Legal & governance
Privacy Policy
How Thasmai Trust collects, uses, and protects your personal data. Last updated: 1 May 2026
1. Who we are
Thasmai Charitable Trust (“Thasmai”, “we”, “us”) is a public charitable trust registered in Telangana, India. This policy explains how we handle personal data collected through our website at thasmai.org.in, our programmes, and our communications.
Contact: thasmai.org.in/about/contact. Data-protection enquiries may be directed to the same address, marked “Privacy”.
2. What data we collect
- Website usage data — pages visited, referrer, browser/device type, approximate location (country/city). Collected via our analytics tool (consent-gated). IP addresses are anonymised.
- Programme registration — name, email, phone number, payment details (processed by a PCI-compliant gateway; we do not store card numbers). PAN numbers for 80G receipts are encrypted at rest.
- Donations — name, email, address, PAN (required for 80G receipts). FCRA records include nationality for international donors.
- Newsletter — email address, optional name, communication preferences. Subscription is double opt-in.
- Contact forms — name, email, the message you send.
- Cookies — see section 6.
3. Why we use it
- To deliver programmes you have registered for and send you relevant communications.
- To issue 80G and FCRA receipts as required by Indian law.
- To send newsletters you have opted into.
- To respond to enquiries sent through the website.
- To improve the website (anonymised analytics only, with consent).
- To comply with legal obligations (Income Tax Act, FCRA, DPDP Act 2023).
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
4. Legal basis
We process data under: (a) your consent (newsletter, analytics cookies); (b) contractual necessity (programme delivery); (c) legal obligation (tax receipts, FCRA records); (d) legitimate interest (security, fraud prevention, website operation). You may withdraw consent at any time without affecting prior processing.
5. Retention
- Programme and donation records: 8 years (Income Tax / FCRA compliance).
- Newsletter subscribers: until you unsubscribe, then 30 days before permanent deletion.
- Contact form messages: 2 years, then deleted.
- Anonymised analytics data: up to 26 months.
6. Cookies
We use strictly necessary cookies (session, CSRF protection) without consent. Analytics and personalisation cookies require your explicit consent via the banner shown on first visit. You can change your preferences at any time by clicking the “Cookie settings” link in the footer.
7. Your rights
Under the DPDP Act 2023 and, where applicable, GDPR, you have the right to: access your data, correct inaccuracies, request deletion, object to processing, and request a portable copy. Submit requests at thasmai.org.in/about/contact. We aim to respond within 30 days. Tax and FCRA records may be exempt from deletion requests.
8. Security
We apply encryption in transit (TLS 1.2+), encryption at rest for sensitive fields, access controls, and regular security reviews. No internet transmission is 100% secure; please do not send highly sensitive information through contact forms.
9. Third-party services
We use Razorpay (payment processing), Cloudflare (CDN and DDoS protection), and optionally Plausible Analytics (privacy-respecting, no cross-site tracking). Each operates under its own privacy policy. We do not use Google Analytics or Meta Pixel without your explicit consent.
10. Changes to this policy
We will post updates on this page with a revised date. Material changes will be notified to newsletter subscribers.