← Back to home
Legal · CSR Bridge India

Privacy Policy

Last updated: 1 February 2026

1. Information we collect

We collect information you provide directly: name, email, organization, role-specific details (DIN, ICAI number, statutory registrations), uploaded documents (registration certificates, PAN, FCRA filings, audited statements), project descriptions and impact updates. We also collect technical data (IP, device, browser) for security and analytics.

2. How we use your information

Your data is used to operate the platform: profile verification by CAs, marketplace discovery, payments processing, generating ESG and Section 135 reports, in-app and email notifications, fraud prevention, and platform improvement. We do not sell personal data.

3. Document storage

Statutory documents are stored on encrypted object storage. Access is restricted: NGO owners (their own files), Chartered Accountants (review during verification), and Companies (read-only after a project is funded or post-mutual approval). All access is logged.

4. Sharing

We share data only with: (a) the verifying CA(s) you select; (b) the funding Company once you accept; (c) payment gateways (Razorpay) for transaction routing; (d) email infrastructure (SendGrid) for transactional notifications; (e) regulatory bodies when required by law.

5. Cookies & analytics

We use minimal first-party cookies for authentication (HTTP-only, SameSite=None) and language preference (csrbridge_lang in localStorage). We do not run third-party advertising trackers.

6. Your rights

You may at any time access, export or delete your account and the personal data we hold about you by writing to support@csresg.in. We will action verified requests within 30 days, subject to applicable legal retention obligations (statutory/audit records may need to be retained).

7. Children

The platform is intended for organisations and adult professionals. We do not knowingly collect personal data from children under 18.

8. Data retention

Account data is retained while your account is active. Statutory/audit records may be retained beyond account closure as required by Indian law. Backups are rotated within 90 days.

9. Security

We deploy reasonable safeguards: encrypted transport (HTTPS), bcrypt password hashing, JWT-based auth, role-based access control, server-side input whitelisting and audit logs. No system is perfectly secure; report concerns to support@csresg.in.

10. Changes to this policy

We may revise this Privacy Policy from time to time. Material changes will be notified via in-app banners or email at least 14 days before they take effect.

11. Grievance officer

Pursuant to the Information Technology Act 2000 and rules thereunder, you may contact our Grievance Officer at grievance@csresg.in for any privacy-related concerns.

Questions? Reach our support team.