What we collect, why, and how to delete it

What we collect

As a worker who signs up:

• Your phone number (10 digits + +91 country code).
• Your name, gender, year of birth, city, and pincode — extracted from your Aadhaar card via OCR.
• Your cropped face photo — taken from the top-left of your Aadhaar card and resized to 200×200 pixels.
• The work types (roles) you select.
• Your preferred language.
• If you grant browser permission: your approximate latitude and longitude.

As an employer who unlocks a contact:

• Your phone number (10 digits + +91 country code).
• Your pincode (when you search).
• Your preferred language.
• The IDs of workers whose contact you unlocked.

What we do NOT collect

• Your 12-digit Aadhaar number. The OCR endpoint is explicitly instructed not to return it; a regex safety net also strips any 12-digit number from the OCR response before anything is saved.
• Your full date of birth — only the year.
• Your full street address — only city, state, and pincode.
• Your VID, QR code data, or photo metadata from the Aadhaar card.
• Behavioural tracking cookies. We use Vercel Analytics, which is cookieless.
• Information about your browsing outside of sewakarmi.com.

How long we keep it

For active accounts: as long as your account is active. For deleted accounts: hidden from search immediately, all personal data purged from our database within 30 days. The hard purge runs automatically via a daily cron job.

How to delete your data (DPDP Act 2023)

Visit /me/delete, type "DELETE" to confirm, and your profile is hidden instantly. The 30-day hard purge follows.

How to download your data (DPDP Act 2023)

While logged in, visit /api/me/export. You'll get a JSON file containing every row we hold about you across the platform.

Aadhaar handling, in detail

When you take a photo of your Aadhaar card, the image is uploaded over HTTPS, held in server memory only, sent directly to Google Gemini for OCR, and discarded immediately after. The image is never written to disk on our servers. Only the cropped face region (a 200×200 JPEG taken from the top-left of your card) is saved to Supabase Storage as your profile photo. The rest of the card image — including the Aadhaar number — is gone within seconds.

Our OCR endpoint also runs a regex over the response to strip any 12-digit number that the model might leak by mistake. If the stripper triggers, we reject the response entirely rather than store partially-cleaned data.

Third-party processors

sewakarmi runs on the following services. Each receives only the data it needs to do its job.

• Supabase — database, auth, storage. Hosts your profile data and cropped face photo.
• Vercel — hosting + analytics (cookieless). Sees your IP for the duration of a request.
• Google Gemini — Aadhaar card OCR. Sees the card image in memory; no persistence by us.
• MSG91 — SMS for OTP delivery. Sees your phone number to deliver the OTP.
• Resend — transactional email (when wired up). Sees your email if you provide it via the contact form.

Children's data

sewakarmi is intended for adults aged 18+. We do not knowingly accept signups from minors. If you believe a worker profile belongs to a minor, please report it.

Your rights under the DPDP Act 2023

Right to access (data export), right to correction (contact us until the in-app editor ships), right to erasure (one-click delete at /me/delete), right to grievance redressal (contact form).

Contact for privacy concerns

Reach out via the contact form. We respond within one working day.