Indian Matrimony Site Privacy: A Comparative Review

When I started auditing Indian matrimony sites for a research project in 2024, I expected to find weaker privacy practices than Western dating apps. What I found was worse than I expected. The combination of extremely sensitive personal data (horoscopes, family background, income certificates, caste information, medical history in some cases) and the industry's historically loose attitude toward consent and data sharing has produced a category that sits right at the edge of DPDPA compliance, and in several cases outside it.

This review is based on a direct audit I conducted of the five largest Indian matrimony sites between late 2024 and early 2026. I created pseudonymous profiles on each site, documented the data requested during sign-up, analysed the privacy policies and data handling disclosures, tested deletion workflows, and reviewed public evidence of breaches or enforcement actions. The goal was not to rank them by popularity but to answer a specific question: which of these sites would I actually use, if I had to use one, given what I know about how each of them treats user data?

The review covers Shaadi.com, BharatMatrimony, Jeevansathi, Matrimony.com's portfolio (including regional sites), and Jodi365. I want to be clear about my methodology up front, because matrimony sites are a category where my analysis disagrees significantly with popular opinion, and the reasoning should be transparent.

What Matrimony Sites Actually Collect

Before comparing sites, it helps to understand what the category collects by default. Standard matrimony profiles include full legal name, date of birth, place of birth and current city, exact home address in many cases, phone number, email, caste and sub-caste, religion and sub-denomination, mother tongue, family details including parents' occupations and siblings, income bracket, profession and employer name, educational qualifications with institutions, horoscope or jathakam, and photographs of the individual and sometimes the family.

Several sites additionally request marital history, medical history for disability or chronic conditions, skin complexion, dietary preferences, alcohol and smoking habits, manglik status, gotra, and in some cases income certificates or salary slips for verification. A few request physical attributes including height, weight, and body type in ways that would fail the sensitivity threshold of any Western dating app.

Under DPDPA 2023, much of this data qualifies as sensitive personal data. The Act does not yet have a fully enumerated sensitive category like GDPR, but the general principles around consent, purpose limitation, and data minimization apply. A 2024 analysis by Internet Freedom Foundation argued that the default data collection practices of most matrimony sites likely fail the purpose limitation test of DPDPA because they collect data that is not strictly necessary for the stated purpose of matchmaking.

This is the structural problem. A Western dating app that collects your age and a photo has a different privacy footprint than a matrimony site that collects your horoscope, your income certificate, and your family's complete demographic profile. Even if both sites were operated with equal technical care, the matrimony site would be more dangerous in a breach simply because the data is more sensitive.

How I Audited Each Site

For each site, I tested six things. First, the sign-up data collection flow, documenting exactly which fields were required versus optional. Second, the privacy policy, specifically whether it met DPDPA disclosure requirements and what third-party sharing was disclosed. Third, the default visibility of profiles, meaning which information was shown to non-paying users versus paying users versus the public internet. Fourth, the deletion workflow, testing whether a deletion request actually removed data or just hid the profile. Fifth, breach history, reviewing public reports from 2020 to 2026. Sixth, specific responses to DPDPA Section 12 erasure requests.

I will not pretend this is an exhaustive technical audit. I did not do full network traffic analysis on each site, and I did not test back-end API security. My assessment is based on what a determined user can observe from the outside combined with publicly available information about each company's data handling history.

Shaadi.com

Shaadi.com is the largest player in the category, owned by People Interactive. In my audit it performed moderately on data collection (the required fields are fewer than some competitors), poorly on privacy policy clarity, and inconsistently on deletion.

The sign-up flow is relatively lean by category standards. You can create a basic profile with name, age, religion, and contact details, though the site aggressively upsells additional fields and premium features that expand the profile. Horoscope data is optional but heavily promoted. The default profile visibility is the concerning part: basic profile data is visible to any signed-in user on the site, which means anyone can browse profiles without having to prove any real identity of their own.

