⚠️ DISCLAIMER: This is an independent news website and is NOT an official government or ministry portal.

Privacy Policy

What personal information we collect, why we collect it, who we share it with, and the rights you have over it.

Last updated: 31 May 2026

Who we are

Ministry of Cyber Affairs (“we”, “us”, “our”) is an independent cyber news website. We are not a government or ministry portal — see our disclaimer for the full statement.

This policy explains what we do with information about visitors, readers, contact-form submitters, and verified publishers who use our editorial system.

Information we collect

We collect information in three ways:

  • Information you give us directly. When you send a message through our contact form, you give us your name, your email address, and the contents of your message. When you register as a publisher you give us your email address, a password (stored hashed by our identity provider), and an optional profile (pseudonym, designation, biography, profile image).
  • Information collected automatically. When you view an article we record an article-view event including the article ID, your IP address, an approximate location derived from that IP (country, state, city), your device category (desktop / mobile / tablet) and a truncated user-agent string. This event is used to measure readership and to detect abuse.
  • Cookies and similar technologies. See our cookie policy for the full list.

How we use it

  • To operate the site. Article-view logs are aggregated into anonymous metrics (top countries, total reads per article, device split). Identifiers are never used to build a profile of an individual reader.
  • To answer your messages. Contact-form submissions are routed to our editorial inbox and used only to respond to you.
  • To run the editorial system. Publisher accounts are used to authenticate publishers and to attribute articles to a pseudonym.
  • To investigate abuse. If we suspect spam or harmful activity we may use IP addresses and request logs to block the source.
  • To improve coverage. Aggregated, non-personal traffic data informs which topics we cover more often.

Third parties we share data with

We do not sell personal information. We rely on a small set of service providers to run the site:

  • Supabase — hosts the database that stores articles, publisher accounts, and event logs.
  • Google Cloud (Cloud Run + Cloud Storage) — serves the site and stores uploaded images.
  • Google (Gemini API) — powers article search and the on-page assistant. Only the wording of a search query is sent to Google; we do not attach reader identifiers.
  • Google Analytics — measures readership at the aggregate level.
  • Google AdSense (planned). Once advertising is live we and our advertising partners will use cookies to serve and measure ads. See the cookie policy for opt-out links.
  • Geo-IP providers (ip-api.com, freeipapi.com) — translate IP addresses into a country / state / city for aggregated readership statistics.

Data retention

Article-view event logs are retained as long as the article they relate to is published. Contact-form messages are retained until the matter is resolved or up to two years, whichever is sooner. Publisher account records are retained while the account is active; on deletion request the account row is removed and articles are reattributed to the editorial team handle.

Your rights

Under the Digital Personal Data Protection Act, 2023 (India) and equivalent laws in other jurisdictions you can ask us to:

  • Tell you what personal data we hold about you.
  • Correct inaccurate or incomplete personal data we hold about you.
  • Erase personal data we no longer need to keep (subject to legal obligations).
  • Stop processing your personal data for non-essential purposes.

To exercise any of these rights, send a request through our contact page with the subject line “Privacy request”. We respond within 30 days.

Children

This site is not directed to children under 18 and we do not knowingly collect personal information from them. If you believe a child has submitted personal information through our contact form or registered for a publisher account, please tell us through the contact page so we can remove it.

International transfers

Our infrastructure runs on Google Cloud and Supabase, which means personal data may be processed outside India in regions operated by these providers. Both providers maintain appropriate organisational and technical safeguards for the data they process on our behalf.

Security

We use HTTPS for all traffic, row-level access controls on our database, and short-lived authentication tokens for publishers. No system is perfectly secure; if you suspect a vulnerability, please report it through the contact page.

Changes to this policy

We update this policy when we change the way we handle personal data. The “Last updated” date at the top reflects the most recent revision. Material changes will be noted in a brief notice on the home page when they take effect.

Contact

Questions about this policy or about any data we hold about you should be sent through our contact page.