Privacy Policy

How Dharte collects, uses, and protects the personal information you share with us.

About this policy

This Privacy Policy explains how DHARTE LLP (referred to as "Dharte", "we", "us") collects, uses, discloses, and safeguards the personal information of visitors, members, promoters, and businesses on dharte.com. As an Indian company registered in Mumbai, Maharashtra, Dharte publishes this policy in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011. For visitors in the EU/UK, we also honour the relevant rights under the GDPR / UK GDPR (see "Visitors in the EU / UK" below).

Under the DPDP Act, DHARTE LLP is the "Data Fiduciary" that determines the purpose and means of processing your personal data, and you are the "Data Principal" whose data we process. Where a Dharte member (seller) collects your data to fulfil an order you place with them, that member is an independent Data Fiduciary for their own dealings; Dharte processes order data as a facilitator of the transaction.

Dharte is a marketplace where verified members — across 12 categories (Practitioners, Facilitators, Service Providers, Brands, Hospitals, Wellness Centres, Factories, Institutes, Artists, Venues, Influencers, Shops) — sell or offer four kinds of listings: Products, Services, Subscriptions and Events. This policy applies to both buyers (visitors purchasing listings) and members (sellers operating profiles).

By using dharte.com or registering as a Dharte member, you consent to the practices described in this policy.

Information we collect — directly

We collect the personal information you submit through our membership application forms, payment forms, contact forms, and event registrations. This includes:

  • Identity & contact: full name, email address, phone number, country, city.
  • Membership details: membership tier (Standard / Premium), member category (one of 12: Practitioner, Facilitator, Service Provider, Brand, Hospital, Wellness Centre, Factory, Institute, Artist, Venue, Influencer, Shop), and business details for Premium applicants (legal name, GST/CIN, sector, website).
  • Listing data: any Products, Services, Subscriptions or Events you publish on your member profile, including images, descriptions, prices and inventory.
  • Promoter payout information: bank account details and KYC documents (PAN, Aadhaar where required) for promoters receiving commission payouts in INR; equivalent KYC details for cross-border payouts in GBP or USD.
  • Profile content: bio, photo, story submissions, testimonials, and any text or images you submit to your member profile.
  • Survey and competition responses, and messages you send through our contact and support channels.

Information we collect — automatically

When you visit dharte.com we and our infrastructure providers automatically collect certain technical information:

  • Device and browser information: device type, operating system, browser version.
  • Network information: IP address, approximate geolocation derived from IP, referrer URL.
  • Usage data: pages visited, time on page, click paths, search queries.
  • Cookies and similar tracking technologies (see "Cookies" below).

How we use your information

We use the information we collect to:

  • Provide platform access and customer service to members.
  • Evaluate Premium Membership applications via KYB verification.
  • Send membership confirmations, Zoom links for networking calls, course access details, and event reminders.
  • Process payments and pay out promoter commissions.
  • Improve the platform, fix bugs, and prevent fraud, abuse, and security incidents.
  • Run analytics, measure traffic, and personalise the experience.
  • Reply to support requests, surveys, and feedback.
  • Send occasional updates and the Dharte newsletter (you may unsubscribe at any time).

We do not sell your personal data.

Your consent & the lawful basis for processing

Under the DPDP Act 2023, we process your personal data only on a lawful basis. For most processing that basis is your consent, which we ask for through a clear affirmative action — submitting a form, ticking a box, completing a purchase, or registering an account. Consistent with Section 6 of the DPDP Act, the consent you give is free, specific, informed, unconditional and unambiguous, and is limited to the personal data necessary for the stated purpose.

Some processing relies on the DPDP Act's "certain legitimate uses" rather than consent — for example, fulfilling a transaction you voluntarily started, meeting a legal or regulatory obligation (tax, accounting, anti-fraud), or responding to your support request.

At or before the point of collection we give you a plain-language notice describing the personal data we collect, the purpose, and how you can exercise your rights or complain. You may withdraw your consent at any time — and we make withdrawal as easy as giving it (one-click unsubscribe on every email, or a request to the Grievance Officer below). Withdrawing consent does not affect processing already carried out, and we will stop the relevant processing unless another lawful basis requires us to retain the data.