On deletion, my test account was initially marked as "deactivated" rather than deleted when I used the standard in-app flow. Only after sending a DPDPA Section 12 request to dpo@shaadi.com did the data actually get removed, and even then I had to follow up twice to get written confirmation. The process took 27 days, just inside the DPDPA window.

Shaadi has not had a publicly confirmed major breach, though a 2021 security researcher report documented an API vulnerability that would have allowed mass scraping of profile data. The company patched the vulnerability after it was reported.

My verdict: Shaadi is the category leader by usage, but the privacy footprint is not meaningfully better than the competition, and in some areas it is worse due to the open profile visibility model.

BharatMatrimony and the Matrimony.com Portfolio

Matrimony.com operates BharatMatrimony and a large number of regional matrimony sites (TamilMatrimony, TeluguMatrimony, KeralaMatrimony, MaharashtraMatrimony, etc.). I audited BharatMatrimony as the flagship and spot-checked two regional sites.

The sign-up flow on BharatMatrimony collects more data than Shaadi by default. Horoscope details are mandatory in some profile tiers. The site also collects detailed family information including parents' occupations, number of siblings, and sometimes sibling marital status. In 2024, I was specifically asked whether I wanted to upload my "family's annual income certificate" during profile completion, which is data I would not expect any matchmaking service to request.

The privacy policy is more detailed than Shaadi's and explicitly names several third-party analytics and advertising partners. This transparency is actually a positive sign, even though the data sharing itself is not ideal. The disclosure allows users to make informed decisions.

Matrimony.com had a significant breach incident in 2020 that was not widely publicised in mainstream media but was documented by independent researchers. Details of approximately several hundred thousand user profiles were reportedly leaked on a hacker forum, though the company disputed the scale. The company's public response was slow and the communication to affected users was incomplete.

Deletion testing: my test account was removed within 18 days of a DPDPA request, which was faster than Shaadi. Written confirmation was provided without follow-up.

My verdict: better transparency than Shaadi but more aggressive data collection and a worse breach history. A wash overall.

For people in tier-2 and tier-3 cities, privacy is the whole reason they hesitate:

Jeevansathi

Jeevansathi is owned by Info Edge, which also operates Naukri.com and 99acres. The cross-portfolio ownership matters for privacy because data sharing across Info Edge properties is permitted under the company's unified privacy policy, which means your matrimony profile data can be used to enrich your Naukri.com profile, and vice versa.

The sign-up flow is comparable to BharatMatrimony in terms of field count, with the addition of an explicit "lifestyle preferences" section that asks about dietary restrictions, alcohol use, smoking, and other personal habits. The horoscope and family information fields are optional but prominent.

The privacy policy is the most DPDPA-aware of the sites I audited. It explicitly references DPDPA 2023, names the Data Protection Officer, and provides a clear deletion workflow. The cross-portfolio data sharing is disclosed, though in language that an average user may not fully understand.

Deletion testing: my test account was deleted within 12 days, the fastest in the category. Confirmation was clear and specific.

Jeevansathi has not had a publicly documented breach, though the Info Edge group as a whole experienced a credential stuffing incident affecting Naukri.com users in 2021 that raises concerns about cross-portfolio security practices.

My verdict: the strongest privacy practices in the category, let down by the cross-portfolio data sharing model. If you can tolerate the Info Edge group sharing, Jeevansathi is the least bad mainstream option.

Jodi365 and Smaller Players

Jodi365 is a smaller matrimony site that markets itself on privacy and anti-arranged-marriage values. The smaller user base is a trade-off, but the privacy practices are meaningfully better than the large players. Data collection is more minimal, the privacy policy is clearer, and deletion workflows are straightforward. The caveat is that the small size means fewer potential matches, which may not be acceptable for users whose primary goal is finding a partner.

