Privacy Policy

Effective Date: June 20, 2026

Last Updated: June 20, 2026

Policy Version: 1.1

Contact Email : contact@ghatal.co.in

This is the single, unified Privacy Policy (“Policy”) of Ghatal.co.in ( including all Sub-Domains) (“Company,” “we,” “our,” or “us”). It governs every website, mobile application, and other digital service that we currently own or operate, or may launch in the future, including all properties listed in Schedule A at the end of this document (collectively, the “Services”).

This Policy is issued with reference to the Information Technology Act, 2000; the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”); the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules, 2021”); and the Digital Personal Data Protection Act, 2023 together with the Digital Personal Data Protection Rules, 2025 (“DPDP Act/Rules”).


How This Policy Works

Instead of publishing a separate privacy policy for every website or app, we maintain one Policy and link to it from every Service’s footer, app store listing, and in-app settings. Schedule A lists every Service this Policy currently covers; we add new entries there as we launch new Services — no new policy required.

If a future Service collects a category of personal data not already described in Section 3, or processes data in a materially different way, we will add a clearly labelled section to this Policy (or a Service-specific addendum) before that Service launches, and log the change in the Version History at the end of this document. Linking an old version of this Policy to a Service that needs a disclosure it doesn’t contain does not satisfy consent requirements under the DPDP Act.

This document covers privacy only. Individual Services may have their own separate Terms of Use.

1. Definitions

  • “Service(s)” — any website, subdomain, mobile app, or other digital product listed in Schedule A.
  • “Personal Data” — any data about an individual who is identifiable by or in relation to such data.
  • “Sensitive Personal Data” — categories such as financial information, health data, biometric data, or government ID numbers, which receive enhanced protection under the SPDI Rules.
  • “Data Principal” (you) — the individual to whom the personal data relates.
  • “Consent” — your free, specific, informed, and unambiguous agreement to the processing of your personal data.

2. Scope — Covered Services

This Policy applies to all Services listed in Schedule A, including all current and future subdomains of any covered domain. Where a Service displays this Policy or links to it, that Service is bound by it in full, plus any Service-specific addendum published alongside it.

3. Information We Collect

The categories below describe everything we may collect across all Services. Any individual Service only collects what is necessary for its specific features and permissions — check that Service’s permission requests and in-app notices for what actually applies to it.

A. Location Information

With your permission, certain Services may collect precise or approximate location to show nearby content, services, or results. Always optional; disable anytime via device settings.

B. Contact and Identity Information

If a Service requires you to register, subscribe, submit a form, or contact support, we may collect your name, email address, and/or phone number. Where a Service does not require registration, we do not collect this information.

C. Device, Log, and Usage Data

Across all Services we may automatically collect: IP address, device type, operating system, browser type, app version, crash/diagnostic logs, pages or screens visited, and general usage statistics.

D. Cookies and Similar Technologies

Our websites use cookies and similar technologies (strictly necessary, functional, and analytics) to remember preferences and understand usage. Managed via your browser settings. For Services built on WordPress, this may specifically include:

  • A temporary test cookie on the login page to check whether your browser accepts cookies (contains no personal data; discarded when you close your browser)
  • Login cookies, lasting 2 days (or 2 weeks if you select “Remember Me”), removed when you log out
  • A screen-display-preferences cookie, lasting around 1 year
  • If you edit or publish content, a cookie storing the post ID, lasting 1 day (contains no personal data)
  • If you leave a comment and opt in, a cookie saving your name, email, and website so you don’t have to re-enter them next time, lasting about 1 year

H. Comments (applicable only on Services where commenting is enabled)

When visitors leave comments, we collect the data shown in the comment form, plus the visitor’s IP address and browser user-agent string, to help with spam detection. An anonymized hash of your email address may be shared with the Gravatar service to check whether you have a Gravatar account; if so, your Gravatar profile photo becomes publicly visible alongside your approved comment. The Gravatar/Automattic privacy policy is available at https://automattic.com/privacy/. Visitor comments may also be checked through an automated spam-detection service (e.g., Akismet).

