In an interview with TimesTech, Sarika Shetty, CEO and Co-founder of RentenPe, spoke about data protection in the digital age. She discussed cloud security, the truth behind encryption, and how India’s evolving privacy laws are reshaping user rights. Sarika also highlighted RentenPe’s approach to data security, emphasizing transparency, compliance, and the importance of building privacy-first digital tools in an increasingly data-driven world.
Read the full interview here:
TimesTech: Data on the cloud: Is it ever truly safe? People store everything from personal journals to financial data on cloud-based systems. What happens to the data we upload on a daily basis? Google Forms, cloud backups, government IDs who owns it and who has access to it?
Sarika: Cloud data is generally safe when one uses reputable providers like AWS, Google Cloud, or Microsoft Azure, as they offer strong security measures such as encryption, regular audits, and data redundancy. However, security is a shared responsibility — while the provider secures the infrastructure, users must properly configure access controls, use strong authentication, and manage encryption keys. Most breaches occur due to human errors like misconfigurations or weak passwords. With proper security practices, storing data in the cloud can be as safe — or even safer — than keeping it on local systems. At RentenPe, we have data on cloud with top service providers and a dedicated team to monitor and act on all the threats. Hence, all data stored with us is completely safe.
TimesTech: Are digital tools actually encrypted? Most apps claim to be “end-to-end encrypted,” but what does that really mean for the average user?
Sarika: Yes, most digital tools use encryption to protect your data, especially during transmission (using protocols like TLS) and often while stored on servers (using standards like AES-256). While tools like Signal and WhatsApp use End-to-End Encryption (E2EE) by default, many others, including some cloud storage or collaboration platforms, may only encrypt data in transit or at rest, meaning the provider could potentially access your information. At RentenPe, we have implemented protocol and encryption methodology implemented which means we also can’t access the data in readable form.
TimesTech: Behind the Terms & Conditions how many users truly understand the fine print they accept while using identity verification apps or e-signature tools?
Sarika: When it comes to data security and privacy, Terms and Conditions are crucial because they explain how your personal information is collected, used, stored, and shared by the digital tool. They outline what data is gathered (such as your name, e-mail ID, or location), whether it’s shared with third parties, and what security measures (like encryption) are in place to protect it. These terms also inform you of your rights — such as accessing, correcting, or deleting your data — under privacy laws like General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA). By reviewing these sections, you can understand how your data is handled and make informed decisions about using the tool. At RentenPe, we inform users on how we are collecting and storing user data to ensure users are in the know about their data and are in complete control of it.
TimesTech: Digital illiteracy in a smart world. How aware is the average citizen about how their data is used or misused?
Sarika: Most internet users are driven by quick outcomes. However, they often lack knowledge of data rights. Many users remain unaware about their rights to access, correct, and erase their personal data. Furthermore, a lack of digital literacy impedes their ability to navigate privacy settings, understand data policies, as well as exercise their rights effectively.
TimesTech: Where’s the law in all of this? Are Indian privacy laws and data protection regulations equipped to handle this wave of digital dependency?
Sarika: The Government of India has implemented a robust user data protection framework which addresses growing concerns around data security. The Digital Personal Data Protection Act (2023) is the primary user data protection law of the country. It applies to all personal data collected – whether online or digitised later.
As per the Act, data fiduciaries must provide a privacy notice detailing why data is being collected, what data is being collected and how it will be used. They should also provide contact details for grievance redressal. This legislation highlights consent-based data processing, data principal rights, and strict penalties for non-compliance. The act is projected to have an effect on a majority of organisational areas, including legal, IT, human resources, sales and marketing, procurement, finance, and information security due to the type and volume of personal data that is collected, stored, processed, retained, and disposed of by them.
TimesTech: What Are Developers Doing to Keep Our Data Safe? What’s the cost of building a privacy-first app?
Sarika: Developers play a critical role in maintaining data privacy by designing and implementing systems that protect user information from unauthorized access, misuse, or breaches. Their responsibilities include writing secure code, applying encryption to sensitive data, managing secure authentication and access controls, and ensuring compliance with privacy regulations like GDPR or CCPA. Regular testing, vulnerability assessments, and staying updated on security best practices are the key to safeguarding user data throughout the development lifecycle. At RentenPe, we have a dedicated team of developers for every single check point with code check to QA and testing on the security front.
Building a privacy-first app depends on the app’s complexity, platforms supported, and the level of privacy features implemented. Core privacy elements—like end-to-end encryption, local-only data storage, anonymous authentication, and compliance with regulations such as GDPR or HIPAA—can add significant development time and cost. These features require experienced developers, security audits, and often a custom backend or private cloud infrastructure, making privacy-first apps more resource-intensive than standard ones.
TimesTech: Are small startups equipped to offer the same level of data protection as big tech companies?
Sarika: Although we are still growing, but at RentenPe, we follow all compliance of data protection as big tech. With data encryption, access controls, cloud monitoring, threat protection and monitoring, regular auditing, and timely patching all in place, we align with industry best practices for cloud security.
