Close Menu
    Monday, May 11, 2026
    Breaking

    Privacy Policy

    Company Name: Enoxx News Private Limited

    Corporate Identity Number (CIN): U63910HP2025PTC012158

    Registered Office: Kaul Complex, Plot No 180, Shamnagar, Dharamsala, Kangra- 176215, Himachal Pradesh, INDIA

    Email: contact@enoxxnews.com

    Last Updated: May 5, 2026

    1. Introduction and Corporate Status

    Enoxx News Private Limited (hereinafter referred to as “the Company”) is a news and media entity duly incorporated under the Companies Act, 2013. This document governs the privacy practices and legal disclosures for our websites enoxxnews.com and enoxxnews.in, our mobile application “Enoxx Ground” used by our editorial staff and field reporters, and our regional digital news wings: Enoxx Himachal News, Enoxx News Punjab, and Enoxx News Jammu & Kashmir.

    2. Nature of Service (Digital Media Disclosure)

    In compliance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Company hereby declares:

    • Digital-Only Presence: Enoxx News is a Digital News Channel. Our content is disseminated exclusively via our websites and official social media intermediaries, including YouTube, Facebook, and Instagram.
    • Broadcasting Clarification: The Company is not a satellite news channel and is not available on any OTT platforms. The term “Channel” used in our branding refers strictly to our digital and social media distribution networks.

    3. Data Collection and Processing

    We collect and process data in accordance with the Digital Personal Data Protection (DPDP) Act, 2023 and the Information Technology Act, 2000:

    • Personal Data: Information such as name, email address, and contact details collected via subscriptions, newsletters, or “Citizen Journalism” submissions.
    • Automated Data: IP addresses, browser types, and device identifiers collected through cookies to enhance user experience on our domains.
    • Third-Party Platforms: Since our news is consumed on YouTube, Facebook, and Instagram, users are also subject to the privacy policies of those respective platforms. The Company only accesses aggregate, non-personal analytical data provided by these intermediaries.

    4. Purpose of Data Usage

    The Company utilizes collected data for:

    • Delivery of regional news updates relevant to Himachal Pradesh, Punjab, and Jammu & Kashmir.
    • Improving website functionality and technical security.
    • Compliance with statutory requirements for digital news publishers.

    5. Intellectual Property and “Fair Use” Notice

    • Third-Party Content: In the interest of comprehensive news reporting, the Company may utilize photographs, images, or video clips from third-party sources.
    • Legal Basis: Such use is conducted solely for informational, educational, and news reporting purposes.
    • Fair Dealing: The Company invokes the “Fair Dealing” provisions under Section 52 of the Copyright Act, 1957. We do not claim ownership of such third-party material. If any copyright owner has an objection to the use of their content, they may reach out to our Grievance Officer for immediate review.

    6. Data Sharing and Security

    • Non-Disclosure: The Company does not sell or rent user data to third parties.
    • Legal Disclosure: We may disclose information if required by a court of law or a government authority under the provisions of the Information Technology Act.
    • Protection: We implement reasonable security practices to protect data against unauthorized access or alteration.

    7. Limitation of Liability

    The Company, its Directors, and employees shall not be held liable for:

    • User-generated content, including comments or opinions posted on our social media pages.
    • Any technical issues or data breaches occurring on third-party platforms (YouTube, Facebook, Instagram).
    • Accuracy of news tips provided by external sources, though we strive for maximum verification.

    8. Enoxx Ground Mobile Application — Facebook and Instagram Data Practices

    This section describes the data practices specific to the Enoxx Ground mobile application, which is used internally by Enoxx News editorial staff and authorised field reporters. Enoxx Ground is not a consumer-facing application; it is provided to our staff so they can publish live news broadcasts and video reports to our official Facebook Pages and Instagram Business accounts.

    8.1 Who uses Enoxx Ground

    Enoxx Ground is restricted to:

    • Editorial staff of Enoxx News Private Limited (administrators and producers using the web dashboard at dashboard.enoxxnews.in).
    • Authorised field reporters and contributors employed or engaged by the Company to file live news broadcasts and recorded reports from the field.

    The application is not available to the general public. It is not listed on the Google Play Store or Apple App Store as a consumer app, and it does not collect data from members of the public.

    8.2 Facebook and Instagram data we access

    When a Company administrator connects an official Enoxx News Facebook Page (and any associated Instagram Business account) to our publishing dashboard, we use Facebook Login on the dashboard and request the following from the Meta Graph API:

    • The list of Facebook Pages owned or managed by the administrator’s Facebook account, including each Page’s ID and name (via the pages_show_list permission and the /me/accounts endpoint).
    • A long-lived Page access token for each Page the administrator selects to connect to a Channel inside our system. This token is what allows our backend to publish on behalf of that Page.
    • The ID and username of any Instagram Business account linked to a connected Facebook Page (via the instagram_basic permission), so editorial staff can publish to Instagram from the same Channel.
    • Engagement metadata returned by Meta in response to our publishing calls (post IDs, live video IDs, video IDs, status fields).

