Platform: reportscams.in ย ยทย Governing law: Digital Personal Data Protection Act, 2023 (DPDPA) ย ยทย Last updated: June 2026
This Privacy Policy explains what personal data we collect from you, why we collect it, how we use it, how long we keep it, and what your rights are. We have written it in plain language because you deserve to understand exactly how your information is handled โ not buried in legal boilerplate.
1. Who We Are
reportscams.in is operated by Report Scams / For Better India, an independent platform built to help Indians protect themselves from financial fraud. We are not affiliated with any government body, bank, or regulatory authority. We operate as an intermediary under Section 79 of the Information Technology Act, 2000.
For all privacy-related concerns, contact our Grievance Officer โ see the Grievance Officer page.
2. What Personal Data We Collect and Why
| Data | How Stored | Why We Need It |
|---|
| Email address | Encrypted at rest โ never shared with third parties | Account creation, login, email communications |
| Password | scrypt-hashed with a per-user salt โ we cannot read your password | Account authentication |
| Name (optional) | Plain text โ shown on profile if provided | Display on verified reports and Q&A answers |
| Phone number (OTP verified) | SHA-256 one-way hash only โ plaintext never stored | Verified badge on account โ OTP verification |
| District / location | District name and district-centre coordinates only โ no GPS, no precise address | 10km scam proximity alerts (only if you enable this feature) |
| Scammer phone numbers you report | SHA-256 hash โ plaintext never stored | Searchable scam database โ fraud prevention |
| Content you submit (reports, questions, answers, posts) | Stored as submitted โ displayed on platform | Core platform function โ community intelligence |
| Evidence files you upload | Stored with our configured cloud media provider โ access controlled by platform permissions | Evidence vault for victim groups |
| IP address | Recorded in security logs and rate-limit checks | Preventing spam reports, brute-force attempts, and platform abuse |
| Consent timestamps | Recorded with user ID and IP โ immutable | Legal compliance โ DPDPA 2023 requirement |
3. The Critical Question โ Scammer Phone Numbers
When you report a scammer's phone number, you are giving us the personal data of a third party. Under DPDPA 2023, we are required to have a lawful basis to process this data. We have two:
- Legitimate interest: Fraud prevention is a recognised legitimate interest under DPDPA Section 7 that overrides the consent requirement of the scammer.
- Public interest: Protecting the Indian public from known scammers constitutes a clear public interest purpose.
Additionally, we store scammer phone numbers as SHA-256 cryptographic hashes โ a mathematical one-way transformation. The actual phone number is never stored. We cannot reverse the hash to recover the number. This provides strong technical protection in addition to our legal basis.
4. Consent โ When We Ask and What It Means
DPDPA 2023 requires that your consent be free, informed, specific, and unambiguous. Here is exactly when we ask for consent and what each consent means:
- Account registration: You accept our Terms of Service, Privacy Policy, and Community Guidelines. You consent to receiving platform communications (reports on your watchlist, Q&A answers, etc.).
- Report submission: You confirm the report is genuine and accept personal legal liability for its accuracy. Your consent is recorded with a timestamp.
- Location/proximity alerts: You separately consent when you enable the 10km scam alert feature. This is opt-in โ the feature does not activate by default.
You may withdraw any consent at any time from your profile settings or by contacting the Grievance Officer. Withdrawal of consent does not affect the lawfulness of processing that occurred before withdrawal.
5. How We Use Your Data โ and What We Never Do
We use your data only for the purposes stated at collection:
- Operating the platform โ authentication, report display, search, Q&A, groups
- Sending automated communications โ report updates, Q&A answers, premium renewal reminders (see full email list in Terms)
- Scam proximity alerts โ only if you have explicitly enabled this
- Abuse prevention โ rate limiting, pattern detection to stop coordinated false reporting
- Legal compliance โ responding to valid court orders, government directives, and law enforcement requests
Our unconditional promises:
- โ We will never sell your personal data โ to anyone, ever
- โ We will never share your data with advertisers
- โ We will never use your data for profiling or targeted advertising
- โ We will never show loan app, crypto, or gambling advertisements on this platform
- โ We will never share your identity with any third party without a valid court order
6. Your Rights Under DPDPA 2023
The Digital Personal Data Protection Act, 2023 gives you the following rights over your personal data:
- Right to access: You can view all data associated with your account from your dashboard at any time.
- Right to correction: All your account fields โ name, email, phone, language preference, district โ are editable from your profile settings at any time.
- Right to erasure (Right to be Forgotten): You can delete your account from profile settings. Deletion removes your email, name, phone hash, location, and login history. Reports you submitted are anonymised (not deleted) โ this is permitted under the DPDPA public interest exception, because other users may have relied on those reports for fraud prevention.
- Right to grievance redressal: Any privacy concern can be raised through our Grievance Officer. We acknowledge within 24 hours and resolve within 15 days.
- Right to nominate: You may nominate another person to exercise your data rights on your behalf in the event of death or incapacity.
7. How Long We Keep Your Data
- Active accounts: Retained as long as your account exists
- Deleted accounts: Personal data removed within 30 days of deletion request
- Removed content (by admin or court order): Preserved for 180 days in secure internal storage, then permanently deleted โ as required by IT Rules 2021
- Scam reports: Auto-archived after 18 months unless community re-confirms โ archived reports are not publicly searchable but retained for legal purposes
- Consent records: Retained for 3 years โ required for legal compliance
- Admin audit logs: Retained permanently โ immutable โ required for legal protection
8. Security โ How We Protect Your Data
- All data is served over HTTPS in production with browser security headers enabled
- Passwords are stored as salted scrypt hashes โ we cannot read your password
- Phone numbers stored as SHA-256 hashes โ cannot be reversed
- Rate limits protect login, signup, upload, report submission, and chat abuse paths
- Evidence files are stored with provider-side access controls and application permission checks
- Admin access requires 2FA and uses a short-lived dedicated admin session
- Backups, firewalling, and DDoS protection depend on the production hosting environment we deploy to
9. Data Breach โ What We Will Do
If we ever discover a data breach that could affect your personal information, we will:
- Notify the Data Protection Board of India within 72 hours of discovery
- Notify all affected users by email within 72 hours
- Tell you clearly what data was affected, what we are doing about it, and what you should do
- Document the breach and our response in our breach log
10. Anonymous Submissions
You may submit scam reports without creating an account. When you submit anonymously:
- Your email and name are not attached to the report
- Your IP address is recorded for rate limiting and abuse prevention only
- You cannot join victim group rooms, receive updates, or access premium features
- Anonymous reports carry a lower credibility score than verified-user reports
11. Third-Party Services We Use
We use the following carefully selected third-party services to operate the platform:
- Cloudinary โ evidence and media file storage
- Hostinger Email / SMTP โ transactional email delivery
- Razorpay โ payment processing โ we never store card details directly
- Configured AI / translation providers โ premium translation and assistance features when enabled
None of these providers receive your personal data for their own commercial purposes. Data sharing with each is limited to what is strictly necessary for the service they provide.
12. Children
This platform is intended for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has created an account, please contact our Grievance Officer immediately and we will delete the account.
If any report on the platform involves or references a person under 18 in a context suggesting exploitation or abuse, we have a mandatory obligation to report this to cybercrime.gov.in and NCPCR immediately under the POCSO Act.
13. Contact and Grievances
For any question, concern, or request regarding your personal data โ including exercising any right under DPDPA 2023 โ contact our Grievance Officer:
This Privacy Policy complies with the Digital Personal Data Protection Act, 2023 and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. It should be reviewed by a qualified Indian cyber law advocate before the platform goes live.
