Privacy Policy

Last updated: March 2026

Bodhya is operated by XAANEN CONSULTING (OPC) PRIVATE LIMITED ("we", "us", or "our"), the Data Fiduciary for this platform. We are committed to protecting your personal data in accordance with India's Digital Personal Data Protection Act (DPDPA) 2023 and the Information Technology Act, 2000. By using this website, you agree to the practices described in this Policy.

Note on events: Bodhya events are listed and managed through FOSS United. Event registrations, ticketing, and associated data (including payment information) are collected and processed by FOSS United Foundation under their own privacy policy. This Policy covers only the data collected directly through bodhya.net.

Note on community platforms: Bodhya operates community spaces on WhatsApp. When you join the community, your phone number and profile information become visible to other members and are governed by WhatsApp's (Meta) privacy policies. Bodhya does not control, access, or process the personal data held by these platforms.

I. What We Collect

When you interact with our website or services, we may collect:

• Contact information: name, email address, phone number, mailing address (e.g., when you contact us via a form or email)
• Content you submit: comments, form submissions, or messages you send us
• Information shared on public areas: posts on Bodhya-owned community spaces or social media pages

II. How We Collect It

• Directly from you: when you submit a form, send us an email, or otherwise contact us through bodhya.net
• Automatically: through tools like Google Analytics, browser cookies, and web beacons — we collect IP addresses, browser type, pages visited, and device/OS information
• From third parties: if you use a social media login or integration on our site, we may receive your name and email from that platform

III. Why We Use It (Purpose Limitation)

We process your personal data only for the following purposes, as required by DPDPA §4:

• To fulfil your requests: respond to enquiries and messages you send us
• To communicate with you: send transactional messages and, where you have consented, promotional updates
• To improve our services: analyse usage trends and personalise your experience
• To meet legal obligations: respond to lawful government or court orders

We will not use your data for purposes incompatible with those listed above without fresh consent.

IV. How Long We Keep It

We retain personal data only as long as necessary for the purposes stated above or as required by law. You may request erasure at any time (see Your Rights below).

V. Who We Share It With

• Service providers: vendors who assist with email delivery and site analytics. Some processors may be based outside India (see Cross-Border Transfers below)
• Legal obligations: when required by a court order, government authority, or applicable law
• Business transfers: if Bodhya's business is acquired or merged, your data may transfer to the successor entity, subject to equivalent protections

We do not sell your personal data.

VI. Your Rights Under DPDPA 2023

As a Data Principal, you have the following rights:

• Right to access: obtain a summary of the personal data we hold about you and how it is being processed
• Right to correction and erasure: request that inaccurate, incomplete, or unnecessary data be corrected or deleted
• Right to withdraw consent: withdraw consent for any processing based on consent, at any time, without affecting prior lawful processing
• Right to grievance redressal: raise a grievance with our Grievance Officer (see below)
• Right to nominate: nominate another individual to exercise your rights in the event of your death or incapacity

To exercise any of these rights, email [email protected].

VII. Children's Data

We do not knowingly collect personal data from children under 18 years of age without verifiable parental or guardian consent, as required under DPDPA §9. If you believe a child has submitted data to us without consent, contact us immediately and we will delete it.

VIII. Data Breach Notification

If a personal data breach occurs that is likely to affect your rights or interests, we will notify you and the Data Protection Board of India promptly, in accordance with DPDPA obligations.

IX. Cross-Border Transfers

Some of our service providers may process data in countries outside India. We take reasonable steps to ensure such transfers are subject to appropriate data protection safeguards.

X. Unsubscribing from Marketing Emails

To stop receiving marketing emails, write to [email protected]. Your request will be processed within 10 business days. Transactional messages related to your direct interactions with us will continue regardless.

XI. Grievance Officer

In compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023:

Name: Rohit Kumar Email: [email protected]

You may also write to [email protected] for any privacy concerns or to request a copy of your data.

XII. Modifications

We may update this Policy from time to time. We will notify you of material changes as required by law and post the updated Policy on this page with a revised "Last updated" date.

XIII. Contact

For questions about this Policy, email [email protected].