eGov Data Privacy Policy

1. About eGov

eGov Foundation is a philanthropic mission that cares deeply about making the lives of ordinary citizens better, including health, sanitation, public finance management systems, and access and delivery of services from the government, by creating .

2. About DIGIT

Digital Infrastructure for Governance, Impact & Transformation (DIGIT) is an open-source platform created by eGov (platform owner). It helps governments collect revenues, deliver services, and manage operations and workflows in an efficient, reliable, and transparent manner.

The DIGIT platform is built and designed to:

• Improve the delivery of services for citizens, making such services more accessible, inclusive, and easy to use

• Simplify the work of frontline workers, through streamlined workflows and easy-to-use interfaces

• Enable government employees to transition daily routine and repeatable work items from manual to digital systems, driving efficiency in public service delivery

• Provide tools to improve local government revenue mobilisation, through dashboards, systemized demand generation, and collection of taxes, user charges, fees, licences etc.

• Empower government administrators / administering agencies to access relevant data for timely decision-making and action.

For a full list of products/services available on DIGIT, see .

For a description of data security measures built into DIGIT, see .

3. DIGIT Platform, DIGIT Implementations & Data

As an open-source platform, DIGIT in & of itself does not collect, store, use, process, or share data.

DIGIT is deployed by national, state, or local government bodies. Such deployment may be done by in-house teams of the government, third-party service providers, or – in a small number of cases – by eGov.

Where eGov is participating in a deployment, whether as an implementing agency or supporting agency, this is on the basis of a Memorandum of Understanding (MoU) or agreement with the relevant government entity.

eGov is compliant with the relevant laws and regulations of India.[4]

When the DIGIT platform is implemented in a particular place, that particular implementation will collect, store, use, process, and share data relevant to the specific purposes for which it is being used (i.e. the services it is enabling the local government or other service providers to provide). The party that is given the authority to implement DIGIT at a government entity level is called the implementing agency. Each implementation is carried out at a program level by program owners. The administering authority defines what the scope of a program can be[5].

All data collected, stored, used, processed, or shared by a DIGIT implementation is the property of the individuals to whom it pertains. The administering authority that is responsible for the implementation is also responsible for the management of this data.

This data is not, under any circumstances, the property of the implementing agency or the supporting agency.

4. What Data Does DIGIT Handle?

A DIGIT implementation/ program collects and processes personal data[6] such as the first name, last name, parent’s / guardian’s name, address, email address, telephone number, age, gender, and identification documents. It may collect your educational, demographic, location, device and other similar information.

The DIGIT implementation may also collect information such as Internet Protocol (IP) addresses, domain name, browser type, Operating System, Date and Time of the visit, pages visited, IMEI/IMSI number, device ID, location information, language settings, handset make & model etc.

A DIGIT implementation may derive, store, process, and share transactional data, which describes the progress of any ongoing task (e.g. any service requested by a resident) through the systems of the local government or other government agency. This can include information about the specific role to whom a given task is assigned (or with whom it is pending), the amount of time elapsed on processing / completing a given request (or task / sub-part thereof), and whether this task has been completed within the benchmark or designated amount of time. It can also include details about the channel through which a particular request was received, such as ULB counter, service centre, website, helpline, mobile app, chatbot, etc.

A DIGIT implementation can derive, store, process, and share aggregated data. These aggregates are derived from the transactional data. This includes data such as aggregate or cumulative revenue collection, aggregate or cumulative number of service requests, percentage of requests resolved within the benchmark time period, etc. The above data may be further analysed and presented in terms of the type of collection, request, or complaint, the channel through which it was received, etc.

A DIGIT implementation can also collect, store, process, and share telemetry data, which studies how much time is spent on a given screen or field in a workflow/user interface (UI). Such data is normally processed and shared in aggregate, and will not be used to identify specific individuals. In the event that specific individuals are sought to be identified, such as for user research, their consent will be sought for the further processing or sharing of their data.

5. Who Handles Data On DIGIT?

• Administering authorities and Program Owners - State or Central government, government department employees and third-party contractors or agents( hired by governments): interact with the citizens, provide services, collect payments, and collect feedback, view real-time or compiled/aggregated data on city operations, which can inform performance management and policy-making.

• Implementing agencies and Supporting agencies: implement, customise, and maintain and support a DIGIT implementation.

