Government of Sikkim | सिक्किम सरकार
Login
Government of Sikkim Emblem
GOI

Digital Document Attestation System

सुरक्षित डिजिटल कागजात प्रमाणीकरण प्रणाली

DC Office, Government of Sikkim

Digital Sikkim Logo
Digital
Sikkim

Privacy Policy

Your privacy and data security are our top priorities

Last Updated: January 15, 2026

Contents

Introduction

DigiAttest Mobile App or Digital Document Attestation System ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and mobile application.

Important: The DigiAttest mobile application is exclusively designed for authorized department officials and verifiers only. It is not intended for general public use.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

Information We Collect

Personal Information

We may collect personally identifiable information that you voluntarily provide to us when you:

  • Register for an account
  • Use the authentication features (mobile number for OTP)
  • Contact us for support
  • Participate in feedback or surveys

This may include:

  • Mobile phone number
  • Email address (if provided)
  • Name (if provided)
  • Device information (device ID, operating system version)
  • Official department credentials (for mobile app users)

Automatically Collected Information

When you use DigiAttest, we may automatically collect:

  • Device type and operating system
  • App version
  • Usage statistics (features used, frequency)
  • Crash reports and performance data
  • IP address (for security purposes)

Information from QR Code Scanning

Important: We do NOT store or retain the contents of documents you scan.

When you scan a QR code:

  • The QR code data is sent to verification servers
  • Verification results are displayed to you
  • No document images or personal document data are stored on our servers
  • Verification history shows only metadata (date, time, verification status)

How We Use Your Information

We use the information we collect to:

1. Provide Services

  • Authenticate your identity via OTP
  • Verify documents against secure databases
  • Display verification results
  • Maintain verification history

2. Improve Our App

  • Analyze usage patterns
  • Fix bugs and improve performance
  • Develop new features
  • Enhance user experience

3. Security & Fraud Prevention

  • Prevent fraudulent verification attempts
  • Detect and prevent security threats
  • Maintain audit logs for security purposes

4. Communication

  • Send OTP codes for authentication
  • Respond to support requests
  • Notify about important updates (with your consent)

Data Storage and Security

Security Measures

We implement industry-standard security measures including:

  • End-to-end encryption for data transmission
  • Secure token-based authentication (JWT)
  • Encrypted local storage (Flutter Secure Storage)
  • Regular security audits
  • HTTPS/TLS for all network communications

Data Retention

  • Authentication Data: Retained while your account is active
  • Verification History: Stored locally on your device only
  • OTP Codes: Valid for 60 seconds, then immediately invalidated
  • Device Tokens: Deleted when you log out
  • Server Logs: Retained for 90 days for security purposes

Data Location

  • Primary servers located in India
  • Compliant with data protection regulations
  • No data sold or shared with third parties for marketing

Third-Party Services

DigiAttest integrates with the following third-party services:

1. Verification Database Providers

  • Purpose: Verify authenticity of attested documents
  • Data Shared: QR code hash (not document content)

2. Authentication Services

  • Purpose: Send OTP codes via SMS
  • Data Shared: Mobile phone number

3. Analytics (Optional)

If enabled:

  • Purpose: Understand app usage and improve performance
  • Data Shared: Anonymous usage statistics, device type

4. Crash Reporting

  • Purpose: Identify and fix app crashes
  • Data Shared: Device type, OS version, crash logs

Your Privacy Rights

You have the right to:

1. Access Your Data

  • Request a copy of personal data we hold
  • View your verification history within the app

2. Delete Your Data

  • Delete your account and associated data
  • Clear verification history from your device
  • Request deletion of server-side data

3. Opt-Out

  • Disable analytics tracking (in app settings)
  • Unsubscribe from promotional communications
  • Revoke camera permissions (note: this prevents QR scanning)

4. Data Portability

  • Export your verification history
  • Receive your data in machine-readable format

Children's Privacy

DigiAttest is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Permissions We Request

Camera Permission

  • Purpose: Scan QR codes on documents
  • Required: Yes, for core functionality
  • Data Access: Camera access only while scanning; no images stored

Internet Permission

  • Purpose: Verify documents with secure databases
  • Required: Yes, for verification functionality
  • Data Access: Network connectivity for API calls

Network State Permission

  • Purpose: Check internet connectivity before verification
  • Required: Yes, to provide better user experience
  • Data Access: Only connectivity status

Cookies and Tracking

DigiAttest does not use cookies. We use:

  • JWT Tokens: For authenticated sessions (stored securely on device)
  • Device Identifiers: For security and fraud prevention
  • App Preferences: Stored locally for user settings

Data Breach Notification

In the event of a data breach that affects your personal information:

  • We will notify you within 72 hours
  • We will provide details about the breach
  • We will explain steps taken to mitigate harm
  • We will advise on protective measures you can take

International Data Transfers

If you are using DigiAttest from outside India, please note:

  • Your data may be transferred to and processed in India
  • We comply with applicable international data protection laws
  • We use standard contractual clauses for data transfers

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be effective when posted in the app. We will notify you of significant changes via:

  • In-app notification
  • Email (if provided)
  • Update to "Last Updated" date

Your continued use of DigiAttest after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Get in Touch

Privacy Email: privacy@digiattest.com
Support Email: support@digiattest.com
Address: Department of Administrative Reforms
Gangtok, Sikkim, India

Compliance

DigiAttest complies with:

  • General Data Protection Regulation (GDPR) - EU
  • California Consumer Privacy Act (CCPA) - US
  • Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
  • Information Technology Act, 2000 - India
  • Other applicable data protection laws

For the most current version of this Privacy Policy, visit: https://attestation.dacgangtok.in/privacy

© 2026 DigiAttest. All rights reserved. | Committed to protecting your privacy and data security.