Legal

Privacy Policy

ImpactNet Private Limited

Effective Date: 20 June 2026

ImpactNet Private Limited (“ImpactNet”, “we”, “us”, or “our”), incorporated in Bhopal, Madhya Pradesh, India, operates the platform ImpactNet (the “Platform”), a two-sided marketplace connecting freelance consultants and consulting firms with NGOs, CSR teams, foundations, multilaterals, and government programmes in the development and sustainability sector. This Privacy Policy explains how we collect, use, share, store, and protect personal data when you use our website, mobile applications, and related services (collectively, the “Services”), and describes the rights available to you under applicable Indian law, principally the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Information Technology Act, 2000 along with the rules made thereunder.

By accessing or using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

1. Scope of This Policy

This Policy applies to all users of the Platform, including:

  • Individuals and Consultant Firms (“Consultants”) who offer professional services through the Platform;
  • Client Individuals and Client Organisations (“Clients”), including NGOs, CSR teams, foundations, multilaterals, and government programmes, who seek to engage Consultants through the Platform;
  • Visitors to our website who have not registered an account.

This Policy covers both our platform services (account registration, project posting, proposals, milestone tracking, payments, and dispute resolution) and our website, including cookies and analytics used on it.

2. Information We Collect

2.1 Information you provide to us

  • Account and identity information: name, email address, phone number, date of birth, gender, address, organisation name and type, designation, and account type (Consultant Individual, Consultant Firm, Client Organisation, or Client Individual);
  • Verification and KYC information: government-issued identity documents, PAN, GST details, organisation registration documents, bank account details, and other documentation we may require to verify identity, prevent fraud, or comply with law;
  • Professional information: resumes/CVs, sector expertise, qualifications, work history, certifications, portfolio samples, and references, for Consultants; and organisational profile, CSR/programme focus areas, and project requirements, for Clients;
  • Project and transaction information: project postings, proposals, applications, invitations, shortlisting decisions, milestone (PLM) structures, deliverables, communications between Consultants and Clients conducted on the Platform, ratings and reviews, and dispute records;
  • Payment information: bank account or UPI details, transaction history, and invoices, processed through our payment partner (currently Razorpay); we do not store full card or bank account credentials ourselves;
  • Communications with us: support tickets, emails, and other correspondence with ImpactNet.

2.2 Information collected automatically

  • Device and usage information: IP address, browser type, device identifiers, operating system, pages viewed, time spent, referring URLs, and approximate location derived from IP address;
  • Cookies and similar technologies: as described in Section 6 below.

2.3 Information from third parties

  • Information from our payment processing partner relating to the status of transactions (not full payment credentials);
  • Information from identity verification or background-check providers, where used;
  • Publicly available professional information, such as that on LinkedIn, where voluntarily linked by a user.

3. How We Use Your Information

We use personal data for the following purposes, each grounded in your consent, the performance of our contract with you, or a legitimate use permitted under the DPDP Act:

  • To create and administer your account and verify your identity and credentials;
  • To operate the marketplace: matching Consultants with Client projects, facilitating proposals, shortlisting, milestone tracking, and communications between parties to a project;
  • To process payments and operate the milestone-based escrow mechanism, including coordinating with our payment partner;
  • To resolve disputes between Consultants and Clients in accordance with our Terms of Service;
  • To send service-related communications, including project updates, payment confirmations, and platform notices;
  • To send marketing communications, where you have consented, and which you may opt out of at any time;
  • To maintain platform security, detect and prevent fraud, and enforce our Terms of Service;
  • To comply with applicable law, including tax, anti-money-laundering, and regulatory requirements;
  • To improve the Platform, including through aggregated and de-identified analytics.

We deliberately exclude Consultants' personal contact details from notifications sent to Clients, and vice versa, so that discovery and engagement take place within the Platform. We do not use your personal data to train third-party advertising profiles, and we do not sell personal data.

4. Consent and Legal Basis

Where the DPDP Act requires consent, we will seek your free, specific, informed, unconditional, and unambiguous consent through clear affirmative action before processing your personal data for that purpose, and you may withdraw consent at any time, with the same ease with which it was given, by writing to us at the contact details in Section 12. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal, and may affect our ability to continue providing the Services to you.