We follow the DPDP principles of purpose limitation (we use data only for the purpose notified), data minimisation (we collect only what we need), and accuracy (we keep data current and correct it on request).

Sharing & disclosure

We share personal information only as follows:

  • Payment processors — Dharte routes payments through four PCI-DSS compliant gateways. PayU (primary INR) and Stripe (primary international) handle the bulk of transactions. CCAvenue (fallback INR) and PayPal (fallback international) take over for restricted-category listings or when the primary processor declines. Each gateway handles card data directly under its own privacy policy; Dharte never sees or stores your full card number.
  • Other Dharte members — where you opt in (e.g., listing your business in the Opportunities listing, appearing in the Promoter listing, posting on circles), the relevant fields you have chosen to publish become visible to other certified members.
  • Service providers — Netlify (hosting, forms, and our managed Postgres database that stores members, orders, messages and user accounts), Google Workspace (email), Google Identity Services (the "Continue with Google" sign-in flow on /login), and analytics and email-delivery vendors who process data on our behalf under confidentiality obligations.
  • Affiliated entities — Dharte's regional partners and subsidiaries operating under the Dharte brand, on a need-to-know basis.
  • Government & regulators — where required by Indian law, court order, or legitimate request from a law-enforcement agency.
  • Business transfer — in connection with a merger, acquisition, or sale of all or part of DHARTE LLP, your information may be transferred to the acquiring entity, subject to this Privacy Policy.

Sign-in & authentication

Dharte offers two sign-in methods on /login:

  • Continue with Google — uses Google Identity Services. Google verifies your email address and returns a signed ID token containing your email, name and profile picture. We store the email + name in your Dharte account record; the ID token is kept in your browser only while you're signed in. Google's privacy policy governs the Google-side handling.
  • Email + password — your password is salt-hashed with SHA-256 in your browser before storage; the plaintext password is never transmitted to or stored by Dharte servers.

New signups trigger a confirmation email to the user and an internal notification to the Dharte admin team (Megha, Mansi and Tarun). Subsequent sign-ins are tracked for security but do not generate notifications. All outbound email is sent from megha@dharte.net via Gmail SMTP for reliable delivery.

How form submissions and orders are recorded

When you submit a form on Dharte (contact, membership application, member enquiry, event RSVP, etc.) or complete a paid transaction, the record is captured into the Dharte administration database (Netlify-hosted Postgres) so the team can follow up, fulfil and report on it. A copy of the same event is also stored as an audit blob and is included in the daily activity digest sent to the admin team. We do not use this data for retargeting advertising and do not share it with third parties outside the service-provider list above.

You may request the export or deletion of these records at any time via the Grievance Officer below.

International transfers

Dharte operates internationally and uses service providers based outside India (such as Netlify, Stripe, and Google). When your data is transferred outside India for processing, we rely on the contractual and security safeguards offered by these providers. By using Dharte you consent to such transfers.

Cookies

Dharte uses essential cookies only — for the form anti-spam protection (Netlify honeypot), basic analytics, and your currency-toggle preference (USD / INR / GBP). We do not run third-party advertising trackers or behavioural-retargeting cookies on dharte.com.

Data retention

We retain your personal information for as long as your Dharte membership is active, plus the additional period required by Indian tax, accounting, and audit law (typically 8 years for financial records). After this period, we either delete the data or anonymise it for aggregate analytics.

Your rights as a Data Principal

The DPDP Act 2023 gives you the following rights over your personal data, and we honour them:

  • Right to access — obtain a summary of the personal data we process about you and the processing activities we carry out.
  • Right to correction & updating — have inaccurate, incomplete, or out-of-date data corrected, completed, or updated.
  • Right to erasure — have your personal data deleted once it is no longer needed for the purpose it was collected, subject to the legal-retention requirements above.
  • Right to withdraw consent — at any time, as easily as you gave it.
  • Right to data portability — receive a copy of the data you submitted to us in a usable form.
  • Right to grievance redressal — a readily available means of raising any complaint about our handling of your data with our Grievance Officer (below), who will respond within the timelines stated.
  • Right to nominate — nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, email the Grievance Officer below. We acknowledge requests within 24 hours and respond within 15 days. We may ask you to verify your identity before acting on a request, to protect your data from unauthorised access. You are responsible for providing accurate information and for not making false or frivolous requests, as required by Section 15 of the DPDP Act.

