Here’s where I think you went wrong:

1. IT Act 2000 — Section 66C / 66D (Identity Fraud / Impersonation) You student data and sent emails appearing to come from or relate to official IIT systems. The email notification system especially is sketchy. sending emails to official addresses using student identity data without consent borders on unauthorized use of identity/credentials.

2. IT Act 2000 — Section 43 (Unauthorized Access / Data Theft) Scraping student data from IIT Delhi’s internal systems without authorization is almost certainly a violation here. Section 43 covers unauthorized access to computer systems and extraction of data.

3. Information Technology (Reasonable Security Practices) Rules, 2011 You collected and published sensitive personal data (romantic relationships, social associations) without consent, no privacy policy, no opt-out. This is a clear violation of the SPDI Rules under the IT Act.

4. Indian Penal Code Section 499/500 — Defamation The platform explicitly hosted rumors, gossip, and accusations (dating history, “haters”). Anonymous posts that damage reputation = defamation. As the platform operator and publisher, you have exposure. Unlike Twitter or Reddit, you’re not a passive host. You designed the romantic/social tagging features.

5. IPC Section 354D — Stalking The “crushing on / crushed on by” fields combined with the email notification system is very problematic. Enabling someone to anonymously tag another person and then notify them about it could constitute facilitation of stalking.

Also, it was simply uncool.