Platform Owned and operated by The Sanskriti Vinimaya Inc.
PRIVACY POLICY
- Last Updated:
- May 14, 2026
- Effective Date:
- May 14, 2026
- Jurisdiction:
- Bengaluru, Karnataka, India
1. SCOPE
This Privacy Policy (“Policy”) sets forth the manner in which Sanskriti Vinimaya Inc. (hereinafter referred to as the “Company”, “we”, “us”, or “our”), in its capacity as a Data Fiduciary, collects, processes, stores, uses, discloses, and otherwise handles personal data of individuals (“you” or “Data Principal”) who access, register on, or use the Sanskriti OTT Platform, including its website, applications, and allied digital interfaces (collectively, the “Platform”). This Policy is framed in accordance with and in compliance with the provisions of the Digital Personal Data Protection Act, 2023, and shall apply to all digital personal data processed by the Company within the territory of India as well as to such processing carried out outside India in connection with offering goods or services to Data Principals within India. By accessing or using the Platform, you acknowledge that you have read, understood, and consented to the terms of this Policy.
2. ROLE AND CAPACITY OF THE COMPANY
The Company acts as a “Data Fiduciary” within the meaning of the Digital Personal Data Protection Act, 2023, and determines the purpose and means of processing personal data collected through the Platform. All processing activities undertaken by the Company shall be in furtherance of lawful purposes connected with the provision of its services and shall be carried out in a fair, reasonable, and transparent manner consistent with applicable law.
3. NOTICE AND COLLECTION OF PERSONAL DATA
At or prior to the collection of personal data, the Company provides a notice to the Data Principal specifying the categories of personal data sought to be collected, the purposes for which such data is to be processed, the manner in which the Data Principal may exercise their rights, and the procedure for grievance redressal. The personal data collected by the Company may include, but is not limited to, identity and contact information such as name, email address, and mobile number; account-related information including login credentials and user preferences; transactional information relating to subscriptions and billing records; usage data such as viewing history, search queries, and interaction patterns; and technical data including IP address, device identifiers, browser type, and operating system. Such data is collected only to the extent necessary for lawful purposes connected with the functioning of the Platform and shall not be excessive in relation to the stated purposes.
4. PURPOSE LIMITATION AND USE OF DATA
The Company shall collect, process, store, use, and otherwise handle personal data of the Data Principal strictly for specific, clear, and lawful purposes that are directly connected with and necessary for the provision, operation, improvement, and protection of the Platform and its services, including, without limitation, (i) enabling and administering user registration, account creation, identity verification, and secure authentication mechanisms; (ii) providing, maintaining, and facilitating access to digital content, subscription-based offerings, and all ancillary or related services made available on the Platform; (iii) customising, tailoring, and enhancing user experience through lawful personalisation, including content recommendations, interface optimisation, and service efficiency improvements based on user interactions and preferences; (iv) processing payments, managing billing cycles, and facilitating financial transactions through duly authorised and compliant third-party payment intermediaries, without the Company storing sensitive financial credentials; (v) providing customer support, handling user queries, complaints, and requests, and enabling effective grievance redressal mechanisms; (vi) monitoring, detecting, investigating, mitigating, and preventing fraudulent, unauthorised, unlawful, or abusive activities, including breaches of the Platform’s terms or security incidents; (vii) ensuring compliance with applicable laws, rules, regulations, judicial or governmental orders, and lawful enforcement requirements; and (viii) carrying out such other activities as are incidental, ancillary, or reasonably necessary to the foregoing purposes.
The Company expressly represents, warrants, and undertakes that personal data shall be processed in a manner that is lawful, fair, reasonable, proportionate, and limited to what is necessary in relation to the purposes for which such data is collected, and shall not, under any circumstances, be processed for any purpose that is incompatible with, excessive in relation to, or beyond the scope of the purposes expressly specified in the notice provided to the Data Principal at the time of collection, except where such processing is otherwise permitted, required, or authorised under applicable law. The Company further undertakes that any subsequent or additional purpose of processing shall be preceded by the provision of a fresh or updated notice and, where required, the obtaining of valid consent from the Data Principal in accordance with applicable legal requirements.