    We do not collect or store the personal Facebook profile information of the administrator who performs the connection (no Facebook user ID, no name, no email address, no profile picture). We collect only the Page-level credentials and metadata required to publish to the Pages the Company itself owns.

    8.3 What the application does with that data

    The Page access tokens and Page IDs are used by our backend service to make the following calls to the Meta Graph API on behalf of the connected Page:

    • Create live video broadcasts at POST /{page-id}/live_videos when a field reporter taps “Go Live” in the Enoxx Ground mobile app. Meta returns an RTMPS streaming endpoint, which the mobile app uses to push video from the reporter’s phone (uses pages_manage_posts and live video permissions).
    • End live video broadcasts at POST /{live-video-id} when the reporter or an administrator ends the broadcast.
    • Upload recorded video reports at POST /{page-id}/videos when editorial staff publish an edited video from the dashboard (uses pages_manage_posts).
    • Publish photo and video posts to Instagram at POST /{ig-user-id}/media and POST /{ig-user-id}/media_publish (uses instagram_content_publish).

    Each Graph API call is signed with an HMAC-SHA256 app secret proof computed from the access token and our application secret, in accordance with Meta’s recommended security practice, to protect against unauthorised reuse of intercepted tokens.

    The mobile app does not make Graph API calls directly; all token use is server-side from our backend.

    8.4 Where data is stored

    Page access tokens, Page IDs, Page names, Instagram Business account IDs and usernames, scope lists, and broadcast metadata (titles, descriptions, FB live video IDs, RTMPS stream URLs, start and end timestamps) are stored in a PostgreSQL database hosted on a Company-controlled virtual private server in DigitalOcean’s Bangalore (India) data centre.

    Reporter user accounts (email or phone, hashed password, name, role, state, district) are stored in the same database. Passwords are stored as one-way bcrypt hashes; the plain-text password is never stored.

    Access to the database is restricted to authorised Company personnel via SSH key authentication. RTMPS stream URLs are never written to log files, in line with Meta’s confidentiality requirements for streaming credentials.

    Page access tokens are stored in plain text within the database. The database itself is not encrypted at the column level today; protection relies on operating-system access controls, restricted SSH access to the server, and TLS for all in-transit communication. The Company is evaluating column-level encryption as a future improvement.

    8.5 Data sharing — none beyond Meta

    Data obtained from the Meta Graph API is used only to fulfil the publishing operations described in section 8.3. We do not sell, rent, or disclose this data to any third party. We do not use it for advertising, profiling, or any purpose unrelated to publishing the Company’s own content to its own Pages and Instagram accounts. The only external service we send this data to is Meta itself, when we make Graph API calls back to Meta to publish on the connected Pages.

    8.6 Data retention and deletion

    • A Company administrator may disconnect any Facebook Page or Instagram account from our system at any time using the dashboard’s platform-disconnect function. When a Page is disconnected, the corresponding access token, refresh token, and platform account record are immediately deleted from our database.
    • Live broadcast records (titles, descriptions, FB live video IDs) are retained as part of the Company’s editorial archive for as long as the corresponding broadcast remains published on the Page, plus a reasonable period for audit and compliance purposes.
    • Reporter user accounts are deactivated when the reporter ceases their engagement with the Company. Full deletion of a reporter’s account, or of any other personal data the Company holds about an individual, can be requested by contacting the Grievance Officer named in section 9. Such requests will be actioned within thirty (30) days, in accordance with the Digital Personal Data Protection Act, 2023.
    • Anyone who has connected a Facebook Page or Instagram account to our system, and who wishes the corresponding tokens and metadata to be deleted, may either disconnect the platform via the dashboard themselves, or write to the Grievance Officer to request deletion. Tokens may also be revoked at any time directly from Facebook by visiting Settings → Business Integrations in the user’s Facebook account.

    8.7 Children

    The Enoxx Ground application is intended exclusively for adult editorial staff and authorised field reporters of the Company. It is not designed for, marketed to, or intended to be used by individuals under the age of eighteen.

    9. Statutory Grievance Redressal

    In accordance with Rule 11(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, any person aggrieved by the content or privacy practices of Enoxx News may contact our designated Grievance Officer:

    Grievance Officer: Ajay Kumar Saklani Designation: Editor-in-Chief Enoxx News Private Limited Address: Kaul Complex, Plot No 180, Shamnagar, Dharamsala, Kangra- 176215, Himachal Pradesh Email: contact@enoxxnews.com