• eGov employees, contractors, and consultants - when eGov is appointed as an implementing agency for implementing DIGIT in a few States, otherwise for support and maintenance.

• eGov may access, use, and share any data made public by government entity/ies, including in combination with aggregate and/or derived data as described below.

6. Data Access By eGov

A. As a platform owner:

1. eGov does not collect, use or share any personal data (other than of its own employees)

2. eGov may access information about usage of the DIGIT platform, including any specific product or feature, for the purposes of understanding usage of the platform/product/feature, and for making or testing improvements to these.

• Such information may include metadata; aggregate statistics on usage, revenue, and service requests; aggregate statistics on the status of a particular service/request/complaint type; and aggregate or anonymised information about user behaviour in navigating workflows or screens (‘telemetry data’).

• Such information may also include derived data, e.g. averages or trends calculated from the aggregate statistics described above. This data may be derived by eGov, by the government entity, or by any authorised third party.

1. eGov may have additional access to data under three circumstances:

• eGov may request access to contact information of specific individuals/users, in order to contact them as participants in research conducted or commissioned by eGov or eGov’s collaborators.

• Upon receiving permission from the relevant government entity to access and use this information, eGov may contact these individuals, and seek their consent for participation in the research in question.

• eGov may share this information with research partners, upon the signing of suitable data sharing/data use agreements, which impose upon such partner obligations and conditions for data access/use/sharing that are at least no less stringent than those applicable to eGov.

B. eGov as an Implementing Agency

1. eGov may serve as an implementing partner for part or the entirety of a DIGIT implementation. For such areas where and for such duration when eGov is an implementing partner, as part of the implementation process, eGov collects, store, process, use, and share all data relevant to the implementation, including personal data.

• All terms and conditions related to such data access shall be included in a formal agreement between eGov and the relevant government entity responsible for that implementation.

• eGov shall not collect, store, process, use, or share such data for any purpose other than that specific implementation, and shall not share such data with any third party unless specifically authorised to do so in writing by the relevant government entity, or unless required to do so by law.

• In all cases where eGov has access to personal data, eGov shall ensure that:

  • Such access is authorised on the basis of an agreement with the relevant government entity, or otherwise authorised in writing by the relevant government entity.

  • The purpose of such access and the nature of data that may be accessed are specified in the document that authorises such access.

  • The channel through which such data may be accessed/shared is specified in the document that authorises such access, and such channel is generally accepted as a secure channel for data sharing.

C. eGov as a Supporting Agency

1. eGov may collect, store, process, use, access or share data from a DIGIT implementation to support said implementation.

2. All terms and conditions related to such data access shall be included in a formal agreement between eGov and the relevant government entity responsible for that implementation.

7. Data Not Related To The DIGIT Platform

In addition to the data described above, eGov has access to two broad categories of data.

1. Employee data: eGov may collect, store, process, use, and share data pertaining to employees, contractors, and consultants of eGov. This includes:

• Name, address, phone number, address, contact information, date of birth

• Login IDs and passwords for work-related software

• Information pertaining to academic and/or professional history

• Information necessary for processing payments and taxes, including bank account, PAN, GST, Aadhar, and Provident Fund information

• Information necessary for providing insurance, including some health-related information of the employee; name, age, date of birth, and health-related information of the employee’s dependents or nominees.

1. Partner or contact data: eGov may collect, store, process, use, and share data of organisations or individuals with whom eGov has contact in the ordinary course of its business.

• This includes name, organisation, designation, contact details, etc.

• eGov shall use this information for normal business purposes, such as sharing business communications (emails, newsletters, etc.)

8. Versions Of This Policy

This policy is subject to change.

Please refer to this webpage for the latest version of the policy.

9. Your Consent To Data Sharing

By using the products of eGov, you confirm that you have read, understood, and accepted this Policy, and that we may collect, process, disclose, and/or share your data as described in this Policy.

10. Contact Details

Name:

Address:

Phone Number:

E-mail:

Date:

2. This entity creates the infrastructural design of the platform (architects of the platform). They are responsible for the design of the platform ↑

3. Government bodies mandated to provide a government service usually an agency or department of the State government agencies have the power to decide who has access and control of the DIGIT systems ↑

6. As defined in the Digital Personal Data Act, 2023 - Sec 2 (t) “personal data” means any data about an individual who is identifiable by or in relation to such data ↑