One India – Privacy Policy

Updated in May 2026

Scope and Applicability

One.in Digitech Media Private Limited ("We", "Us", "Our", "ODMPL") values the trust placed in us by the data subject ("you", "your", "user", "subscriber") and therefore, we assure that we follow the highest standards of privacy guidelines to protect the information shared by you with ODMPL to access the www.oneindia.com ("Platform").

This privacy policy describes the usage of information provided or collected by ODMPL (hereinafter referred to as the "We", "Us", "Our", "ODMPL"), which operates websites limited to delivery of information and content via any internet-connected device or otherwise (collectively the "Services"). We follow this Privacy Policy in accordance with applicable laws in the places where we operate. In some cases, we may provide additional data privacy notices specific to certain services or regions. Those terms are to be read in combination and are part and parcel of this policy.

This Policy applies to personal data collected through:

• The OneIndia website (www.oneindia.com) and all language sub-domains (hindi.oneindia.com, tamil.oneindia.com, kannada.oneindia.com, etc.)
• The OneIndia mobile application (Android and iOS)
• Third-party social logins (Google, Facebook, Apple)
• Email newsletters, push notifications, and WhatsApp channels operated by OneIndia
• Advertising interactions and analytics generated on the Platform
• Submissions of reader comments, letters, feedback, and corrections

This Policy does not apply to third-party websites or services accessible via links on our Platform.

1. User Consent

By using the Platform (for example, when you access or install the Platform, enter a contest or promotion, communicate with us), you agree to provide consent to our collection, use and sharing of your personal information as described in this policy. You hereby agree to give us full consent or on occasions, we may seek additional explicit consent; to access our services before proceeding for further operations.

If you are a traveler visiting various countries around the world and avail the Platform’s services, then we will determine your location using your IP address to determine the relevant ODMPL’s Services which should be offered to you. In the event IP detection fails, we will consider the last cached location as your current location to provide you with ODMPL services and the consents obtained at the time of registration in that location will be valid for processing of your personal information.

We use third-party service providers to help us determine your location to provide you with appropriate content and services on our Platform.

2. Information We Collect

'Personally Identifiable Information’ or ‘PII’ is defined as any information that identifies (whether directly or indirectly) to a particular individual or natural person, such as the individual’s name, postal address, email address, mobile number and any other specific identifier indicating that particular person. When anonymous information is directly or indirectly associated with personal information, the resulting information also is treated as personal information.

A. Data You Provide Directly

• Name, username, email address, mobile number, date of birth, gender, profile photograph
• Newsletter opt-ins, language selection, topic interests, notification preferences
• Reader comments, corrections submitted, letters to the editor, poll responses, feedback forms

B. Data Collected Automatically

• Device and Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, network operator
• Usage and Behavioural Data: Articles read, time on page, scroll depth, search queries, click patterns, session duration, content categories engaged
• Location Data: City-level approximate location inferred from IP address; GPS-level location only if you explicitly permit it on the mobile app
• Cookie and Tracking Data: Session cookies, persistent cookies, pixel tags, and local storage data

C. Data from Third Parties

• Social login identity data from Google, Facebook, or Apple when you use those sign-in options
• Demographic and interest segments from advertising technology partners for contextual and targeted advertising
• Aggregated audience measurement data from Comscore, Google Analytics, and similar services

D. Subscription, Transactional and Billing Information

When you choose any subscription or paid service of ODMPL, our payment gateway provider may collect your personal information such as:

• Address or billing information
• Credit/debit card number and expiration date etc.

The subscriptions or paid Services may be on auto renewal mode unless cancelled or in accordance with the applicable rules and regulations. If at any point you do not wish to auto- renew your subscription, you may cancel your subscription before the end of the subscription term or contact us on our support email [email protected]

In case of sharing or referring the subscription to another user then the personal information of the referrer will only be used for the purpose for which it has been shared by the referrer. Other than the purpose, we won’t provide or process the referral's personal information for analytics, direct marketing, etc. without prior consent provided by the referral to receive such services from us.

We may receive financial or transactional information (for e.g., transaction ID, order ID etc.) from third-party vendors in case of payments, for reconciliation and validation of transactions and also for the purpose of resolutions of complaints (in case of failed transactions and refunds).

