1. INTRODUCTION & OVERVIEW
Welcome to Kalinga Vriti — India's dedicated social media platform for Classical Performing Arts, Culture, and Heritage. Kalinga Vriti is owned and operated by Qyrex Technologies Pvt Ltd, a company incorporated under the Companies Act, 2013 in India (hereinafter referred to as 'Kalinga Vriti', 'we', 'our', or 'the Company').
We are deeply committed to protecting the privacy, dignity, and personal data of every individual who interacts with our platform — be they artists, learners, cultural institutions, sponsors, event organisers, or casual visitors. This Privacy Policy explains what personal data we collect, how we process and safeguard it, and the rights you have over your personal information.
This Privacy Policy has been drafted in compliance with:
The Digital Personal Data Protection Act, 2023 (DPDP Act) and the Digital Personal Data Protection Rules, 2025 (DPDP Rules) notified by the Ministry of Electronics and Information Technology (MeitY) on 14 November 2025;
The Information Technology Act, 2000, including Section 43A and Section 72A;
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules);
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Intermediary Rules);
Any other applicable laws, regulations, and guidelines issued by competent authorities in India from time to time.
2. DEFINITIONS
For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below:
'Platform': The Kalinga Vriti website (www.kalingavriti.com), mobile application, APIs, and all associated digital services operated by Qyrex Technologies Pvt Ltd.
'Personal Data': Any data about an individual who is identifiable by or in relation to such data, as defined under Section 2(t) of the DPDP Act, 2023.
'Sensitive Personal Data or Information (SPDI)': Includes passwords, financial information, physical/mental health conditions, biometric data, sexual orientation, medical records, and similar information as defined under the IT SPDI Rules, 2011.
'Data Fiduciary': Qyrex Technologies Pvt Ltd (Kalinga Vriti), which alone or in conjunction with others determines the purpose and means of processing personal data.
'Data Principal': The individual to whom the personal data relates — i.e., any User of the Platform.
'Data Processor': Any entity that processes personal data on behalf of the Data Fiduciary in accordance with its instructions.
'Processing': Any automated or manual operation performed on personal data, including collection, recording, organisation, storage, use, disclosure, transmission, combination, restriction, erasure, or destruction.
'Consent': A free, specific, informed, unconditional, and unambiguous indication of the Data Principal's agreement to the processing of their personal data for a specified purpose.
'User' or 'You': Any person (artist, learner, institution, sponsor, event organiser, or visitor) who accesses or uses the Platform.
'Artist / Creator': Any individual or institution who uploads, publishes, performs, or monetises cultural content on the Platform.
'Data Protection Board': The Data Protection Board of India established under Section 18 of the DPDP Act, 2023.
'DPO': The Data Protection Officer appointed by the Company.
'Breach': Any unauthorised or accidental compromise of the confidentiality, integrity, or availability of personal data.
3. SCOPE AND APPLICABILITY
This Privacy Policy applies to:
All Users who access or use the Platform from within the territory of India.
All Users outside India who access the Platform in connection with goods or services offered to individuals in India.
Artists, learners, cultural institutions, event organisers, sponsors, advertisers, and any other stakeholder who provides personal data to Kalinga Vriti.
This Privacy Policy does not apply to:
Personal data processed by an individual for purely personal or domestic purposes.
Data that the Data Principal has themselves made publicly available.
4. PERSONAL DATA WE COLLECT
In accordance with the principle of data minimisation under the DPDP Act, we collect only such personal data as is necessary for the specific purposes described herein.
4.1 Registration and Profile Data
Full name, display name / stage name
Email address and mobile number
Date of birth (to verify age and eligibility)
Profile photograph and biography
Profession / category (artist, learner, institution, sponsor)
State / city of residence
Classical art form(s), tradition(s), and Guru-Shishya lineage (optional, provided by the User)
4.2 Identity Verification Data (KYC)
Government-issued identity documents for verified artist accounts (e.g., Aadhaar, PAN — stored in encrypted form) — collected only where mandatory for monetisation or parental consent verification.
Bank account details and UPI information for monetisation payouts.
4.3 Content and Activity Data
Videos, audio recordings, photographs, articles, and other creative content uploaded by Users.
Comments, reviews, likes, shares, and other interactions on the Platform.
Event creation, ticketing, and registration information.
Course enrollment and learning progress data.
Sponsorship applications and partnership proposals.
4.4 Device and Technical Data
IP address, device type, operating system, and browser type.
Unique device identifiers and advertising identifiers.
