Privacy guides
Your privacy, explained simply.
Plain-English answers to the privacy questions every Indian internet user should be asking. No jargon. No legal language. Just what you need to know.
How to stop spam calls in IndiaRegister for DND, file complaints, and learn why companies can still call you after you shared your number online.What is DPDP? India's data protection law, explainedA plain-English guide to India DPDP Act, what rights you have, and what companies must do with your personal data.How to know if a website is tracking youA simple guide to website trackers in India, what they collect, and how to check what runs when a page loads.Is a website recording your screen right now?What screen-recording and session-replay tools do, why websites use them, and how to think about the privacy risk.How to ask a company what data it has on youA practical template and plain-English guide for asking Indian companies what personal data they hold about you.What actually happens when you click 'Accept Cookies'A simple explanation of cookies, tracking, consent banners, advertising pixels, analytics and what you may be accepting.Your phone number was shared without your permission. Here is why.Why spam calls can start after one signup, how phone numbers move through checkout and marketing tools, and what to do next.Is online shopping safe in India? What we found.What Indian online shopping sites may collect through checkout, ads, analytics, identity tools and delivery workflows.What is Meta Pixel and why is it on so many Indian websites?A simple explanation of Meta Pixel, why websites use it, what it can reveal, and why it matters for privacy in India.What is Microsoft Clarity? The screen recording tool on Indian websites.What Microsoft Clarity does, why session replay tools matter, and what users should know about website screen recording.What is GoKwik? The checkout tool that knows your phone number.A simple guide to GoKwik checkout, phone-number identity, prefilled forms and privacy questions for Indian shoppers.Why does this app need access to your SMS?Why apps ask for SMS access, what OTP reading can expose, and how Indian users should review app permissions.Why does this app want your contact list? What it really means.What contact-list permission gives an app, why it affects people beyond you, and what to ask before allowing it.How to read a privacy policy in 5 minutes.A practical privacy policy reading guide for normal people: what to scan, what red flags matter, and what to ignore.Do companies actually follow their own privacy policy?How to compare a privacy policy with real website behavior, trackers, consent flows and disclosure gaps.Is your health app safe? What we found on Indian healthcare websites.Privacy questions for Indian health apps and healthcare sites: trackers, sensitive data, consent, ads and policy gaps.Is your investment app safe? Trackers on Indian fintech websites.What Indian fintech and investment users should know about trackers, marketing calls, consent and financial behavior signals.Do edtech apps track students? What we found.Privacy questions for Indian edtech: student data, parent consent, learning analytics, advertising and vendor tools.Does the chatbot save your data? Is it used to train AI?What chatbot privacy means in India: saved chats, support data, AI training, purpose limits and user consent.DPDP readiness checklist for Indian companies.A simple DPDP readiness checklist for Indian companies covering notices, consent, vendors, grievance and evidence.What DPDP says about consent. Most companies get it wrong.DPDP consent explained simply: clear purpose, separate choices, withdrawal, proof and why bundled consent is risky.Why DPDP makes vendor disclosure hard for Indian companies.Vendor disclosure under DPDP in simple English: processors, trackers, adtech, analytics tools and why companies need a clear list.What is a grievance officer? Why your company needs one under DPDP.Grievance officer and data rights handling explained for Indian companies preparing for DPDP compliance.How to delete your data from Indian apps and websites.A simple guide to asking Indian apps and websites to delete your personal data, with practical steps and wording.How to file a privacy complaint in India.How Indian users can start a privacy complaint: contact the company, preserve evidence, and understand DPDP escalation.Is UPI safe? What trackers run on payment apps.UPI privacy explained: payment safety, app tracking, fintech pages, advertising signals and what users should check.What is browser fingerprinting? How Indian websites identify you without cookies.Browser fingerprinting explained simply: device signals, identity resolution, tracking without cookies and privacy risk.DPDP penalties: what happens if a company breaks the law.DPDP penalties and fines explained simply for Indian companies and users, including why evidence and readiness matter.India mein aapke privacy rights kya hain (DPDP explained in