OneIndia does not collect Sensitive Personal Data (as defined under SPDI Rules 2011) in the course of ordinary platform use. If any future feature requires SPDI collection, a separate explicit consent will be sought.

3. Purposes of Processing and Legal Basis

We process personal data on the basis of consent or legitimate use as permitted under the DPDP Act. The specific purposes are:

• Content Personalisation: Delivering news and content tailored to your language preferences, reading history, and topic interests
• Platform Operations: Managing user accounts, subscriptions, newsletters, and push notification services
• Analytics and Product Improvement: Measuring platform performance, A/B testing, debugging, and improving user experience
• Advertising: Displaying contextual and interest-based advertising. We do not sell your personal data to third parties for their independent marketing
• Legal and Regulatory Compliance:Responding to court orders, government requests, data protection inquiries, and statutory obligations
• Safety, Security, and Fraud Prevention:Detecting and preventing fraudulent accounts, abusive content, and system attacks
• Communication:Sending security alerts, service updates, and promotional communications (promotional only with your consent)
• Journalistic and Editorial Research: Aggregated, de-identified data may be used for editorial audience research and readership analysis
• Grievance and Complaint Handling: Processing content complaints and user grievances as mandated by IT Rules 2021
• SGI / AI Content Compliance: Maintaining records and labelling of synthetically generated information as required by IT Rules Amendment 2026

4. Cookies and Tracking Technologies

We use the following cookie categories on the Platform:

• Strictly Necessary Cookies: Required for Platform functionality (authentication, session management). Cannot be disabled
• Functional Cookies: Remember your preferences — language, font size, notification settings
• Performance / Analytics Cookies: Aggregate measurement of page performance and user behaviour (Google Analytics, Comscore)
• Advertising / Targeting Cookies: Enable relevant and contextual advertising; set by us and third-party ad partners

Your cookie preferences can be managed at any time through the Cookie Consent Manager in the website footer. Disabling non-essential cookies may affect certain Platform features.

We comply with the IT Rules 2021 requirements for cookie disclosure and user controls. Cookie consent is obtained through explicit opt-in for non-essential cookies.

5. What We Do Not Do

• We work with our corporate group and select third-party partners or business associates who help us provide, operate and improve our Services. We also share your information with CDNs, ISPs, Technology Partners, advertisers, and analytics providers.
• We do not sell, trade, or rent your personal information collected by us to third parties except as provided in this Policy. We may share generic aggregated demographic information not linked to any personal information regarding visitors and users with our business partners, contractors, affiliates and advertisers.
• We may be required by law or litigation to disclose personal information about the Users. We may also disclose information about the Users if ODMPL determines that for national security, law enforcement, or other issues of public importance that disclosure of information is necessary.
• We may disclose information if it is necessary to enforce the applicable terms of use of the Platform and/or is reasonably necessary to protect our rights and property or our officers, directors, shareholders, employees or agents.
• We reserve the right to transfer personal information of Users to another party as a result of business partnership, contractual engagement, merger, acquisition, or sale of all or a portion of our assets to another party, and under such a circumstance, the provisions of this Privacy Policy will continue to apply unless You are notified otherwise.

6. Sharing and Disclosure of Data

A. With Data Processors

We engage third-party service providers ('Data Processors') who process data on our behalf under written data processing agreements ensuring DPDP Act compliance:

• Cloud hosting and infrastructure providers
• Analytics providers (Google Analytics, Comscore)
• Advertising technology platforms and programmatic ad exchanges
• Email service providers for newsletter distribution
• Customer support and grievance management tools

B. With Legal and Regulatory Authorities

We disclose personal data to law enforcement, courts, the Data Protection Board of India, MeitY, MIB, or other government authorities when required by law, court order, or national security obligation. We notify affected users to the maximum extent legally permissible.

C. Business Transfers

In the event of a merger, acquisition, or asset sale, personal data may be transferred. We will notify users and, where permissible, offer the option to request deletion prior to transfer.

6. Your Rights

You are entitled to the following rights, exercisable by contacting [email protected]

Right to Access: Obtain a summary of personal data held about you and its processing purposes.

Right to Correction: Request correction of inaccurate, incomplete, or outdated personal data.

Right to Erasure:Request deletion of personal data where it is no longer necessary, or where you withdraw consent. Limitations apply where legal retention is mandated.

Right to Withdraw Consent:Withdraw previously granted consent at any time without affecting prior lawful processing.