Log files, session data, and crash reports.
Geolocation data (with explicit consent, used to personalise regional cultural content).
4.5 Communications Data
Messages sent through the Platform's internal messaging system.
Support requests and correspondence with our team.
Survey responses and feedback.
4.6 Payment and Transaction Data
Transaction records for subscriptions, ticket purchases, merchandise, digital downloads, and course fees.
Payment gateway metadata. We do not store full card numbers; payments are processed by PCI-DSS compliant third-party gateways.
4.7 Data from Third Parties
Public social media profile information (where a User links their account via OAuth).
Information from government databases used for verifiable parental consent (via DigiLocker or equivalent).
Sponsor or advertiser company information provided during onboarding.
5. PURPOSE OF PROCESSING PERSONAL DATA
We process personal data only for the specific, lawful purposes described below and will not process your data for any purpose incompatible with those stated at the time of collection.
5.1 Platform Account Creation and Management: Creating, maintaining, and personalising your User account; authenticating your identity; enabling platform features.
5.2 Content Discovery and Cultural Curation: Personalising your feed based on art form preferences, location, and engagement history to surface relevant Indian classical arts content.
5.3 Artist and Creator Monetisation: Processing payments for subscriptions, ticketing, merchandise, digital content sales, and course fees; facilitating Guru-Shishya networking for teaching engagements.
5.4 Event Management and Ticketing: Creating, promoting, and managing cultural events; processing registrations and entry verifications.
5.5 Sponsorship and CSR Matching: Connecting artists and cultural institutions with corporate sponsors and CSR funders; managing sponsorship proposals and agreements.
5.6 Advertising and Targeted Promotions: Displaying culturally relevant advertisements; measuring ad performance (subject to your consent for targeted advertising).
5.7 Copyright and IP Protection: Recording content ownership metadata; supporting copyright registration, takedown processes, and royalty management.
5.8 Customer Support and Grievance Redressal: Responding to inquiries, resolving disputes, and addressing complaints in accordance with applicable law.
5.9 Safety, Security, and Fraud Prevention: Detecting and preventing fraud, abuse, or illegal activity; ensuring platform security and integrity.
5.10 Legal Compliance: Complying with applicable Indian laws, court orders, government requests, and regulatory obligations.
5.11 Research, Analytics, and Platform Improvement: Conducting internal analytics to improve features and user experience (data is aggregated and anonymised where possible).
5.12 Communication and Notifications: Sending transactional notifications (e.g., event reminders, payment confirmations) and, where consented, promotional communications.
6. LEGAL BASIS FOR PROCESSING
Under the DPDP Act, 2023, we process personal data on the following legal bases:
Consent (Section 4 & 6, DPDP Act): The primary basis for most processing activities. You provide consent through clear affirmative action at the time of registration or before each specific purpose.
Legitimate Uses (Section 7, DPDP Act): Processing necessary for provision of services, performance of legal obligations, compliance with court orders, medical emergencies, employment-related purposes, and safeguarding public interest.
Legal Obligation: Where processing is required to comply with applicable laws, regulations, or orders from competent authorities.
Contractual Necessity: Processing necessary to perform a contract to which you are a party (e.g., processing payment data to complete a subscription purchase).
7. CONSENT — HOW WE OBTAIN AND MANAGE IT
7.1 How We Obtain Consent
In compliance with Section 5 of the DPDP Act and the DPDP Rules, 2025, we provide a separate, standalone consent notice — written in clear and plain language — before or at the time of collecting your personal data. This notice specifies:
The categories of personal data being collected.
The specific purpose(s) for which it will be processed.
How you can exercise your rights under the DPDP Act.
How to lodge a complaint with the Data Protection Board of India.
Contact details of our Data Protection Officer.
Consent is obtained through clear affirmative action — such as checking a box or clicking 'I Agree'. Consent shall not be bundled with unrelated services or made a condition for accessing features for which it is not necessary.
7.2 Withdrawal of Consent
You have the right to withdraw your consent at any time. Withdrawing consent shall be as simple and easy as giving it. You may withdraw consent by:
Accessing Account Settings → Privacy → Manage Consents on the Platform.
Sending a request to info@kalingavriti.in, Kalingavriti@gmail.com.
Emailing info@kalingavriti.in, Kalingavriti@gmail.com with the subject line 'Consent Withdrawal'.
Upon withdrawal, we will cease processing your personal data for the relevant purpose without undue delay. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal, nor processing based on legitimate uses or legal obligations.
