Home Events Post Event Saved Events Search Why FestNest Profile
🛡️ DPDP Act 2023 Compliant

Privacy Policy

How FestNest collects, uses, and protects your personal data — written clearly for students and organizers across India.

📅 Last Updated: 6 April 2026
⚖️ Jurisdiction: India
🇮🇳 DPDP Act 2023
🔒 Your Data is Safe

01 Introduction

Welcome to FestNest, ("we", "us", "our"). FestNest is India's centralized campus event discovery platform, connecting students with hackathons, cultural fests, workshops, sports events, and more — and giving organizers powerful tools to reach participants at scale.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you hold under the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws.

ℹ️ Who This Applies To

This Policy applies to all visitors and registered users of FestNest — including students, event organizers, and administrators — whether you access the platform via our website or any future mobile application.

By creating an account or using FestNest in any way, you confirm that you have read this Policy and consent to the data practices described here. If you disagree, please do not create an account.

02 Information We Collect

We apply strict data minimization — we only collect what is genuinely needed to provide FestNest's services.

2.1 Account & Profile Data

Students provide: full name, email address, college/university name, course/branch, year of study, and optionally a phone number and profile photo.

Organizers provide: organization or college name, department/branch, city, contact email, contact phone number, and optionally an organization photo.

2.2 Event & Content Data

  • Event details submitted by organizers: title, description, category, date, venue, prize information, registration fee, and contact details.
  • Event poster images and brochure PDFs uploaded via Cloudinary.
  • Events you save (bookmark) as a student.
  • Registration interest actions you take on the platform.

2.3 Technical & Usage Data (Auto-collected)

  • IP address and approximate location (city/region level only).
  • Browser type, device type, and operating system.
  • Pages visited, features accessed, and search queries entered.
  • Session duration and error logs for platform stability.

2.4 Authentication Data

Authentication is handled by Firebase Authentication (Google LLC). We receive a Firebase user ID, email address, and session tokens. We never store your raw password. JWT tokens generated by our backend are stored in your browser's localStorage for session management.

2.5 Cookies & Local Storage

FestNest uses browser localStorage to maintain your login session and preferences. We do not use third-party advertising cookies or tracking pixels. You may clear local storage through your browser settings, which will log you out.

03 How We Use Your Data

🔐 Authentication & Accounts

Creating and securing your account, managing login sessions, verifying your identity, and enabling account recovery.

🎉 Event Operations

Processing organizer event submissions, routing them through admin review, publishing approved events to the public feed, and enabling student discovery and registration.

📁 File Management

Storing and serving event poster images and brochures uploaded by organizers via Cloudinary.

📧 Platform Communications

Sending transactional emails (account confirmation, event approval status, password reset) and important platform announcements relevant to your use of FestNest.

🛡️ Safety & Trust

Reviewing flagged content, preventing fraudulent or abusive activity, and maintaining a safe, trustworthy community for students across India.

📊 Analytics & Improvement

Understanding aggregate usage patterns to improve features and fix issues. We use anonymized, aggregated data — never individual profiles — for this purpose.

🚫 What We Never Do

We do not sell your personal data. We do not share it with advertisers. We do not use it for profiling unrelated to FestNest's core features. We do not transfer it outside India without adequate safeguards.

04 Legal Basis for Processing (DPDP Act)

Under the Digital Personal Data Protection Act, 2023, we process your personal data on the following lawful grounds:

Consent (§ 6) Your explicit, informed consent given at registration when you accept this Policy. You may withdraw at any time.
Contractual Necessity Processing necessary to deliver the service you signed up for — account creation, event publishing, and registration workflows.
Legitimate Interests Limited usage and security data processing to prevent abuse and maintain platform stability, balanced against your privacy rights.
Legal Obligation (§ 7(b)) We may retain or disclose data when required by applicable Indian law, court orders, or competent regulatory authorities.

05 Consent & Withdrawal

Consent on FestNest is free, specific, informed, and unambiguous — as required by Section 6 of the DPDP Act.

  • At registration, you are presented with this Privacy Policy and must affirmatively accept it. This constitutes your explicit consent.
  • If we introduce new data uses not covered here, we will seek fresh consent before proceeding.
  • You may withdraw consent at any time by submitting an account deletion request to support@festnest.in. We will action it within 30 days.
  • Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Upon deletion, your personal data will be permanently purged from our systems within 30 days, except where retention is required by law.