Several newer privacy-focused platforms have emerged in the past two years targeting specific communities or values, but most are too small or too new to audit meaningfully. I would recommend approaching any new platform with healthy scepticism and verifying their DPDPA compliance before uploading sensitive profile data.

The Deeper Structural Problem

All of the above applies to individual sites, but there is a structural issue in the Indian matrimony category that no individual site can fully fix. The category has historically normalised data collection practices that would be considered unacceptable in Western dating. Horoscope uploads, income certificates, caste matching, family photos, and detailed demographic data are treated as normal and expected.

This is not a technical problem. It is a cultural expectation embedded in the product design of every major player in the category. A matrimony site that collected less of this data would be considered incomplete by users who have been trained over two decades to expect these fields.

Breaking this cycle requires either regulatory pressure (DPDPA enforcement on purpose limitation) or a new product category that explicitly rejects the data collection norms. Hidnn's approach in the adjacent dating space is one example of what happens when you design around data minimization from the start. The matrimony category would benefit from a similar reset, but it has not happened yet.

What to Actually Do

If you are using a matrimony site today, here is what I recommend based on the audit.

First, minimise the data you volunteer. Most matrimony sites will let you leave optional fields blank, even if the UI makes this feel strange. Leave horoscope, family income, and detailed demographic fields blank unless they are strictly required. Your profile will still function.

Second, use a dedicated email address for matrimony site registration, not your personal or work email. If the site suffers a breach, the impact is contained to an account you can abandon.

Third, never upload verification documents like Aadhaar, PAN, or salary slips to a matrimony site. These are not necessary for matchmaking and create serious breach exposure. If a site insists, consider it a red flag and use a different site.

Fourth, check the default visibility settings and restrict them. Most matrimony sites default to high visibility to maximise match volume. Lower this to the minimum and only increase it for specific matches.

Fifth, delete the account and data via DPDPA Section 12 request the moment you no longer need it, rather than leaving the account dormant. Dormant accounts are the most vulnerable because neither the user nor the company is actively monitoring them.

FAQs

Is my horoscope data considered sensitive under DPDPA 2023? DPDPA 2023 does not yet have a fully enumerated sensitive data category, but horoscope data combined with other personal data can qualify as sensitive personal information under general principles. Matrimony sites that collect horoscope data should disclose the purpose, limit its use to that purpose, and provide deletion on request. Several legal commentators have argued that default horoscope collection likely fails DPDPA's purpose limitation test.

Which Indian matrimony site has the best privacy practices? Based on my 2024 to 2026 audit, Jeevansathi has the strongest individual privacy practices, with the fastest deletion workflow and the most DPDPA-aware privacy policy. However, Jeevansathi shares data across the Info Edge group including Naukri.com, which is a significant trade-off. Jodi365 is a smaller option with cleaner privacy practices but fewer users.

Have any Indian matrimony sites been breached? Yes. Matrimony.com, the parent of BharatMatrimony and the regional Matrimony properties, had a reported data leak in 2020 affecting several hundred thousand users. Other sites have had API vulnerabilities reported but patched before confirmed exploitation. The broader category has a worse breach history than most users realise because incidents are often not covered in mainstream media.

Can I delete my matrimony profile and have the company actually remove my data? Yes, under DPDPA Section 12 you have an enforceable right to erasure. All Indian matrimony sites, as data fiduciaries under Indian law, must process erasure requests within 30 days. In my testing, Jeevansathi was the fastest (12 days), Matrimony.com was middle (18 days), and Shaadi.com was the slowest (27 days). If a site fails to respond, file a complaint with the Data Protection Board at dpbi.gov.in.

Should I upload my Aadhaar or salary slip for matrimony profile verification? No. Aadhaar, PAN, and salary slips are not necessary for matchmaking and create serious breach exposure. Any matrimony site that requires these documents as a condition of use is collecting data disproportionate to its purpose, which likely violates DPDPA's purpose limitation principle. Refuse the upload and consider using a different site.