Privacy Policy

The Guardian Chronicle | Data Fiduciary Declaration

Last Updated: May 2026 | Effective Date: June 1, 2026

1. Introduction and Who We Are

Welcome to The Guardian Chronicle. We are committed to independent journalism, public interest reporting, and, above all, the trust of our readers. Protecting your privacy and handling your personal data with transparency and integrity is fundamental to how we operate.

This Privacy Policy explains, as a Data Fiduciary under the Digital Personal Data Protection (DPDP) Act, 2023, how we collect, use, share, and protect your personal data when you visit our website, use our digital applications, subscribe to our print or digital editions, or interact with us in any manner.

2. Our Core Privacy Principles

Transparency & Notice: We will always tell you what data we collect and why, before we collect it.

Purpose Limitation: We only use your data for the specific, declared purposes.

Data Minimization: We collect only the minimum data necessary to deliver our services.

Lawful Basis: Every data processing activity has a valid legal basis — either your Consent or a recognized Legitimate Use under the DPDP Act.

Security: We employ rigorous technical and organizational safeguards.

Reader Control: We respect your rights under Indian law to access, correct, erase, and port your personal data.

3. What Personal Data We Collect

Under the DPDP Act, “Personal Data” means any data about an individual who is identifiable by or in relation to such data.

3.1 Data You Provide Directly

Identity & Contact Data: Name, email address, phone number, and postal address.

Account Profile Data: Username, password (stored as a one-way hash), preferences, and reading interests.

Financial Data (SPDI): Billing address and tokenized payment details when you purchase a subscription. Payment processing is handled by PCI-DSS-compliant Razorpay; we do not store your full card or UPI details.

Communications: Records of your interactions with our customer service, editorial, or grievance teams.

3.2 Data Collected Automatically

Technical Data: IP address, browser type and version, time zone, operating system, and device identifiers.

Usage Data: Articles read, sections visited, time spent, scroll depth, and navigation flow on our platform.

Cookie & Tracking Data: As detailed in our Cookie Policy, various cookies and tracking technologies are used; consent is obtained as required.

3.3 Children’s Data

We do not knowingly collect personal data from children under the age of 18 without verifiable parental or lawful guardian consent. If you are under 18, your parent or guardian must provide consent through our designated Consent Manager framework, in accordance with DPDP Rules, 2025.

4. How and Why We Use Your Data

We process your personal data only when we have a valid lawful basis. For each purpose, we identify the legal basis below:

4.1 Lawful Bases

Consent: For marketing emails, personalized advertising, non-essential cookies, and analytics tracking.

Legitimate Use (DPDP Act, Sections 7(b)–(i)): For delivering subscribed services, processing payments, fraud prevention, and IT security.

Legal Obligation: For complying with court orders, government directives, or statutory obligations.

4.2 Specific Purposes

Deliver and manage your digital or print subscription.

Process subscription payments securely.

Personalize your news feed and newsletter recommendations.

Analyze aggregated reader behavior to improve content delivery.

Send marketing and promotional communications (Consent-based; opt-out available).

Serve relevant advertising to free-tier users (Consent-based via Cookie Policy).

Prevent fraud, abuse, and unauthorized access to our systems.

Comply with lawful orders from Indian courts, regulators, or law enforcement.

5. Consent Management

We rely on your free, specific, informed, unconditional, and unambiguous consent before collecting non-essential data.

We do NOT use pre-ticked boxes. Every consent is an active opt-in.

Before collecting your data, we provide a standalone, itemized notice detailing what data is collected and for what specific purpose.

6. Who We Share Your Data With

We do NOT sell your personal data. We share data strictly on a need-to-know basis:

Data Processors: Trusted third-party vendors for IT hosting, payment processing, print delivery logistics, and email distribution. All are bound by DPDP-compliant Data Processing Agreements.

Advertising Partners: Only pseudonymized, aggregated audience data is shared with advertising networks, subject to your Cookie Policy consent.

Legal & Regulatory Authorities: We disclose data to courts, law enforcement, or government bodies only when legally mandated under Indian law.

7. Data Retention Periods

We retain your personal data only for as long as necessary for the stated purpose or as required by Indian law:

Account & Profile Data

Duration of account + 3 years post-closure

Financial & Billing Data

7 years (Income Tax Act / GST compliance)

Technical & Usage Data

12 months rolling

Marketing Preferences

Until consent is withdrawn + 30 days

Grievance & Legal Records

3 years post-resolution

Cookie Consent Logs

1 year from date of consent

8. Your Rights Under the DPDP Act, 2023

You have the following rights, exercisable by contacting our Data Protection Officer:

Right of Access (Section 11): Obtain a summary of your personal data and the processing activities related to it.

Right of Correction (Section 12): Request correction of inaccurate or outdated personal data.

Right of Erasure (Section 12): Request deletion of your personal data when it is no longer necessary for the purpose for which it was collected.

Right of Grievance (Section 13): File a complaint with our Data Protection Officer; if unresolved, escalate to the Data Protection Board of India.

Right to Nominate (Section 14): Nominate another individual to exercise your rights in the event of your death or incapacity.

Consent Withdrawal: Withdraw consent for any processing activity at any time. Withdrawal does not affect past lawful processing.

Response Timeline: We acknowledge rights requests within 24 hours and resolve them within 15–30 days, depending on complexity.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in risk to your rights or freedoms, The Guardian Chronicle shall:

Notify the Data Protection Board of India (DPB) within the timeframe prescribed under the DPDP Act;

within 72 hours of becoming aware of the breach, with details of the nature of the breach, data affected, and remedial action taken;

Maintain an internal breach register and conduct a root-cause analysis.

For immediate breach notifications, contact: breach-notification@guardianchronicle.in

10. Data Security

Encryption in Transit: All communications between your device and our servers use TLS 1.2 or higher.

Encryption at Rest: Sensitive personal and financial data is encrypted at rest using AES-256.

Access Controls: Role-based access controls limit employee access to personal data on a strict need-to-know basis.

Third-Party Audits: We conduct periodic security audits and vulnerability assessments.

11. Cookie and Tracking Disclosure

We use cookies and similar tracking technologies on our platform. The categories and legal basis for each are detailed in our separate Cookie Policy. In summary:

Strictly Necessary Cookies: No consent required (Legitimate Use).

Performance, Functionality & Targeting Cookies: Require your active consent; no pre-ticked boxes.

12. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email or a prominent notice on our website at least 30 days before the change takes effect. We encourage you to review this Policy periodically.

13. Contact Our Data Protection Officer

DPO Name: [To Be Appointed — Name of Data Protection Officer]

Designation: Data Protection Officer (DPO) / Consent Manager

Email: privacy@guardianchronicle.in

Phone: [To Be Inserted] (Mon–Fri, 10 AM – 6 PM IST)

Postal Address: The Guardian Chronicle, Data Protection Desk, 3rd Floor, Satya Chambers, Ranchi, Jharkhand – 834001

Acknowledgment: Within 24 hours

Resolution: 15–30 days (depending on complexity)

DPB Escalation: www.dpboard.gov.in (if unresolved after our process)