5. CONSENT AND WITHDRAWAL
Processing of personal data by the Company shall be undertaken strictly on the basis of valid consent obtained from the Data Principal in accordance with the requirements of the Digital Personal Data Protection Act, 2023, and such consent shall, at all times, be free, specific, informed, unconditional, and unambiguous, and shall be signified through a clear, affirmative action that demonstrates a conscious and deliberate agreement to the processing of personal data for defined purposes. The Company shall ensure that, at or prior to obtaining such consent, the Data Principal is provided with a clear and comprehensive notice specifying the nature of personal data sought to be collected, the precise purposes of processing, the manner in which such data will be used, and the rights available to the Data Principal under applicable law, including the right to withdraw consent and seek grievance redressal. Consent shall not be inferred from silence, pre-ticked boxes, inactivity, or any form of implied conduct, and the Company shall maintain auditable records evidencing the capture, scope, and validity of such consent.
The Company may obtain consent through structured and transparent user interface mechanisms, including but not limited to registration interfaces, consent declarations, opt-in checkboxes, layered privacy notices, and device or application-level permission prompts, each of which shall be designed to ensure that the Data Principal is capable of understanding the implications of granting such consent. Where the processing of personal data involves multiple distinct purposes, the Company shall obtain granular and purpose-specific consent, ensuring that the Data Principal has the ability to independently agree to or decline each category of processing. Without prejudice to the generality of the foregoing, separate and explicit consent shall be obtained, where applicable, for activities such as the receipt of marketing or promotional communications, profiling or targeted advertising, the use of cookies or tracking technologies beyond those strictly necessary for the functioning of the Platform, and the collection or processing of precise or device-level location data.
The Data Principal shall have the right to withdraw consent, in whole or in part, at any time, and such withdrawal shall be as easy and accessible as the mechanism through which consent was originally provided, including through account settings, in-application controls, communication preferences, or by submitting a request to the designated Grievance Officer. Upon receipt of a valid withdrawal request, the Company shall, within a reasonable period and in accordance with applicable law, cease processing the personal data to the extent such processing is based on the withdrawn consent, unless such processing is otherwise permitted or required under law. The Company acknowledges and undertakes that the withdrawal of consent shall operate prospectively and shall not render unlawful any processing of personal data that was carried out prior to such withdrawal in reliance on validly obtained consent. Further, the Company may, where necessary, inform the Data Principal of the consequences of withdrawal of consent, including any limitation or discontinuation of services that are contingent upon such processing, provided that such consequences are proportionate and directly related to the withdrawn consent.
6. PROCESSING FOR LEGITIMATE USES
Notwithstanding the requirement of consent, the Company may process personal data without obtaining consent where such processing is permitted under the Digital Personal Data Protection Act, 2023, including for purposes of compliance with any judgment, decree, or order issued under law, performance of legal obligations, enforcement of legal rights or claims, prevention and detection of fraud or unlawful activities, and responding to medical emergencies or threats to life or safety.
7. RIGHTS OF THE DATA PRINCIPAL
The Data Principal shall have the right to obtain from the Company confirmation as to whether personal data pertaining to them is being processed and to access such data, to seek correction or completion of inaccurate or incomplete personal data, and to request erasure of personal data that is no longer necessary for the purpose for which it was processed. The Data Principal shall further have the right to seek grievance redressal in accordance with the procedure set out herein and to nominate another individual to exercise such rights in the event of death or incapacity. The Company shall respond to such requests within the timelines prescribed under applicable law, subject to verification of identity and such other conditions as may be required.
8. CHILDREN’S DATA
The Company does not knowingly collect, solicit, or otherwise process personal data of individuals who have not attained the age of eighteen (18) years, except in strict compliance with applicable law and only upon obtaining prior, verifiable, and demonstrable consent from a parent or lawful guardian, as may be required under the Digital Personal Data Protection Act, 2023. The Company shall implement reasonable and appropriate mechanisms, including age-gating measures and consent verification processes, to ensure that such parental or guardian consent is authentic, informed, and capable of being audited, and shall take all necessary steps to prevent the inadvertent collection or processing of children’s personal data in the absence of such consent. In the event that the Company becomes aware that personal data of a child has been collected or processed without the requisite parental or guardian consent, the Company shall take prompt and appropriate measures to delete such data or otherwise bring the processing into compliance with applicable legal requirements.
Without prejudice to the foregoing, the Company expressly undertakes that it shall not undertake, facilitate, or permit any form of processing of personal data relating to children that is likely to cause harm, detriment, or adverse impact to the well-being of such children, and in particular shall refrain from engaging in behavioural tracking, profiling, targeted advertising, or any automated processing activities directed at children, whether directly or indirectly. The Company shall further ensure that any services accessible to children are designed and operated in a manner that upholds the principles of data minimisation, purpose limitation, and heightened protection, and that such processing, where permitted, remains strictly limited to what is necessary for the provision of the service and in the best interests of the child, in full compliance with applicable legal and regulatory standards.
9. DISCLOSURE AND DATA PROCESSORS
The Company may disclose personal data to third-party service providers engaged as data processors for the purposes of hosting infrastructure, payment processing, analytics, customer support, and other operational requirements, provided that such processors are bound by appropriate contractual obligations to ensure confidentiality, security, and compliance with applicable data protection laws. The Company may also disclose personal data to governmental authorities, courts, or regulatory bodies where required by law, or in connection with corporate transactions such as mergers, acquisitions, or restructuring, subject to adequate safeguards.
10. CROSS-BORDER TRANSFER
Personal data may be transferred to and processed in jurisdictions outside India only in accordance with the provisions of applicable law and subject to such restrictions or conditions as may be notified by the Central Government under the Digital Personal Data Protection Act, 2023. The Company shall ensure that such transfers are undertaken with appropriate safeguards to protect the rights of the Data Principal.
11. DATA RETENTION AND ERASURE
The Company shall retain personal data only for as long as is necessary to fulfil the purposes for which it was collected or as may be required under applicable law. Upon satisfaction of such purposes, or upon withdrawal of consent where applicable, the Company shall erase or anonymise personal data in a secure manner, unless retention is necessary for compliance with legal obligations or enforcement of legal rights.
12. SECURITY SAFEGUARDS
The Company shall implement reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction, including but not limited to encryption, access controls, and periodic security assessments. While the Company endeavours to maintain a high standard of data security, it does not warrant absolute protection against all possible threats.
13. PERSONAL DATA BREACH
In the event of a personal data breach, the Company shall take appropriate remedial measures and, where required under applicable law, notify the relevant regulatory authorities and affected Data Principals in a timely manner, in accordance with statutory requirements.
14. GRIEVANCE REDRESSAL
The Company has designated a Grievance Officer to address concerns or complaints relating to the processing of personal data. The details of the Grievance Officer are as follows:
Sandeep Kumar
Sanskriti Vinimaya Inc.
Email: contact@sanskriti.live
All grievances shall be acknowledged and resolved within the timelines prescribed under applicable law.
15. AMENDMENTS
The Company reserves the right to amend or update this Policy from time to time to reflect changes in legal, regulatory, or operational requirements. Any such amendments shall be effective upon publication on the Platform, and continued use of the Platform shall constitute acceptance of the revised Policy.
16. GOVERNING LAW AND JURISDICTION
This Policy shall be governed by and construed in accordance with the laws of India, and any disputes arising in relation hereto shall be subject to the exclusive jurisdiction of the courts at Bengaluru.
17. CONTACT INFORMATION
For any queries, clarifications, or requests relating to this Policy or the processing of personal data, you may contact:
The Sanskriti Vinimaya Inc.
Registered Address: 651 N Broad St, Suite 201, Middletown, 19709, Delaware
Email: contact@sanskriti.live