7.3 Consent for Marketing Communications
We will send promotional emails, push notifications, or SMS messages only with your explicit consent. You may opt out at any time by clicking 'Unsubscribe' in our emails or updating notification preferences in your account settings.
8. PROCESSING OF CHILDREN'S PERSONAL DATA
Kalinga Vriti recognises the importance of protecting the privacy of minors. The Platform is primarily intended for Users aged 18 years and above. However, given the nature of classical performing arts, we acknowledge that young learners (individuals under 18 years of age) may wish to participate in classes, performances, and cultural events facilitated through the Platform.
In strict compliance with Section 9 of the DPDP Act, 2023 and the DPDP Rules, 2025:
We will NOT process the personal data of any individual below the age of 18 without verifiable consent from a parent or legal guardian.
Parental/guardian identity and age shall be verified using reliable and government-backed mechanisms, such as DigiLocker or equivalent, as mandated by the DPDP Rules.
We will NOT engage in behavioural monitoring, profiling, or targeted advertising directed at minors.
We will NOT process children's data in a manner detrimental to their wellbeing.
We implement reasonable technical and organisational measures to prevent minors from falsely misrepresenting their age.
Parents or guardians may withdraw consent for their child's data processing at any time, and we will delete the child's data within the timelines specified in Section 12.
9. HOW WE USE YOUR PERSONAL DATA
We use your personal data exclusively for the purposes described in Section 5. More specifically:
9.1 Platform Personalisation
We use your art form preferences, location, viewing history, and interaction data to personalise your content feed, event recommendations, and cultural discovery experience — always in alignment with India's classical arts traditions.
9.2 Creator Tools and Monetisation
For Artists and Creators, we use your data to manage your creator dashboard and process revenue from subscriptions, ticket sales, digital downloads, merchandise, and direct support features (e.g., 'Guru Dakshina'). Payment data is processed by our PCI-DSS compliant payment gateway partners.
9.3 Cultural Event Management
Event registration data is used to process tickets, send event reminders, and provide entry verification. This data is shared with event organisers only to the extent necessary for event management.
9.4 Sponsorship and CSR Matching
Artist and institutional profile data may be shared with potential sponsors or CSR funders only after obtaining explicit consent and within the scope of an active sponsorship matching feature.
9.5 Analytics
We conduct internal analytics using aggregated and anonymised data to understand Platform usage trends, improve features, and support cultural impact reporting. Individual user data is not shared externally for analytics purposes without consent.
10. SHARING AND DISCLOSURE OF PERSONAL DATA
We do not sell, rent, or trade your personal data. We share personal data only in the following limited circumstances:
10.1 Service Providers and Data Processors: We share data with trusted third-party service providers (data processors) — including cloud hosting (AWS), payment gateways, email delivery, analytics, and identity verification. These processors are contractually bound to process data only on our instructions, in compliance with applicable law, and with adequate security safeguards.
10.2 Event Organisers: Where you register for an event, your registration details (name, contact, ticket info) are shared with the relevant event organiser solely for managing the event.
10.3 Sponsors and Partners: We share relevant creator/artist profile information with sponsors or CSR partners only after your explicit consent and within the defined scope of our Sponsorship Matching feature.
10.4 Legal Obligations and Law Enforcement: We may disclose your personal data to law enforcement, government authorities, courts, or other competent bodies when required by applicable law, legal process, or court order.
10.5 Protection of Rights and Safety: We may disclose data to protect the rights, property, or safety of Kalinga Vriti, its Users, or the public — including to prevent fraud, illegal activity, or violations of our Terms of Service.
10.6 Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction, subject to the incoming entity undertaking equivalent privacy protections.
10.7 Aggregated and Anonymised Data: We may share aggregated, anonymised, or de-identified information (which does not identify you personally) with research institutions, cultural bodies, or government agencies for cultural impact reporting or policy advocacy.
11. CROSS-BORDER DATA TRANSFERS
Kalinga Vriti is an India-first platform. Our primary data hosting infrastructure is located within India (AWS Mumbai Region). However, some third-party service providers (such as certain analytics, security, or payment services) may process data outside India.
In accordance with Section 16 of the DPDP Act, 2023, we will transfer personal data outside India only to countries notified by the Central Government as permitting such transfer, and subject to contractual safeguards ensuring data protection standards equivalent to those applicable in India.
Where cross-border transfers occur, we will:
Notify you of the jurisdictions to which your data may be transferred.
Ensure adequate contractual, technical, and organisational safeguards are in place.
Comply with any data localisation directions issued by the Central Government for specific categories of data.
12. DATA RETENTION AND ERASURE
12.1 Retention Periods
We retain personal data only for as long as necessary to fulfil the specific purposes for which it was collected, or as required by applicable law. Our general retention periods are:
Active Account Data: Retained for the duration of your active account plus 3 (three) years following account closure or your last interaction with the Platform, in line with DPDP Rules 2025 for special classes of data fiduciaries.
Financial and Transaction Data: Retained for 8 (eight) years as required under applicable Indian tax and accounting laws.
KYC / Identity Verification Data: Retained for the period required by applicable law.
Backup and Archival Data: Subject to secure deletion schedules not exceeding 90 days post-expiry of the primary retention period.
Content Uploaded by Users: Retained as long as the account is active; deleted within 30 days of account closure unless required by law or subject to an ongoing legal proceeding.
Support and Grievance Records: Retained for 3 years after resolution.
12.2 Erasure and the Right to be Forgotten
Upon the expiry of the retention period, or upon your valid request for erasure (subject to legal exceptions), we will securely delete or anonymise your personal data in a manner that makes re-identification impossible.
We will notify you at least 48 hours before the scheduled erasure of your data, as required under the DPDP Rules, 2025, so that you may take any necessary action.
13. SECURITY SAFEGUARDS
Qyrex Technologies Pvt Ltd has implemented comprehensive technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, in compliance with Section 8(5) of the DPDP Act and the IT SPDI Rules, 2011.
13.1 Technical Measures
AES-256 encryption for data at rest; TLS 1.2 or higher for data in transit.
Multi-Factor Authentication (MFA) for all admin and creator accounts.
Role-based access control (RBAC) ensuring only authorised personnel can access personal data.
Regular penetration testing and vulnerability assessments.
Intrusion detection and security monitoring systems.
Regular automated backups with geographic redundancy within India.
13.2 Organisational Measures
Annual information security training for all employees and contractors.
Strict vendor due diligence and contractual data processing agreements with all third-party processors.
Data minimisation and need-to-know access principles applied across the organisation.
Internal incident response and escalation procedures.
13.3 Data Breach Notification
In the event of a personal data breach, we will:
Notify the Data Protection Board of India without undue delay, and submit a detailed report within 72 hours of becoming aware of the breach, as required under the DPDP Rules.
Notify all affected Data Principals promptly, in clear and plain language, describing the nature of the breach, the data affected, likely consequences, and steps taken or proposed to mitigate harm.
14. YOUR RIGHTS AS A DATA PRINCIPAL
Under the DPDP Act, 2023, you have the following rights in respect of your personal data processed by Kalinga Vriti:
14.1 Right to Access Information (Section 11, DPDP Act): You have the right to obtain a summary of: (a) the personal data being processed; (b) the processing activities undertaken; and (c) the identities of all other Data Fiduciaries and Data Processors with whom the data has been shared. Requests may be submitted via Account Settings → Privacy or by writing to our DPO.
14.2 Right to Correction and Erasure (Section 12, DPDP Act): You have the right to: (a) correct inaccurate or misleading personal data; (b) update incomplete personal data; and (c) request erasure of personal data where it is no longer necessary for the specified purpose, or where you withdraw consent with no other legal basis for processing. We will process such requests within 30 days.
14.3 Right to Withdraw Consent: As described in Section 7.2, you may withdraw consent for data processing at any time, as easily as you gave it.
14.4 Right to Grievance Redressal (Section 13, DPDP Act): You have the right to a readily available means of grievance redressal for acts or omissions of Kalinga Vriti regarding your personal data. All grievances must be acknowledged and resolved within 90 days of receipt. See Section 15 for details.
14.5 Right to Nominate (Section 12, DPDP Act): You have the right to nominate any other individual who shall, in the event of your death or incapacity, exercise your rights under the DPDP Act on your behalf. Nomination can be made through Account Settings.
14.6 Right to Complain to the Data Protection Board: If your grievance is not satisfactorily resolved by Kalinga Vriti, you have the right to lodge a complaint with the Data Protection Board of India (www.dpboard.gov.in).
15. GRIEVANCE REDRESSAL
15.1 Grievance Officer
In compliance with Rule 3(2) of the IT Intermediary Guidelines, 2021, we have designated a Grievance Officer whose contact details are:
Email: info@kalingavriti.in, Kalingavriti@gmail.com
15.2 Grievance Process
Step 1 — Submit Grievance: Lodge your complaint in writing to grievance@kalingavriti.com or through the 'Report an Issue' feature on the Platform.
