AmarnepalNepal Data
AI & technologyBeginner · 10 min read

Data privacy basics: protecting your personal information

Apps and websites collect far more about you than most people realise. Learn what personal data is, how it is collected and used, what your rights are, and simple steps to share less and stay safe, with Nepal-specific examples.

Whenever you install an app, accept cookies, or sign up for a service, you are handing over information about yourself. Some of it is obvious, like your name and phone number. A lot of it is not, like your location history, your contacts, what you tap, and how long you look at each post. This information is valuable, and companies build entire businesses around collecting and using it.

Data privacy is simply your ability to decide who gets your information and what they do with it. You do not need to become a tech expert or go offline to protect it. Small, deliberate choices, made once and then repeated as a habit, dramatically reduce how much of you is exposed.

This guide explains what your data is, why it is collected, and exactly what you can do about it as a person living in Nepal using everyday apps like Facebook, TikTok, eSewa, Khalti and your bank's app.

What counts as personal data

Personal data is any information that can identify you or be linked to you. People often think only of obvious details, but the list is much wider, and combinations are powerful: your location plus your daily routine, for example, can reveal where you live, work and worship.

  • Direct identifiers: full name, phone number, email, home address, citizenship or passport number, photos.
  • Financial data: bank details, card numbers, eSewa/Khalti balances and transaction history.
  • Location data: where you are now and where you have been, often collected silently by apps.
  • Behavioural data: what you search, watch, click, buy and how long you spend on each thing.
  • Device data: your phone model, contacts, photos, and the unique IDs that link your activity together.
  • Sensitive data: health, religion, caste/ethnicity, political views and biometric data like fingerprints and face scans.

How and why your data is collected

Most free apps and websites are not really free; you pay with your data and attention. Companies collect data to target ads, recommend content that keeps you scrolling, and sometimes to sell or share with other companies. Knowing the common collection points helps you cut them off.

Cookies and trackers follow you across websites. App permissions hand over your camera, microphone, contacts and location. Sign-in-with-Facebook or sign-in-with-Google buttons are convenient but share data between services. Even free public wifi can be a collection point, and an unsafe one.

Practical steps to share less

You can take back a lot of control in under an hour. Work through these and then revisit them every few months.

  • Review app permissions on your phone (Settings > Apps or Privacy) and turn off anything an app does not truly need, such as a torch app wanting your contacts or location.
  • Set location to 'While using the app' or 'Ask every time' instead of 'Always' for most apps.
  • Reject non-essential cookies on websites when asked, and clear cookies occasionally.
  • Use a private/incognito window for casual browsing you do not want tracked.
  • Prefer signing up with email and a password over 'Continue with Facebook/Google' for services you do not fully trust.
  • Avoid logging into banking or eSewa/Khalti on free public wifi; use mobile data for anything financial.
  • Be stingy with sensitive details, do not give your citizenship number, exact birth date or biometric scans unless a service genuinely requires it and you trust it.

Reading the warning signs

You do not have to read every long privacy policy, but you can scan for red flags. Be cautious if an app asks for permissions unrelated to its purpose, if a service is vague about how it uses your data, or if a 'free' offer seems too generous.

Be especially careful with apps installed from outside the official Google Play Store or Apple App Store, with links sent over SMS or social media, and with services that pressure you to act fast. Legitimate Nepali services like banks, eSewa, Khalti, ConnectIPS and the Nagarik App will never ask for your full password or OTP by phone or message.

Your privacy and the law in Nepal

Nepal does recognise a right to privacy in its Constitution, and there is legislation addressing the privacy of personal information, alongside electronic transactions law that covers online conduct. The protections and enforcement are still developing compared to some countries, so your own habits remain your strongest defence.

Practically, this means: keep records of important communications, be careful what you consent to, and if your data is misused, you can raise the issue with the service and with relevant authorities. The general principle worldwide, including the direction Nepal is moving in, is that you should know what is collected and be able to object, so it is reasonable to ask companies what they hold about you.

Key takeaways

  • Personal data is anything that can identify you, from your name to your location history and behaviour.
  • Free apps usually monetise your data and attention, that is the real price.
  • Tighten app permissions, limit location access, and reject non-essential cookies.
  • Never enter banking, eSewa or Khalti details on free public wifi; use mobile data.
  • Legitimate Nepali services never ask for your full password or OTP by call or message.
  • Nepal's Constitution recognises a right to privacy, but your own habits are your strongest protection.
Questions

Data Privacy Basics — FAQ

If a service is free, how does it make money?+

Usually through your data and attention: showing you targeted ads, keeping you engaged, and sometimes sharing or selling data to other companies. This is why reviewing permissions and limiting what you share matters even for 'free' apps.

Should I always reject cookies?+

Reject non-essential or marketing cookies, which track you across sites. Essential cookies that make a site function (like keeping you logged in) are fine to accept. Most cookie banners let you choose, so pick 'reject all' or 'manage' rather than blindly accepting.

Is it safe to do eSewa or banking on public wifi?+

It is best avoided. Public wifi can be insecure and is a common place for data to be intercepted. For anything financial, use your mobile data instead, and make sure the app or site is the official one before entering details.

What permissions are reasonable for an app to ask?+

Only ones related to what the app does. A camera app needs the camera; a calculator does not need your contacts or location. If permissions seem unrelated to the app's purpose, deny them, the app will usually still work, or it was not trustworthy anyway.

Does Nepal have a data protection law?+

Nepal's Constitution recognises a right to privacy, and there is legislation dealing with privacy of personal information and electronic transactions. The framework is still developing and enforcement is maturing, so cautious personal habits remain the most reliable protection.

Sources & data note

These guides explain widely-accepted SEO, AEO and GEO practice as documented by Google Search Central, schema.org and current industry research. Search and AI systems evolve continually — treat specific thresholds (e.g. Core Web Vitals targets) as current guidance and verify against the latest official documentation. Examples are tailored to Nepal's market.