Privacy guide

How to file a privacy complaint in India.

How Indian users can start a privacy complaint: contact the company, preserve evidence, and understand DPDP escalation.

The simple answer

Start with the company. Send a clear request to the grievance or privacy contact and keep proof. A complaint is stronger when you can show what you asked, when you asked, and what happened next.

Under DPDP, users will have formal complaint routes as the framework becomes operational. But even before escalation, your evidence trail matters.

What to check

1
Save the privacy policy URL and date.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Screenshot the form, consent banner or message.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Send one clear request.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Keep delivery proof and replies.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

5
Write a short timeline.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

Complaints need receipts.

State of Privacy is built around evidence for this reason. A claim becomes stronger when it is tied to dates, screenshots, policy excerpts and observed behavior.

What to do next

1
Document before escalating.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Give the company a chance to respond.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Use formal channels when available and appropriate.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

Where do I file a privacy complaint?

Start with the company grievance or privacy contact. Formal DPDP complaint routes depend on notified procedures.

What evidence should I keep?

Keep screenshots, URLs, dates, emails, app screens and policy excerpts.

Can I complain about spam calls?

Yes, but also use telecom/TRAI routes for spam-call complaints because those systems are separate.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience