Legal

Privacy Policy

Effective: May 2026 · Governed by India's Digital Personal Data Protection Act, 2023

Quick summary

We collect your phone, name, blood group, city, and pincode to match you with donation requests.
Your phone number is shared with a requestor only when you accept their request.
We do not sell your data to anyone.
Your data stays with us until you delete your account.
You can delete your account and all your data at any time from your profile.

1. Who we are

BloodKonnect India (bloodkonnect.in) is a free blood donor matching platform operated by Amritesh Shrivastava. We plan to register as a Trust or NGO. We are based in India and serve Indian users only.

We are not a blood bank, hospital, or medical service. We connect people. That is all.

2. What data we collect and why

Phone number

Your account identifier and the number people call you on to coordinate a donation. You sign in with a password or your Google account; we only send a one-time code by SMS if you use the optional code-based sign-in. Required.

Google account (if you use “Continue with Google”)

When you sign in with Google, we receive your name, email address, and Google account ID to create and secure your account. This is governed by Google's own privacy policy.

Name

Shown to requestors when you accept their request, so they know who to expect. Required.

Blood group

The core matching signal. We only notify you about requests compatible with your blood group. Required for donors.

City + Pincode

We match donors to requests in the same geographic zone. Required for donors.

Date of birth

Collected from May 2026 onwards to verify you are 18 or older, as required by Indian law for blood donors. Not collected from requestors. Not editable after registration.

Email address

Optional. You can add one, or it comes from your Google account if you sign in with Google. Used for account-related contact and the contact form. We do not send marketing email.

Push notification token

Stored only if you allow push notifications in your browser or device. Used to send real-time blood request alerts. You can revoke this any time from your browser or device settings.

Donation history

We track which requests you were notified about, which you accepted, when you last donated, and when you are next eligible. This stops the platform from alerting you during your post-donation rest period (90 days for whole blood).

Stored for account security.

3. What we do not collect

Your GPS location or real-time location. We use only the pincode you provide at registration.
Health records, medical history, or diagnosis information
Government ID (Aadhaar, PAN, passport)
Payment or financial information. The platform is completely free.
Data from anyone under 18. Registration is blocked for users below 18.

4. When your phone number gets shared

Read this before you accept a request. When you accept a blood request, your name and phone number are shown to the requestor as a "Call donor" button. This is how blood donations are coordinated. You are shown a consent screen before you accept.

Requestors cannot see your phone number before you accept. Once you accept, the requestor can call you directly. If you withdraw your acceptance, your contact details are no longer visible to the requestor.

Your phone number is never shown publicly on any donor listing or the "Find Donor" page.

5. Third-party services we use

We use the following services to run BloodKonnect. Each receives only the minimum data needed for its job.

Supabase (Supabase Inc., USA — servers in Mumbai, India)

Our database. Stores all account data, donation records, and request history. Data is hosted in the ap-south-1 (Mumbai) region.

Vercel (Vercel Inc., USA)

Hosts the web application. Vercel keeps standard access logs (IP address, browser type, page visited) per their own privacy policy.

Google (Google LLC, USA)

Authenticates you when you choose “Continue with Google”. Google receives the sign-in request and returns your basic profile (name, email, Google account ID). Governed by Google's privacy policy.

2Factor.in (India)

Delivers a one-time sign-in code by SMS only when you use the optional code-based login fallback.

MSG91 (India)

Will deliver blood request alert SMS to donors when a matching request is posted. Not yet active. We will update this once DLT registration is complete.

Resend (USA)

Delivers the email we receive when you submit the contact form. Your message, name, and email address are passed to Resend for delivery.

Sentry (Functional Software Inc., USA)

Receives crash reports when the app hits an error. These contain browser/OS type and error stack traces. They do not include your blood group, phone number, or health information.

Some of these services are based in the United States. Under India's DPDP Act 2023, the rules for cross-border data transfers have not yet been fully notified by the Central Government. We will update this once that happens.

6. Data retention

We keep your data for as long as your account exists. We do not automatically delete inactive accounts.

When you delete your account from your profile page, your personal data is permanently deleted. This cannot be undone. Some anonymized aggregate data (such as total donations by city) may be kept for platform analytics and will not be linked back to you.

7. Security

All communication between your browser and BloodKonnect is encrypted using HTTPS/TLS. Your data is stored on Supabase's infrastructure, which uses AES-256 encryption at rest.

One-time sign-in codes are valid for 10 minutes, single-use, and locked after 5 failed attempts. Passwords are hashed with bcrypt and never stored in plaintext.

8. Your rights under the DPDP Act 2023

As an Indian resident, you have these rights over your personal data:

Right to access: view all data we hold about you from your profile page.
Right to correction: edit your name, city, and pincode in your profile at any time. Blood group changes require contacting us to prevent misuse.
Right to erasure: delete your account and all your data from the profile page.
Right to withdraw consent: mark yourself as unavailable, disable push notifications, or stop using the platform at any time.
Right to grievance redressal: raise a complaint with our Grievance Officer (Section 10).

To use any of these rights, use the in-app options or contact our Grievance Officer directly.

9. Cookies

We use a single session cookie to keep you logged in. We do not use advertising cookies, tracking pixels, or analytics cookies. We do not use Google Analytics or any similar service.

10. Grievance Officer

Under the DPDP Act 2023, you can raise a grievance with us. We will acknowledge your complaint within 48 hours and resolve it within 30 days.

Grievance Officer

Amritesh Shrivastava

BloodKonnect India

Email: bloodkonnect@gmail.com

11. Changes to this policy

If we make significant changes to this policy, like collecting new types of data or adding new third-party services, we will show an in-app notice before the change takes effect. Using the platform after that date means you accept the updated policy.