Legal
Effective date: 15 June 2026 · Version 1.0 · Last updated: 28 June 2026
This Privacy Policy is issued by VariableWork Consulting Private Limited ("the Company", "we", "us"), CIN U78300UP2026PTC243050, registered at 1503, Tower SG-8, Saya Gold Avenue, Block-A, Shipra Sun City, Indirapuram, Ghaziabad – 201014, Uttar Pradesh. We own and operate JeevikaSetu, a voice-first marketplace connecting India's informal workers ("Setu Partners") with household, RWA and SME employers ("Setu Clients"). In respect of personal data we process, the Company acts as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025 ("DPDP").
The Platform connects Setu Partners (independent service providers — home services, domestic help, beauty and wellness, skilled trades) with Setu Clients (households and businesses that hire them). By using the Platform, you acknowledge that you have read this Policy.
We practise data minimisation — at the lead stage we collect only a mobile number and first name. Further data is collected only as a verification step progresses, and only with your consent.
Identity & Verification Data
Contact & Location Data
Voice Data (JeevikaSetu is voice-first)
Work & Transaction Data
Usage & Device Data
We process your data on the basis of your consent under Section 6 of the DPDP Act, and, where applicable, on the legitimate uses permitted under the Act. Retrieval of any document through DigiLocker is carried out only on your explicit, informed and revocable consent, captured before authentication.
Consent is requested in clear, plain language and offered bilingually (Hindi and English), including by voice, so that it is meaningful for low-literacy users. Withdrawing consent does not affect processing done before withdrawal and may limit your ability to use parts of the Platform.
You may grant or decline consent for each verification step. For DigiLocker, consent is scope-level: you authorise access to specific documents only, through the OAuth 2.0 / OpenID Connect framework. You may withdraw consent at any time — as easily as you gave it. Withdrawing consent is free and never results in a permanent lockout; a Setu Partner simply remains at a lower Trust Tier (e.g. Tier G) and continues to use the platform.
Purpose limitation: we use documents retrieved through DigiLocker only for the verification purpose you consented to. We do not re-purpose, sell, profile, or further process this data for any unrelated use.
Data exchange through API Setu is direct, decentralised and consent-driven. No third-party intermediary or message broker holds your data in transit. We never receive or store your DigiLocker or Aadhaar password; access is granted through secure, time-limited tokens. Aadhaar-related data is processed in offline e-KYC form and held in a protected Aadhaar Data Vault. We do not store your full Aadhaar number in our application records; where a reference is retained, it is in masked form only.
We primarily process and store data in India. Any cross-border transfer will be carried out only as permitted under the DPDP Act. As of the date above, the Government has not notified any restricted country; we monitor this and will comply with any such restriction.
We apply reasonable security safeguards, including encryption of data in transit and at rest, an Aadhaar Data Vault, masking of phone numbers (parties never see each other's real number), role-based access controls, access logging, monitoring, and backups. In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals as required; our internal target is notification within 72 hours of becoming aware of a reportable breach.
We retain personal data only for as long as needed for the purposes above, or as required by law, after which we delete or anonymise it. Records subject to intermediary obligations under the IT (Intermediary Guidelines) Rules, 2021 are kept for a minimum of 180 days. On account closure, withdrawal of consent, or a valid erasure request, we delete or de-identify your data accordingly.
Subject to the DPDP Act, you have the right to:
To exercise any right, contact us at grievance@jeevikasetu.com. We may need to verify your identity before acting.
The Platform is intended for users aged 18 and above. We do not knowingly process the personal data of children without verifiable parental consent. We do not undertake behavioural monitoring of, or targeted advertising directed at, children. If we learn that we have collected a child's data without verifiable consent, we will delete it.
Given the scale of Aadhaar-linked verification and voice processing we expect to undertake, we anticipate being designated a Significant Data Fiduciary under the DPDP Act. We are accordingly preparing to undertake periodic Data Protection Impact Assessments, appoint an independent data auditor and a Data Protection Officer based in India.
For any question or complaint about your personal data, contact our Grievance Officer:
Grievance Officer: Ms. Deep Shikha
Email: grievance@jeevikasetu.com
Address: VariableWork Consulting Pvt. Ltd., 1503, Saya Gold Avenue, Indirapuram, Ghaziabad, Uttar Pradesh 201014, India
We will acknowledge your complaint within 24 hours and endeavour to resolve it within 15 days. If you are not satisfied, you may approach the Data Protection Board of India.
We may update this Policy. Material changes will be notified on the Platform, and where appropriate, by voice notification in Hindi. The "Last updated" date reflects the latest version.