Hindi)Hindi-English simple guide to privacy rights in India: data access, correction, deletion, consent and complaint basics.What is LiveRamp? The tool that connects your browsing to your real name.LiveRamp and identity resolution explained: how browsing can connect to real-world identity and why it matters.What is Google Tag Manager? The tool that loads other trackers.Google Tag Manager explained simply: how one tool can load many trackers on an Indian website, what it can collect, and why it matters for privacy.What is Google Analytics 4? What it knows about your visit.Google Analytics 4 explained for normal users: what GA4 measures on Indian websites, what data it can collect, and how it affects your privacy.What is Hotjar? The tool that watches how you use a page.Hotjar explained simply: heatmaps, recordings and surveys on Indian websites, what behaviour it can capture, and the privacy questions to ask.What is FullStory? Deep session replay on Indian websites.FullStory explained for users: detailed session replay and behaviour capture on Indian sites, what it can record, and the privacy concerns to check.What is Criteo? The ad tool that brings products back to you.Criteo explained simply: how retargeting ads follow you after browsing Indian shopping sites, what data is shared, and how to limit it.What is Taboola? The "content you may like" tracker.Taboola explained for users: those "recommended for you" boxes on Indian news sites, what data they may use, and how to think about the privacy risk.What is Xandr? The ad exchange behind the ads you see.Xandr explained simply: how ad exchanges auction your attention on Indian websites, what data may be shared, and what users can do about it.What is MoEngage? The tool behind those app notifications.MoEngage explained for users: how engagement tools power push notifications and messages on Indian apps, what data they use, and the privacy questions.What is WebEngage? Marketing automation that profiles you.WebEngage explained simply: how marketing-automation tools track behaviour to send Indian users targeted messages, and what privacy choices you have.What is CleverTap? The app analytics and messaging engine.CleverTap explained for users: how analytics and messaging tools profile app behaviour in India to send targeted nudges, and what you can control.Razorpay checkout: what a payment gateway can see.A plain-English look at payment-gateway privacy in India using Razorpay checkout: what data passes through, what is shared, and what to check.Cashfree checkout: what your payment flow reveals.Cashfree checkout privacy explained: what a payment-gateway flow can collect from Indian shoppers, what is shared, and the questions worth asking.Why do ads follow me after I visit a website?Why the same product keeps appearing in ads after you browse, how retargeting and pixels work in India, and how to make ads stop following you.How do websites already know my email address?Why a site seems to know your email before you type it, how email matching and identity tools work in India, and how to limit it.Why do online forms always ask for your phone number?Why Indian websites and apps push for your phone number, how it becomes an identity and marketing key, and when you can safely skip it.What is consent fatigue? Why you click "Accept" without reading.Consent fatigue explained: why endless cookie banners make Indian users click Accept blindly, why that is a problem, and how to take back control.What to do if a company ignores your data request.A practical guide for Indian users when a company ignores your data access or deletion request: how to follow up, escalate and keep evidence.How to screenshot privacy evidence the right way.How Indian users can capture solid privacy evidence: which screenshots to take, what details to include, and how to keep proof that holds up.How to complain about unwanted marketing messages.How to stop and complain about unwanted marketing calls, SMS and emails in India, including DND, unsubscribe rights and keeping proof.How to stop personalised ads on your phone and browser.A practical guide for Indian users to reduce personalised ads: the settings to change on Android, iPhone, Google and your browser, step by step.What is a data fiduciary under DPDP? Explained simply.Data fiduciary explained in plain English: who counts as one under India DPDP Act, what duties they have, and what it means for your personal data.What is a data principal? Your role under DPDP.Data principal explained simply: what the DPDP term means for you as an Indian user, the rights it gives you, and how to use them.What is a consent manager under DPDP?Consent manager explained simply: what this DPDP role is meant to do, how it could help Indian users manage consent, and what to watch for.
Based on a real investigation.
These guides are backed by our investigation of 107 Indian company websites. We signed up, read privacy policies, captured trackers, and sent data-rights emails.
Read the full report