Privacy Policy

This Privacy Policy explains how Prastab (“we,” “us,” or “our”) collects, uses, and protects the personal information of users (“you”) of the Prastab platform at prastab.com.

Prastab is a civic engagement platform designed for citizens of Nepal. By using the platform, you agree to the practices described in this policy. If you do not agree, please do not use the service.

We believe privacy is a right. We collect only what is necessary to operate the platform, we never sell your data, and we give you full control over your information.

Account Information

• Name — your display name on the platform
• Email address — used for login and notifications
• Password — stored as a cryptographic hash (never in plaintext)
• Profile photo (optional) — if you choose to upload one

Content You Create

• Issue posts (title, description, category, location, attachments)
• Comments and replies
• Votes (upvote/downvote records)
• Bookmarks and follows

Technical Data

• IP address (for security and fraud prevention)
• Browser and device type (for compatibility)
• Session tokens (to keep you logged in)
• Usage analytics (page views, feature usage — anonymized)

Location Data

When you submit an issue, you voluntarily select a Province, District, Municipality, and Ward. We do not collect your GPS coordinates or precise device location.

• To operate your account and authenticate you
• To display your posts and comments on the platform
• To send notifications you explicitly enable (e.g., replies to your posts, status changes)
• To route your civic issue to the appropriate government authority
• To detect and prevent abuse, spam, and fraudulent activity
• To generate anonymized aggregate statistics for the public Transparency Dashboard
• To improve the platform through anonymized usage analytics

We do not use your data for advertising, political profiling, or any purpose unrelated to civic engagement.

All posts on Prastab are publicly visible by default. This is intentional — civic accountability requires transparency. Your posts are indexed by search engines and accessible to:

• All visitors to prastab.com (logged in or not)
• Government authorities assigned to your issue
• Journalists, researchers, and the general public
• Search engines (Google, Bing, etc.)

Your email address is never publicly visible. Only you and Prastab administrators can see it.

If you delete your account, your posts remain on the platform but your name is replaced with “Deleted User” to preserve the public record of civic issues. You may request full post deletion by contacting us.

We use a minimal set of cookies:

We do not use third-party advertising cookies or social media tracking pixels.

We do not sell your personal data. We share data only in these limited circumstances:

• Government authorities — issue content (not your email) is routed to the responsible authority
• Service providers — infrastructure providers (cloud hosting, email delivery) under strict data processing agreements
• Legal requirements — if required by Nepal's laws or valid court orders
• Safety — to prevent imminent harm to persons or public safety

You have the right to:

• Access — request a copy of all personal data we hold about you
• Correction — update your name, email, or profile information at any time via Settings
• Deletion — delete your account (see Data Deletion section below)
• Portability — request an export of your posts and activity in machine-readable format
• Opt-out of notifications — disable email notifications via Settings → Notifications at any time

To exercise any of these rights, email us at [email protected].

To delete your account:

1. Go to Settings → Danger Zone → Delete Account
2. Type “DELETE” to confirm
3. Your account is deactivated immediately

Upon deletion, your name and email are removed from our systems within 30 days. Your posts remain on the platform attributed to “Deleted User” to maintain the public civic record. To request removal of specific posts, contact us at [email protected].

We protect your data using:

• TLS/HTTPS encryption for all data in transit
• Bcrypt hashing for passwords (never stored in plaintext)
• Encrypted database backups
• Regular security audits
• Principle of least privilege — staff access to user data is strictly limited

If you discover a security vulnerability, please report it responsibly to [email protected].

This Privacy Policy is governed by the laws of Nepal, including the Individual Privacy Act, 2075 (2018) and the Electronic Transactions Act, 2063 (2008). Any disputes arising from this policy will be subject to the jurisdiction of the courts of Kathmandu, Nepal.

For privacy-related questions, requests, or concerns: