SIA MIS
SIA MIS
M&E Platform
Legal

Privacy Policy

We believe in transparency. Here's exactly what data we collect, why we collect it, and how we protect it.

Last updated: May 29, 2026 · Effective: May 29, 2026

SIA MIS ("we", "us", "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard data when you use the SIA MIS platform. We comply with applicable Indian data protection laws including the Digital Personal Data Protection Act, 2023 (DPDPA).

1. Overview

SIA MIS is a monitoring and evaluation (M&E) platform designed for NGOs, development organisations, and social enterprises operating primarily in India. We process two categories of data: (a) account and organisational data about the people who use our platform, and (b) programme data — including beneficiary information — that organisations choose to upload and manage.

This policy applies to all users of the SIA MIS platform, including administrators, field officers, and any other role with access to the Service.

2. Data We Collect

Account data: Name, email address, job title, organisation name, phone number, and profile photo when you register or update your account.

Usage data: Log files, IP addresses, browser type, device identifiers, pages visited, features used, and timestamps — collected automatically when you use the Service.

Programme data: Beneficiary profiles, indicator values, survey responses, GPS coordinates, photographs, and any other M&E data that your organisation chooses to upload. You control what programme data enters the system.

Communications: Content of support tickets, emails, and chat messages you send us.

Payment data: Billing name, address, and invoice history. Payment card details are processed directly by our payment provider and are never stored on our servers.

3. How We Use Data

We use the data we collect to:

  • Provide, operate, and improve the Service
  • Authenticate users and maintain account security
  • Send transactional emails (e.g. password resets, data export notifications)
  • Respond to support requests and communicate about your account
  • Generate aggregated, anonymised analytics to improve platform features
  • Comply with legal obligations and enforce our Terms of Service
  • Send product update newsletters (you can unsubscribe at any time)

We do not sell your personal data or your programme data to third parties.

4. Data Sharing

We share data only in the following limited circumstances:

Service providers: We use trusted third-party vendors to operate the Service (e.g. cloud hosting, email delivery, error monitoring). These providers are contractually bound to process data only on our instructions and may not use it for their own purposes.

Within your organisation: Users within the same organisational account can access shared programme data according to the role-based permissions configured by your administrator.

Legal requirements: We may disclose data when required by law, court order, or regulatory authority, or to protect the rights and safety of SIA MIS, our users, or the public.

Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, with prior notice to you.

5. Data Retention

We retain account data for as long as your account is active and for a period of 90 days after account deletion, to allow for recovery if needed.

Programme data is retained for the duration of your subscription plus 30 days, after which it is permanently deleted from our systems. You may export your data at any time before account closure.

Anonymised, aggregated analytics data may be retained indefinitely as it cannot be linked to any individual.

6. Security

We implement industry-standard security measures to protect your data, including:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Role-based access controls with least-privilege principles
  • Multi-factor authentication support
  • Regular security audits and penetration testing
  • Automatic backups with point-in-time recovery

Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. If you suspect a security breach affecting your account, please contact us immediately at info@tanxinnovations.com.

7. Cookies

We use cookies and similar technologies to operate the Service, remember your preferences, and understand how our platform is used.

Essential cookies are required for the platform to function and cannot be disabled.

Analytics cookies help us understand feature usage through aggregated, anonymised data. You can opt out via your account settings.

We do not use advertising or tracking cookies. You can control cookie settings through your browser; however, disabling essential cookies will prevent you from using the Service.

8. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the right to:

  • Access — request a copy of your personal data
  • Correction — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data, subject to legal retention requirements
  • Portability — export your data in a machine-readable format
  • Withdraw consent — where processing is based on consent, withdraw it at any time
  • Grievance redressal — lodge a complaint with us or with the Data Protection Board of India

To exercise any of these rights, please contact info@tanxinnovations.com. We will respond within 30 days.

9. Beneficiary Data

Your organisation (not SIA MIS) is the data fiduciary for any personal data about your programme beneficiaries that you upload to the platform. You are responsible for ensuring lawful basis for processing, obtaining required consents, and providing beneficiaries with information about how their data is used.

SIA MIS acts as a data processor on your behalf for beneficiary data. We process this data only according to your instructions as set out in our Data Processing Agreement, which is available on request.

We strongly recommend against uploading sensitive personal data (e.g. health records, caste information, biometric data) unless necessary for your M&E programme, and we advise pseudonymisation or anonymisation wherever possible.

10. International Transfers

Our primary servers are located in India. Where we use third-party service providers that process data outside India, we ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements that meet DPDPA requirements.

11. Children's Privacy

The SIA MIS platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children directly. If your organisation's programme serves children and you upload data about child beneficiaries, you must ensure that appropriate legal basis and consent (from parents or guardians) exists under applicable law.

12. Policy Updates

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-platform notification at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact & DPO

For privacy-related questions, data subject requests, or concerns, please contact our Data Protection Officer:

Data Protection Officer, SIA MIS

Email: info@tanxinnovations.com

Or use our Contact page

Terms of Service →Contact Us →