We may also process personal data without consent where permitted under the DPDP Act, including for specified “legitimate uses” such as compliance with a judgment or order, compliance with a legal obligation under Indian law, and the performance of our contractual obligations to you.

5. Sharing and Disclosure of Information

We share personal data only as necessary for the purposes described in this Policy, and not for unrelated commercial purposes:

  • With other users: limited profile and project information necessary to evaluate a proposal or shortlist a Consultant, excluding direct personal contact details, which remain visible only once a project is mutually accepted on the Platform;
  • With our payment processing partner (Razorpay), strictly to process transactions and operate escrow;
  • With service providers who support our infrastructure, including hosting, cloud storage, communications, and analytics providers, under contractual obligations to protect personal data and use it only as instructed by us;
  • With our operations partner, Opportune Jobs, solely in connection with operational support functions agreed between us, and subject to confidentiality obligations;
  • With regulators, courts, or law enforcement, where required by Indian law or in response to a valid legal process;
  • In connection with a corporate transaction, such as a merger, acquisition, or sale of assets, subject to the acquiring entity continuing to honour the commitments in this Policy.

We do not share personal data with third parties for their own independent marketing purposes without your separate consent.

6. Cookies and Similar Technologies

Our website uses cookies and similar tracking technologies to operate core functionality, remember preferences, and understand how visitors use the website.

  • Essential cookies: required for login, security, and core site functionality; these cannot be disabled without affecting the Services;
  • Analytics cookies: help us understand aggregate usage patterns so we can improve the website and Platform;
  • Preference cookies: remember settings such as language or display preferences.

You can control or disable non-essential cookies through your browser settings or, where available, a cookie preference banner on our website. Disabling essential cookies may prevent parts of the Services from functioning correctly. We do not use cookies to serve third-party behavioural advertising.

7. Data Storage, Security, and Retention

Personal data is stored on secure servers, and access is restricted to personnel and service providers who need it to perform their functions. Passwords are stored using industry-standard hashing, and sensitive transactions are encrypted in transit. While we take reasonable security practices and procedures consistent with applicable Indian law, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We retain personal data for as long as your account remains active, and thereafter for the period necessary to fulfil the purposes described in this Policy, including resolving disputes, enforcing our agreements, and complying with statutory retention requirements under tax, corporate, and other applicable law. Where data is no longer required, we will delete or anonymise it, except where retention is required by law.

8. Your Rights Under the DPDP Act

Subject to applicable law and any exemptions under the DPDP Act, you have the following rights in relation to your personal data:

  • Right to access a summary of the personal data we hold about you and the processing activities undertaken;
  • Right to correction and completion of inaccurate or incomplete personal data, and updating of personal data;
  • Right to erasure of personal data that is no longer necessary for the purpose for which it was collected, subject to our legal retention obligations;
  • Right to grievance redressal, by raising a complaint with our Grievance Officer (Section 12) and, if unresolved, with the Data Protection Board of India;
  • Right to nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any of these rights, please write to us using the contact details in Section 12. We will respond within the timelines required under applicable law.

9. Cross-Border Data Transfer

Personal data collected through the Platform is primarily stored and processed within India. Where any data is transferred to or processed by service providers located outside India (for example, certain cloud infrastructure or communications providers), we will ensure such transfers comply with the DPDP Act and any restrictions notified by the Central Government from time to time.

10. Children's Data

The Services are intended for use by individuals who are at least 18 years of age and capable of entering into a binding contract under Indian law. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a minor without appropriate consent, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. We will notify you of material changes through the Platform or by email, and will indicate the date the Policy was last revised at the top of this document. Continued use of the Services after such notice constitutes acceptance of the revised Policy.

12. Grievance Officer and Contact Information

In accordance with the Information Technology Act, 2000 and rules made thereunder, and the DPDP Act, ImpactNet has designated a Grievance Officer to address any questions, concerns, or complaints regarding this Privacy Policy or the processing of your personal data.

Grievance Officer

Name: Srashti Singhal

Email: freelanceimpactconsultants@gmail.com

Address: ImpactNet Private Limited, Bhopal, Madhya Pradesh, India

We will acknowledge and address complaints within the timelines prescribed under applicable Indian law.

13. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts at Bhopal, Madhya Pradesh, without prejudice to any rights you may have to approach the Data Protection Board of India under the DPDP Act.