06 Third-Party Services & Data Sharing

We share personal data only with the following service providers, strictly for the purposes stated, under contractual data processing agreements:

ServicePurposePolicy
Firebase (Google)User authentication, session management, sign-in flowsView ↗
CloudinaryHosting and serving event poster images and PDF brochuresView ↗
MongoDB AtlasCloud database for user profiles, events, saved listsView ↗
Email (SMTP)Transactional emails — account confirmation, event status
⚖️ Government & Legal Disclosures

We may disclose personal data to Indian government authorities or courts when legally required. Where legally permitted, we will notify you of such disclosures.

07 Data Retention

We retain personal data only as long as necessary to provide the service and meet our legal obligations:

Active account data
Deleted on account deletion request.
Lifetime of account
Event submission data
For dispute resolution and historical integrity.
2 years post event
Authentication & session logs
Security monitoring and abuse detection.
90 days
Data after deletion request
Then permanently and irreversibly purged.
30 days
Anonymized analytics
Contains no personal identifiers whatsoever.
Indefinite
Legally mandated data
Minimum data necessary for statutory compliance.
As required by law

08 Your Rights Under the DPDP Act 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you hold the following enforceable rights. We are committed to honoring them within legally mandated timeframes.

📬 How to Exercise Any Right

Email support@festnest.in with subject "Data Rights Request — [Right Type]". We respond within 30 days. We may verify your identity first.

§ 12(a)
Right to Access
Request a copy of all personal data we hold — your profile, saved events, authentication records, and any other data linked to your account.
§ 12(b)
Right to Correction
If any data we hold is inaccurate, outdated, or incomplete, you can request correction. Most profile fields are directly editable in your account settings.
§ 13
Right to Erasure
Request permanent deletion of your personal data and account. We process this within 30 days. Publicly listed event data may be anonymized where required for platform integrity.
§ 6(4)
Right to Withdraw Consent
Withdraw the consent you gave at registration, at any time without penalty. Withdrawal does not affect prior processing. Request via account deletion or direct email.
§ 23
Right to Grievance Redressal
Raise a formal complaint with our Grievance Officer if you believe your rights have been violated. If unresolved, you may escalate to the Data Protection Board of India.
§ 14
Right to Nominate
Nominate a trusted individual to exercise your data rights on your behalf in the event of your death or legal incapacity, as provided under Section 14 of the DPDP Act.

09 Data Security

  • All data in transit is encrypted via TLS 1.2+ (HTTPS). Never transmitted over plain HTTP.
  • Passwords are hashed with bcrypt using a high cost factor. We never store plain-text passwords.
  • Authentication uses signed JWT tokens with defined expiry, stored in browser localStorage.
  • Firebase Authentication handles sign-in sessions using Google's hardened security infrastructure.
  • Production database access is restricted to authorized personnel with role-based access control.
  • File uploads are stored in Cloudinary with signed access controls preventing unauthorized retrieval.
  • Admin accounts have separate role-based access — admin capabilities cannot be accessed by student or organizer accounts.
🔔 Breach Notification

If we become aware of a security breach that materially compromises your personal data, we will notify affected users promptly via registered email and take immediate containment steps, per DPDP Act obligations.

10 Children's Privacy

FestNest is designed exclusively for college students and event organizers. Our platform is not intended for anyone under the age of 18.

Under Section 9 of the DPDP Act, processing children's personal data requires verifiable parental consent. We do not knowingly collect data from persons under 18. If we discover a minor has registered without parental consent, we will immediately delete that account and all associated data.

Parents or guardians who believe a minor has created a FestNest account should contact support@festnest.in for prompt resolution.

11 Policy Updates

  • The "Last Updated" date at the top of this page reflects the most recent revision.
  • For material changes that affect how we process your data or your rights, we will notify you via email at least 14 days before they take effect.
  • For minor changes (clarifications, typographical corrections), we will update the page and notify you on your next login.
  • Continued use of FestNest after an updated Policy takes effect constitutes acceptance. If you disagree, you may request account deletion before the effective date.

12 Contact & Grievance Redressal

General Privacy Queries
support@festnest.in
Questions about this Policy, your data, or how we handle information.
Grievance Officer
grievance@festnest.in
Formal complaints under the DPDP Act. We acknowledge within 48 hours and resolve within 30 days.

Company: FestNest
Governing Law: Laws of India · Jurisdiction: Courts of India

If you remain unsatisfied after engaging our Grievance Officer, you may escalate your complaint to the Data Protection Board of India once constituted under the DPDP Act, 2023.

FestNest Last updated: 6 April 2026