Response Timeline: We will acknowledge requests within 3 business days and respond fully within 30 days (complex requests within 60 days with prior notification).

7. Data Retention

Certain technical and analytics partners operate outside India. We transfer personal data to the following countries/territories permissible under law:

• Account data: Duration of active account plus 3 years after deletion (unless earlier erasure is requested)
• Usage and analytics data: Anonymized or aggregated within 26 months; identifiable logs retained for 90 days.
• Advertising interaction data: Cookie/device identifiers reset every 12 months or upon consent withdrawal.
• Legal compliance and grievance records: As required by applicable Indian law (typically 7 years for financial records; IT Rules grievance records retained for at least 3 years)
• SGI / AI content compliance records: Retained for at least 3 years, in compliance with IT Rules Amendment 2026 audit obligations.

All transfers are protected through contractual safeguards equivalent to those under Indian law. We do not transfer personal data to countries not approved by the Central Government.

8. Data Security

In compliance with DPDP Rules 2025 and the SPDI Rules 2011, we implement::

• Encryption of personal data in transit (TLS 1.2+) and at rest (AES-256)
• Role-based access controls and least privilege access principles
• Multi-factor authentication for administrative access
• Access logging, monitoring, and anomaly detection
• Regular security audits, vulnerability assessments, and penetration testing
• Data backup and business continuity protocols
• Annual security awareness training for all personnel handling personal data

If in any case, a breach of data such as loss, alteration, unauthorized disclosure or access, personal data transmission, storage or otherwise processed happens, we will notify you immediately after we become aware of. ODMPL adopts reasonable and appropriate security practices and procedures and technical controls in order to safeguard your Personal Information.

9. Publisher Duties and Platform Obligations

OneIndia is a publisher of news and current affairs content' as defined under the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. As such, we are subject to the following legally mandated duties and have adopted them as governing standards:

A. Observance of Journalistic Norms and Code of Ethics

Under Rule 9 of the IT Rules 2021, OneIndia is required to observe and adhere to:

• The Norms of Journalistic Conduct issued by the Press Council of India under the Press Council Act, 1978, including standards of accuracy, fairness, impartiality, source protection, and correction of errors.
• The Programme Code under Section 5 of the Cable Television Networks (Regulation) Act, 1995 - which prohibits content that offends public decency, endangers national security, or promotes violence, communal hatred, or obscenity.
• All other applicable laws.

A breach of any law in the publication of content renders us liable under both the IT Rules and the law contravened

B. Content Standards and Prohibited Content

OneIndia shall not publish, transmit, or display any content that:

• Threatens the sovereignty and integrity of India, the security of the State, or friendly relations with foreign States
• Is likely to incite violence, communal disharmony, or public disorder
• Is obscene, pornographic, or indecent
• Contains defamatory, libellous, or malicious falsehoods about identifiable individuals
• Denigrates women or portrays them in a degrading or sexist manner
• Violates the privacy of individuals in a manner not justified by public interest
• Involves the use of children in a manner that is harmful, exploitative, or sexualising
• Is prohibited by any court order or statutory provision in force.

C. Duty to Disclose Use of Artificial Intelligence and Synthetically Generated Content

In compliance with the IT (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2026 (effective 20 February 2026) and pursuant to ongoing MeitY advisories dated January 2023, February 2023, and August 2025, OneIndia adopts the following AI content disclosure obligations:

• Definition of Synthetically Generated Information (SGI):
  As defined in the IT Rules Amendment 2026 (Rule 2(1)(wa)), 'synthetically generated information' means audio, visual, or audio-visual information which is artificially or algorithmically created, generated, modified or altered using a computer resource, in a manner that such information appears to be real, authentic or true and depicts or portrays any individual or event in a manner that is, or is likely to be perceived as, indistinguishable from a natural person or real-world event.
• Exclusions:
  The following are excluded from the SGI definition: (a) routine or good-faith editing that does not materially alter or misrepresent underlying content (e.g., basic colour correction, cropping, or accessibility text-to-speech); (b) content that is evidently artistic, satirical, or fictional in nature with appropriate disclosure.

