PAC Management System ("PAC System," "we," "us," or "our") is a centralized platform designed for managing Aadhaar enrollment centers, PAC records, and UCL owner networks across the CSC and BC operator ecosystem. This Privacy Policy governs all data processing activities on our platform, accessible at cscpac.vercel.app.
This policy applies to all users of the PAC System, including administrators, UCL owners, system operators, and center managers. By accessing or using our platform, you agree to the practices described in this document. If you do not agree, please discontinue use of the service immediately.
We are committed to transparency about our data practices. If you have any questions that are not addressed in this document, please contact us using the information provided in Section 09.
We collect the minimum necessary data required to operate the PAC Management System effectively and securely. The following table summarizes the categories of data we process:
| Data Type | Examples | Purpose | Status |
|---|---|---|---|
| Account Identity | Full name, email address, mobile number | Authentication & profile management | Required |
| Professional Info | Operator ID, center code, UCL number, role designation | Role-based access control & auditing | Required |
| PAC Records | PAC entry data, timestamps, submission status, center ID | Core system functionality | Required |
| Location Data | Center geo-coordinates, district, state, PIN code | Center mapping & network management | Required |
| Device & Session | IP address, browser type, device OS, session tokens | Security monitoring & anomaly detection | Automatic |
| Usage Analytics | Page visits, feature usage patterns, click events | Platform improvement & performance | Optional |
| Uploaded Documents | UCL verification documents, operator ID scans | Identity verification & compliance | Optional |
Data collected through the PAC Management System is used exclusively for the following purposes, all of which are necessary for providing the service you've signed up for:
Platform Operations: Processing PAC entries, synchronizing records across centers, generating reports, and maintaining real-time dashboards. This is the primary use of all data you submit.
Authentication & Security: Verifying your identity at login, detecting unauthorized access attempts, enforcing role-based permissions, and maintaining secure session management through Firebase Authentication.
System Monitoring: Tracking uptime, measuring database response times, and identifying performance bottlenecks to maintain our 99.7% SLA commitment.
Compliance & Auditing: Maintaining an immutable audit trail of all administrative actions, data modifications, and access events as required for regulatory compliance.
Service Communications: Sending you system alerts, backup confirmations, security notifications, and administrative announcements that are essential to the service. You cannot opt out of service-critical communications while maintaining an active account.
We implement multiple layers of technical and organizational security measures to protect your data from unauthorized access, loss, or disclosure:
Encryption: All data is encrypted in transit using TLS 1.3 and encrypted at rest using AES-256 through Google Cloud's managed encryption infrastructure. No data is ever transmitted or stored in plaintext.
Access Control: Firebase Security Rules enforce granular role-based access control at the database layer. Even if an application-level control were bypassed, database-level rules ensure unauthorized data access is impossible.
Authentication: Multi-factor authentication is available and strongly recommended for all administrator accounts. All sessions are time-limited and automatically invalidated after periods of inactivity.
Audit Logging: Every data access, modification, and deletion event is logged with a timestamp, user ID, IP address, and action description. Audit logs are immutable and retained for 12 months.
We retain your data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:
| Data Category | Retention Period | Deletion Trigger |
|---|---|---|
| Active Account Data | Duration of account activity | Account deactivation + 30 days |
| PAC Records | 7 years | Regulatory compliance period |
| Audit Logs | 12 months | Rolling deletion after 365 days |
| Session Tokens | Up to 30 days | Logout or session expiry |
| Backup Snapshots | 30 days | Automatic rolling deletion |
| Uploaded Documents | Until verification complete + 90 days | Manual deletion by admin |
After the applicable retention period, data is permanently and irreversibly deleted from all our systems, including backup storage. You may request earlier deletion of certain data types where technically and legally feasible.
The PAC Management System uses cookies and browser local storage to enable core functionality and improve your experience. We do not use third-party advertising cookies.
Under applicable data protection law, including India's Digital Personal Data Protection Act (DPDPA) 2023, you have the following rights regarding your personal data:
To exercise any of these rights, contact us using the information in Section 09. We will respond to all verified requests within 30 calendar days. We may require identity verification before processing sensitive requests.
For any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact our Data Controller directly. We are committed to responding to all inquiries promptly and transparently.
PAC Management System · CSC / BC Network Platform
Singi, Bolpur, Birbhum, West Bengal — 731240, India
For privacy requests, data access queries, or to report a concern, please use the channels below. Include your full name, registered email, and the nature of your request for the fastest response.
We aim to acknowledge all privacy-related requests within 48 hours and resolve them within 30 calendar days. If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant Data Protection Board of India as established under the DPDPA 2023.