I. Registered Accounts (applicable only on Services that offer visitor sign-up, e.g., for commenting or contributing — not applicable where “no account required” is stated for that Service)

If a Service allows visitors to register, we store the personal information provided in their profile. Users can view, edit, or delete this information at any time (except their username); administrators of that Service can also view and edit it.

J. Media Uploads

If a Service allows users to upload images (e.g., as part of comments, profiles, or content submissions), uploaded images may contain embedded location data (EXIF GPS). Other visitors who can access an uploaded image may be able to extract this data, so we advise against uploading images containing location metadata you don’t want disclosed.

K. Embedded Content from Other Websites

Pages on a Service may include embedded content (e.g., videos, posts, articles) from other websites. Such embedded content behaves exactly as if you had visited the third-party website directly — it may set its own cookies, embed additional third-party tracking, and monitor your interaction with that content, including tracking it if you are logged into that third-party site.

L. Media, Contacts, and Device Permissions (Where Applicable)

Some Services may request access to your camera, photo library, microphone, or contact list to enable specific features (e.g., uploading a photo, voice search, “invite a friend”). We request these permissions individually, only when relevant to that Service’s features, and only with your consent. We do not access these unless the specific feature requesting them is in active use.

M. Payment Information (Where Applicable)

If a Service ever sells goods or services directly, payments are processed through PCI-DSS compliant third-party payment processors. We do not store full card numbers, CVV, or banking credentials on our own servers.

N. Information We Do Not Collect Unless Explicitly Stated

We do not collect Aadhaar numbers, PAN, biometric data, health data, or other Sensitive Personal Data through any Service, unless a specific Service explicitly discloses such collection, obtains your separate explicit consent for it, and this Policy is updated accordingly before that Service launches.

4. Purpose and Basis for Processing

We process personal data only for purposes disclosed in this Policy (or a Service-specific addendum), based on your free, informed, specific consent, or as otherwise permitted under applicable law. We do not use data for an undisclosed purpose without obtaining fresh consent.

5. How We Use Information

  • Provide and operate the features of each Service
  • Personalize content (e.g., local/location-relevant results)
  • Send updates or notifications you’ve opted in to receive
  • Improve performance and fix issues
  • Analyze aggregate usage trends across our Services
  • Maintain security and prevent misuse, fraud, or abuse

6. Sharing and Disclosure of Information

We do not sell or rent personal data. We may share information only:

  • With service providers who help operate our Services (hosting, analytics, maps, push notifications, payment processing) under confidentiality and data-protection obligations
  • When required by law, regulation, court order, or lawful government request
  • To establish, exercise, or defend our legal rights
  • In connection with a merger, acquisition, or asset sale, with notice to you where required
  • If you request a password reset on a Service with registered accounts, your IP address will be included in the reset email

7. Third-Party Services

Depending on the Service, we may use providers such as:

  • Google Maps Platform
  • Firebase Cloud Messaging (push notifications)
  • Google Analytics / Firebase Analytics
  • Cloud hosting and CDN providers
  • Payment gateways (for Services that process payments)
  • Gravatar (Automattic) — for Services with commenting enabled
  • An automated spam-detection service (e.g., Akismet) — for Services with commenting enabled

Each provider processes data under its own privacy policy. A given Service’s in-app or on-site notice will list the specific third parties used by that Service.

8. Cross-Border Data Transfer

Some providers (e.g., Google, Firebase, cloud hosts) may process or store data outside India. Where this occurs, we take reasonable steps to ensure data continues to be protected consistent with this Policy and applicable law.

9. Data Retention

We retain personal data only as long as necessary for the purpose collected, or as required by law, after which it is securely deleted or anonymized.