OneIndia's AI Disclosure Obligations:

• Mandatory Labelling:
  All articles, video reports, images, audio clips, infographics, and multimedia content produced using AI tools or that constitute SGI must carry a clear, prominent, and visible label stating: 'AI-Assisted Content' or 'Synthetically Generated' (as appropriate), placed at the top of the article or adjacent to the content element
• Audio Disclosure: Audio content that is synthetically generated must include a clearly prefixed audio statement disclosing that the content was generated or modified using artificial intelligence
• Metadata and Unique Identifiers: To the extent technically feasible, all SGI published by OneIndia shall be embedded with permanent metadata and a unique identifier that enables traceability to the computer resource or AI system used to create or modify the content. This metadata shall not be modified, suppressed, or removed
• Editorial Review Obligation: No article, report, photograph, video, or infographic generated or substantially modified by an AI system shall be published without prior review and approval by a human editor who bears editorial responsibility for its accuracy and compliance
• Source and AI Tool Disclosure: Where AI-generated content is based on or incorporates news generated by wire services, syndicated sources, or third-party publishers, both the source and the AI processing shall be disclosed
• Distinction from Editorial Content: AI-generated sponsored content, brand stories, or native advertising shall be labelled both as AI-generated AND as advertising/sponsored content. The two labels are cumulative and neither discharges the obligation for the other
• Reader Corrections: Errors in AI-generated articles discovered post-publication shall be corrected within 24 hours with a dated correction notice. The original AI-generated version shall not be silently deleted without a correction disclosure
• Deepfakes and Synthetic Media: OneIndia shall not publish or share deepfake audio, video, or images depicting real individuals in fabricated situations or statements unless clearly and prominently labelled as synthetic/AI-generated satire or parody, and even then only where there is no reasonable risk of deception or defamation. Deepfakes used to spread misinformation about political figures, judicial proceedings, national security, or public health shall not be published under any circumstances
• AI Elections Content:
  In compliance with Election Commission of India advisories, OneIndia shall not use SGI to create or disseminate content depicting political leaders making statements they have not made, during any election period or at any other time, without explicit disclosure

Failure to label SGI or to maintain required metadata may constitute a breach of due diligence under IT Rules 2026 and may expose OneIndia to loss of intermediary safe harbour protection under Section 79 of the IT Act, and to penalties under applicable law.

D. Duty to Remove Unlawful Content — Accelerated Timelines (IT Rules 2026)

In compliance with the IT Rules Amendment 2026 (effective 20 February 2026), OneIndia is required to act on complaints and take down unlawful content within the following timelines:

Content Category / Action Trigger	Mandatory Takedown / Action Timeline
Court order or government notice to remove unlawful content	3 hours of receipt of order/notice
Content depicting nudity or sexual acts	2 hours of becoming aware or receiving complaint
Non-consensual intimate imagery (NCII), including AI-generated NCII	2 hours of becoming aware or receiving complaint
Impersonation or artificially morphed images of individuals	2 hours of becoming aware or receiving complaint
Unlawful synthetically generated information (deepfakes, AI misinformation)	2 hours of becoming aware or receiving complaint
Other complaints relating to content concerning a specific individual	36 hours of complaint receipt
General user grievances (accuracy, corrections, other content concerns)	7 days of complaint receipt
Complaints about account suspension or access denial	7 days of complaint receipt

These timelines supersede all prior takedown standards and apply to all content, including SGI. OneIndia has implemented internal processes to meet these timelines.

E. Proactive Monitoring Duty

Under the IT Rules 2026, intermediaries must act proactively when they become independently aware (not just upon complaint) of unlawful content, including unlawful SGI. This includes:

• Deployment of automated content moderation tools for detecting probable deepfakes, NCII, and impersonation content within published and user-submitted material
• Editorial flagging processes for suspected SGI that appears in syndicated content or wire agency feeds
• Regular audits of AI-generated content published on the Platform to ensure label and metadata compliance

F. Duty to Furnish Information to Government

OneIndia shall furnish to the Ministry of Information and Broadcasting or any other authorised government authority:

• Any information required for verification of compliance with the IT Rules, including SGI-related records, grievance logs, and content audit trails
• Compliance with IT Rules requiring disclosure of information within 72 hours of a lawful request from a competent authority for investigative, protective, or cybersecurity purposes
• Monthly compliance reports as required under the IT Rules 2021

As of May 2026, OneIndia's SSMI status and applicability of these obligations is under internal assessment. Compliance measures are being implemented proactively.

