Legal · Privacy
Section 01
DPDPsecured.com (hereinafter referred to as "we", "us", or "the Company") is an individual proprietorship providing legaltech and data privacy compliance services to Indian businesses. Under the Digital Personal Data Protection Act, 2023 ("DPDP Act"), we are the Data Fiduciary in respect of personal data collected through this website.
Our registered contact email for all data-related matters is email@dpdpsecured.com. Grievance and data principal rights requests should be directed as specified in Section 9 of this Policy.
Section 02
We collect only the minimum personal data necessary for the purposes set out in this Policy. The categories of data we collect are as follows:
| Category | Specific Data | How Collected |
|---|---|---|
| Contact Data | Email address | Voluntarily provided via the contact/enquiry form on our homepage |
| Communications Data | Messages, queries, feedback sent to us by email | Voluntarily provided when you contact us directly |
| Usage & Analytics Data | Pages visited, time on site, browser type, operating system, approximate geographic location (country/city level), referral source | Automatically collected via Google Analytics 4 (anonymised IP) |
| Technical Data | IP address (anonymised), cookies, session identifiers | Automatically collected by web server and analytics tools |
| Software Download Data | Download events for DPDP Scan software (no personal identifiers attached) | Logged anonymously via analytics |
| Privacy Policy Analyser Data | Website URL submitted for compliance analysis; text of the analysed policy | Voluntarily provided via our online policy scorer tool (processed server-side; not retained after response is returned) |
We do not collect special categories of sensitive personal data as defined under the DPDP Act (including financial data, health data, biometric data, caste, religious beliefs, or sexual orientation) unless explicitly required for a specific service and disclosed separately at the time of collection with your explicit consent.
Section 03
Under Section 4 of the DPDP Act, personal data may be processed only for a lawful purpose with the consent of the Data Principal, or for certain legitimate uses. The table below sets out our purposes and the applicable basis:
| Purpose | Data Used | Legal Basis (DPDP Act) |
|---|---|---|
| Responding to your enquiry or contact form submission | Email address, communication content | Consent (Section 6) — given by submitting the form |
| Sending updates, compliance insights, or marketing communications | Email address | Consent (Section 6) — you may withdraw at any time |
| Operating and improving our website and services | Usage data, technical data | Legitimate use (Section 7) — necessary for website operation |
| Analysing privacy policies submitted to our scorer tool | Submitted URL and policy text | Consent (Section 6) — given by submitting the URL |
| Security, fraud prevention, and legal compliance | Technical data, IP address | Legal obligation / legitimate use (Section 7) |
| Analytics and website performance measurement | Usage data (anonymised) | Consent via cookie acceptance |
We will not use your personal data for any purpose incompatible with the purpose for which it was collected, without obtaining fresh consent from you.
Section 04
Where we rely on consent as the legal basis for processing, we will request it in a clear, plain-language manner specific to the purpose. Consent is freely given and may be withdrawn at any time without detriment to you.
You may withdraw your consent at any time by emailing us at email@dpdpsecured.com with the subject line "Withdraw Consent". Upon receipt, we will cease processing your personal data for the relevant purpose within 7 business days, and will confirm the withdrawal in writing.
Please note that withdrawal of consent does not affect the lawfulness of processing that occurred prior to the withdrawal.
Section 05
We do not sell, rent, or trade your personal data. We share data only in the limited circumstances described below:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Web3Forms | Processing contact form submissions and delivering enquiries to us | Email address, form content | USA (GDPR-compliant processor) |
| Google Analytics 4 (Google LLC) | Website analytics and usage measurement | Anonymised IP, usage events, browser/device data | USA (IP anonymisation enabled) |
| Netlify, Inc. | Website hosting and serverless function execution | Technical/server logs, form data (transient) | USA |
| Anthropic, PBC | AI-powered privacy policy compliance analysis (scorer tool only) | Submitted policy text (transient — not retained by Anthropic for training) | USA |
All service providers are contractually bound to process your data only as instructed by us, to maintain appropriate security measures, and not to use your data for their own purposes.
We may disclose personal data where required to do so by law, court order, or lawful direction of a government authority, or where we believe in good faith that disclosure is necessary to protect our legal rights or the safety of others.
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity, subject to the same privacy protections as described in this Policy. We will notify you of any such transfer via email or a prominent notice on our website.
Some of our service providers are located outside India. Any transfer of personal data outside India is carried out in accordance with Section 16 of the DPDP Act and applicable government notifications. We take reasonable steps to ensure that such transfers are protected by appropriate contractual safeguards.
Section 06
We retain personal data only for as long as necessary for the purposes set out in this Policy or as required by applicable law:
| Data Type | Retention Period | Reason |
|---|---|---|
| Email address (contact form) | 3 years from last interaction | To maintain contact history and comply with potential legal disputes |
| Email communications | 3 years from last interaction | Business records and potential legal necessity |
| Analytics data | 14 months (Google Analytics default) | Performance analysis and trend monitoring |
| Policy scorer submissions (URL + text) | Not retained — processed and discarded immediately after response | No business necessity to retain; privacy by design |
| Server logs | 90 days | Security monitoring and incident investigation |
After the applicable retention period, personal data is securely erased or anonymised.
Section 07
We implement reasonable security practices and procedures as required under Section 8(5) of the DPDP Act and Rule 3 of the IT (SPDI) Rules, 2011. These include:
While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. In the event of a data breach affecting your rights, we will notify you and the Data Protection Board of India (once operational) in accordance with Section 8(6) of the DPDP Act and applicable Rules.
Section 08
Under Chapter III of the DPDP Act, 2023, you have the following rights in respect of your personal data that we process:
To exercise any of the above rights, please contact our Grievance Officer using the details in Section 9. We will acknowledge your request within 3 business days and endeavour to resolve it within 30 days.
Section 09
In accordance with Section 13 of the DPDP Act, 2023 and Rule 12 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have designated the following Grievance Officer:
Section 10
We use the following types of cookies on our website:
| Type | Purpose | Can you opt out? |
|---|---|---|
| Strictly necessary | Essential for the website to function (e.g., session management) | No — required for site operation |
| Analytics (Google Analytics 4) | Understand how visitors use the site; all data anonymised | Yes — see below |
To opt out of Google Analytics tracking, you may install the Google Analytics Opt-out Browser Add-on or adjust your browser's cookie settings. IP anonymisation is enabled on all our analytics tracking.
Section 11
Our services are directed at businesses and professionals aged 18 years or above. We do not knowingly collect personal data from children (persons under 18 years of age) as defined in Section 9 of the DPDP Act. If you believe a child has submitted personal data to us without appropriate consent, please contact us immediately at email@dpdpsecured.com and we will take prompt steps to delete such data.
Section 12
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email.
We encourage you to review this Policy periodically. Your continued use of our website after any changes constitutes your acknowledgement of the updated Policy.
Section 13
This Privacy Policy is governed by and construed in accordance with the laws of the Republic of India, including the Digital Personal Data Protection Act, 2023; the Information Technology Act, 2000 and rules thereunder; and such other applicable Indian statutes. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of courts in New Delhi, India.