by law to exhaust ClgKart's internal grievance redressal mechanisms before escalating data complaints to the Data Protection Board of India.