10. Minor’s data

We do not knowingly process personal data of any individual under 18 years of age without verifiable consent from a parent or legal guardian

Age-verification mechanisms are implemented at the point of registration and during consent flows. Behavioral monitoring, profiling, and targeted advertising directed at children is strictly prohibited on all OneIndia platforms. We do not track children's online activity outside our

Platform, and we do not serve interest-based advertising to users identified or reasonably suspected to be minors Parents or guardians may contact [email protected] to request deletion of a child's account and associated personal data.

Exemptions apply where processing is strictly necessary for child safety, provision of subsidized educational services, or as mandated by applicable law.

11. Acceptance and Consent Mechanism

We obtain consent through clear, affirmative opt-in actions - not through pre-ticked boxes, bundled consents, or dark patterns A consent notice is provided to you in plain, simple language clearly stating:

(a) the personal data to be processed;

(b) the purpose of processing;

(c) how to exercise your rights; and

(d) how to withdraw consent

Consent notices are available in all 8 languages in which OneIndia publishes content, as required by the DPDP Rules 2025, to ensure accessibility across India's linguistic diversity.

You may withdraw consent at any time via your account settings or by writing to [email protected] Withdrawal does not affect the lawfulness of processing prior to withdrawal

Where you withdraw consent, we will cease processing within a reasonable time and delete the data unless retention is required by law.

12. Grievance Redressal — Contact Details and Escalation

Publisher Grievance Officer:

• Name: Mr. Keshav Karna, Grievance Officer
• Email: [email protected]
• Address: VRR Legacy, 2nd Floor, No. 2, 1st Main Jakkasandra, 1st Block Koramangala, Bengaluru - 560 034, Karnataka, India
• Response: Acknowledgement within 24 hours; resolution within 7 days (or 2 hours / 36 hours for priority content as per IT Rules 2026)

Level I — Publisher (OneIndia):

• Grievance Officer (resident in India): [email protected]
• Every grievance submitted through the Platform's grievance form or email must be acknowledged within 24 hours and decided within 7 days (reduced from 15 days per the 2026 Amendment).
• Grievances relating to SGI, nudity, NCII, or impersonation must be resolved within the applicable 2-hour or 36-hour window specified in Section 13.4 above.
• Monthly Compliance Report published on the Platform, disclosing: number of grievances received, type/category, number resolved, number escalated, and action taken.

Level II — Self-Regulatory Body:

• If grievance is not resolved at Level I, or if the complainant is not satisfied with the resolution, they may escalate to any self-regulatory body of publishers constituted under Rule 12 of the IT Rules 2021.
• The self-regulatory body will be headed by a retired judge of the Supreme Court or a High Court, or an independent eminent person from the media, broadcast, or entertainment industry.
• The self-regulatory body may issue guidance, advisories, or directions for compliance within 15 days of referral.

Level III — Oversight Mechanism (Ministry of Information and Broadcasting):

• If the matter is not resolved at Level II, or where the self-regulatory body has not acted, the matter may be referred to the Inter-Departmental Committee constituted by the Ministry of Information and Broadcasting.
• The Authorised Officer (Joint Secretary, MIB or above) may issue directions to delete, modify, or block content within timelines prescribed under Rule 14.
• Emergency actions may be initiated without prior notice where immediate harm to public order or national security is at risk.

13. Changes to this Policy

We may update this Policy to reflect changes in law, regulatory guidance, or our services. Material changes will be communicated to registered users by email at least 15 days before taking effect. The Effective Date at the top of this document indicates the most recent version. Continued use of the Platform after an update constitutes acceptance of the revised Policy.

14. Third Party Links

We may have information about third-party products and services on our website. Third-party sites have their own privacy policies. So, therefore, we have no responsibility or liability for the content and activities of these linked sites.

Please keep in mind that when you provide information to us on a third-party website or Platform (for example, via our applications like social media login the information we collect through those third-party websites linked with our applications are covered by this Privacy Policy, and the information the third-party website collects or may collect is subject to the third-party site privacy practices.

Privacy choices you have made on the third-party site or platform will not apply to our use of the information we have collected directly through our Platform. Please also keep in mind that our sites and applications may contain links to other sites not owned or controlled by us and we are not responsible for the privacy practices of those sites. We encourage you to be aware when you leave our Platform and to read the privacy policies of other sites that may collect your personal information.