Data Deletion Requests

Users may request deletion of any personal information we hold by contacting : support@ghatal.co.in

Data categoryTypical retention
Device/usage logs12 months
Location dataNot stored beyond session
Contact/registration infoUntil account deletion
Support/grievance correspondence3 years

On Services where commenting is enabled, comments and their associated metadata are retained indefinitely, so follow-up comments can be recognized and approved automatically rather than held for moderation. On Services that offer registered accounts, profile information is retained for as long as the account exists; users can view, edit, or delete it at any time except their username, and administrators of that Service can also view and edit it.

10. Data Security

We apply reasonable technical and organizational safeguards — including encrypted transmission (HTTPS/TLS) and access restrictions — across all Services. No internet-based system is completely secure. In the event of a personal data breach, we will notify affected users and the Data Protection Board of India as required under the DPDP Rules, 2025.

11. Children’s Privacy

Consistent with the DPDP Act, 2023, a “child” is any individual below 18 years of age. We do not knowingly collect personal data from children without verifiable consent from a parent or lawful guardian. If you believe a child has provided personal data without such consent, contact our Grievance Officer (Section 14) and we will take steps to delete it.

12. Your Rights

Subject to applicable law, across all Services you may:

  • Request a summary of personal data we hold about you and how it’s processed
  • Request correction or completion of inaccurate or incomplete data
  • Request erasure of data no longer necessary for its original purpose
  • Withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Nominate another individual to exercise these rights on your behalf in case of death or incapacity
  • Lodge a grievance and seek redressal

Erasure requests do not extend to data we are legally obliged to keep for administrative, legal, or security purposes.

To exercise these rights for any Service covered by this Policy, contact us using Section 17 or our Grievance Officer in Section 14.

13. Managing Your Preferences

  • Location: disable via device Settings or browser site settings
  • Notifications: disable via device Settings or in-app settings
  • Cookies: manage via browser settings
  • Camera/contacts/microphone: revoke via device app permissions
  • You may also stop using any Service or uninstall its app at any time

14. Grievance Officer

In accordance with the IT Rules, 2021 and the DPDP Act, 2023, this Grievance Officer covers all Services listed in Schedule A:

FieldsDetails
NameSuryagopal Dhara
Emailgrievance@ghatal.co.in
AddressGhatal, Paschim Medinipur, West-Bengal, India
Response timelineAcknowledgment within 72 hours ; resolution within 30 days

If a specific Service later grows large enough to qualify as a “Significant Social Media Intermediary” (5 million+ users) under the IT Rules, 2021, that Service will publish its own dedicated Resident Grievance Officer in addition to the contact above, as legally required at that scale.

If unsatisfied with our response, you may approach the Data Protection Board of India.

15. Governing Law and Jurisdiction

This Policy is governed by the laws of India. Courts in Ghatal shall have exclusive jurisdiction over disputes arising from this Policy, for all Services it covers.

16. Changes to This Policy

We may update this Policy as our Services evolve. Material changes — including new data categories collected by a new Service — will be reflected here with an updated “Last Updated” date and logged in the Version History below. Continued use of any Service after an update constitutes acceptance of the revised Policy.

17. Contact Us

Email: contact@ghatal.co.in

Primary Policy URL: https://ghatal.co.in/privacy-policy

18. Consent

By accessing or using any Service listed in Schedule A, you confirm that you have read and understood this Policy and consent to the collection, use, and disclosure of your information as described.


Schedule A — Services Covered by This Policy

Service NameTypeURL / Package IDAdded On
ghatal.co.in (and all subdomains)Websitehttps://ghatal.co.inJune 20, 2026
GhatalAndroid AppJune 20, 2026
GhataliOS AppJune 20, 2026


Version History

VersionDateSummary of changes
1.0June 20, 2026Initial unified Policy covering Ghatal website, subdomains, Android app, and iOS app
1.1June 20, 2026Integrated WordPress-specific provisions (comments, Gravatar, login/comment/post cookies, registered accounts, media EXIF data, embedded content, password-reset IP, comment retention) for WordPress-based Services
Scroll to Top