If you are not satisfied with our response, you may escalate to the Data Protection Board of India (the authority established under the DPDP Act).

Security

As a Data Fiduciary we apply reasonable security safeguards as required by Section 8 of the DPDP Act 2023 and the IT (Reasonable Security Practices) Rules 2011 to protect personal data — TLS encryption in transit, secure hosting (Netlify), access controls on member data, hashed passwords, and PCI-DSS-compliant third-party payment processing. No system is 100% secure; please notify us immediately if you suspect unauthorised access to your account.

Personal data breach

In the event of a personal data breach, Dharte will act promptly to contain and remediate it. In line with the DPDP Act 2023, we will notify the Data Protection Board of India and each affected Data Principal of the breach in the manner and within the timelines prescribed by law, including the nature of the breach and the steps you can take to protect yourself. We maintain internal records of breaches and our response for accountability.

Cookies & tracking

Dharte uses cookies (small data files stored in your browser) and similar local-storage technology for the following purposes:

  • Strictly necessary — keep checkout, login, currency selection and the cookies-consent state working. Cannot be switched off.
  • Functional — remember your preferences (currency, language, cart contents) for a smoother return visit.
  • Analytics (optional) — anonymous traffic measurement to improve the site. Loaded only after your "Accept all" consent on the cookies banner.
  • Payment-processor cookies — Stripe sets its own cookies on the checkout page for fraud prevention and 3-D Secure flow. These are essential to processing your payment.
  • Crypto wallet connections — when you choose "Pay with Crypto" on a Stripe checkout, the wallet handshake (MetaMask, WalletConnect, Coinbase Wallet) happens directly between your browser and Stripe. Dharte never receives, stores or logs your wallet address, private keys, seed phrase, on-chain transaction hash or any other virtual-digital-asset data. Stripe converts the crypto to fiat at checkout and Dharte only sees the resulting fiat payment record.

The first time you visit Dharte you'll see a consent banner with two buttons: Accept all (enables all categories) or Reject optional (only strictly-necessary). You can change your choice anytime by clearing your browser's site data for dharte.com.

For visitors in the EU/UK we comply with the GDPR and ePrivacy Directive: optional cookies are opt-in and never set before consent. You may also exercise your GDPR rights (access, correction, deletion, portability, objection) by emailing the Grievance Officer below.

Children

Dharte is intended for adults and is not directed to children under 18 years of age. Consistent with Section 9 of the DPDP Act 2023, we do not knowingly process the personal data of a child without the verifiable consent of a parent or legal guardian, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a minor has submitted personal data to Dharte, please contact the Grievance Officer below and we will delete it promptly.

Visitors in the EU / UK

Although Dharte is governed by Indian law, where you access the site from the EU or UK we additionally honour your rights under the GDPR / UK GDPR — including access, rectification, erasure, restriction, portability, and objection — and we treat consent for optional cookies as opt-in. To exercise these rights, contact the Grievance Officer below. Any transfer of your data to India is made on the basis of your consent and the contractual and security safeguards described in "International transfers" above.

Changes to this policy

We may update this Privacy Policy occasionally. The latest version will always be published on this page, with the effective date shown below. Material changes will be communicated by email to active members.

Grievance officer & contact

In accordance with the Digital Personal Data Protection Act 2023, the Information Technology Act 2000, and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, the Grievance Officer and the contact for data-protection matters at Dharte is:

  • Name: Megha Dubey
  • Email: megha@dharte.in
  • Phone: +91 9699990069
  • Address: DHARTE LLP, B6, Beach Resort Society, 14 Bungalows Complex, Madh Island, Mumbai 400061, India

We acknowledge data-protection grievances within 24 hours and aim to resolve them within 15 days. If you remain dissatisfied, you may escalate to the Data Protection Board of India under the DPDP Act 2023. For general support and privacy queries, you can also reach us at megha@dharte.net.

Last updated: 31 May 2026