Step 2 — Acknowledgement: We will acknowledge receipt of your grievance within 24 hours.
Step 3 — Resolution: We will resolve the grievance and communicate the outcome within 90 days of receipt, as required under the DPDP Act.
Step 4 — Escalation: If your grievance remains unresolved or you are dissatisfied, you may escalate to the Data Protection Board of India.
16. COOKIES AND TRACKING TECHNOLOGIES
16.1 Types of Cookies We Use
Kalinga Vriti uses cookies and similar tracking technologies to improve user experience, ensure platform security, and — with your consent — to personalise content and measure advertising effectiveness.
Strictly Necessary Cookies: Essential for the Platform to function (e.g., session authentication, security). These cannot be disabled.
Functional Cookies: Remember your preferences (e.g., language, art form preferences). Can be disabled.
Analytics Cookies: Collect anonymised data about how Users interact with the Platform. Enabled only with your consent.
Advertising / Marketing Cookies: Track your interests to show relevant cultural content and advertisements. Enabled only with your explicit consent.
16.2 Managing Cookie Preferences
You may manage your cookie preferences at any time via the 'Cookie Settings' option in the footer of our website or in App Settings. Disabling certain cookies may affect Platform functionality.
17. COPYRIGHT AND INTELLECTUAL PROPERTY
Kalinga Vriti is built to honour and protect India's classical arts heritage. We respect the intellectual property rights of all Creators.
By uploading content to the Platform, you grant Kalinga Vriti a limited, non-exclusive, royalty-free licence to host, display, stream, and promote the content on the Platform as necessary to provide the service. You retain all underlying ownership and intellectual property rights in your content.
We implement copyright protection measures including: content fingerprinting, Digital Rights Management (DRM) tools for premium content, DMCA/copyright-compliant takedown mechanisms, and metadata-based ownership records.
If you believe that any content on the Platform infringes your copyright or intellectual property rights, please notify us at info@kalingavriti.in, Kalingavriti@gmail.com with sufficient details to identify the work and the alleged infringement.
18. THIRD-PARTY LINKS AND PLATFORMS
The Platform may contain links to third-party websites, social media platforms, payment gateways, or external content. This Privacy Policy does not apply to third-party platforms. We encourage you to review the privacy policies of any third-party platform you visit through links on Kalinga Vriti. We are not responsible for the privacy practices or content of third-party websites.
Where you choose to connect your Kalinga Vriti account with a third-party platform (e.g., YouTube, Instagram) via OAuth or API integration, you authorise the sharing of data as described at the time of connection. You may revoke third-party access at any time through Account Settings → Connected Accounts.
19. CHANGES TO THIS PRIVACY POLICY
We reserve the right to update, amend, or revise this Privacy Policy at any time to reflect changes in applicable law, our processing practices, or the features of the Platform. Any material changes will be notified to you:
By prominent notice on the Platform (website and mobile app) at least 30 days before the changes take effect.
By email notification to your registered email address for material changes affecting your rights.
Through a revised 'Last Updated' date at the top of this Privacy Policy.
Your continued use of the Platform after the effective date of any revised Privacy Policy constitutes your acceptance of the revised terms. If you do not agree, you may close your account and request erasure of your data.
20. GOVERNING LAW AND JURISDICTION
This Privacy Policy and any dispute arising from it shall be governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and their subordinate rules and regulations.
Subject to the jurisdiction of the Data Protection Board of India for matters arising under the DPDP Act, any dispute relating to this Privacy Policy that is not resolved through the Grievance Redressal process shall be subject to the exclusive jurisdiction of the courts at Kolkata, West Bengal, India.
21. CONTACT INFORMATION
For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us:
General Contact: info@kalingavriti.in, Kalingavriti@gmail.com
Postal Address: Qyrex Technologies Pvt Ltd, Suelpur, Motiganj, Balasore, Odisha – 756001
This Privacy Policy is issued by Qyrex Technologies Pvt Ltd (Kalinga Vriti) and is effective as of 22 June 2026. It supersedes all prior privacy statements of Qyrex Technologies Pvt Ltd. This document has been prepared in compliance with the Digital Personal Data Protection Act, 2023, the DPDP Rules, 2025, the Information Technology Act, 2000, and all applicable Indian laws. Kalinga Vriti is committed to the responsible, ethical, and lawful processing of personal data in service of India's classical performing arts community.