DPDPA.center — App Privacy Policy

Version: 1.0 | Effective date: 2026-06-12 Operated by: CynorSense Solutions Pvt. Ltd., India (“CynorSense”, “we”, “us”) Contact / Data Protection Officer: dpo@cynorsense.com

1. Who we are and our role

DPDPA.center is a compliance application that helps website owners meet their obligations under India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”). When a site owner installs DPDPA.center, CynorSense acts as a Data Processor processing personal data on behalf of and under the instructions of the installing site owner, who is the Data Fiduciary under the DPDP Act. The site owner — not CynorSense — determines the purposes of processing for their visitors’ data. Our processor-on-behalf-of-fiduciary relationship is also disclosed in the emails the app sends.

2. What we collect and why

2.1 From site owners (Data Fiduciaries)

Data	Purpose	Legal basis
Fiduciary legal name, DPO email address, site domain, brand name	Tenant provisioning, branding the My Data page, routing rights requests	Performance of the service contract
App installation identifiers and per-tenant API credentials	Operating the integration securely; tenant isolation	Performance of the service contract

2.2 From the site’s visitors (Data Principals) — processed for the Fiduciary

Data	Purpose	Legal basis (of the Fiduciary)
Email address and member/contact identifiers (resolved server-side from the site’s member system — never typed by the visitor)	Identity verification (one-time code), linking consent records to the correct person	Legal obligation / consent under DPDP Act §6
Consent records: purpose, grant/withdrawal, timestamp, provenance	The consent ledger the DPDP Act requires; enforcing withdrawals	DPDP Act §6 and §8(2) record-keeping
Cookie and tracker consent decisions	Gating analytics/advertising trackers until consent is given	DPDP Act §6
Grievance, correction, and portability request contents	Fulfilling Data Principal rights under §11–§13	Legal obligation
Audit events (webhook envelopes: event type, entity IDs, timestamps)	Append-only audit trail for §8(2) record-keeping	Legal obligation

Transient processing: when a verified Data Principal requests a §11 access report, or when erasure requires a legal-hold check, we read that person’s records on the site (contact, member, orders, bookings, form submissions, invoices, messages) transiently. These reads are returned to the verified principal or evaluated for legal hold; message contents are not stored by us beyond the report and audit artifacts.

What we do NOT collect: payment card or banking data; we do not store message contents; we collect no data for advertising, profiling, or AI training. We never sell or share personal data, and we never use data collected for a site for our own purposes.

3. How data is stored and protected

Consent records are held in a multi-tenant consent-ledger database (PostgreSQL) operated by CynorSense on managed infrastructure ([PLACEHOLDER: hosting provider name and region — see security-statement.md]).
Each site is an isolated tenant; sessions are cryptographically bound to a single site and are invalid elsewhere.
All traffic is encrypted in transit (HTTPS/TLS). Per-tenant credentials and secrets are held in a secrets vault (OpenBao) and never reach code or the browser.
Audit logs are append-only.

4. Sub-processors

Sub-processor	Purpose
Microsoft 365 (Microsoft Graph)	Transactional email delivery (one-time codes, notices) sent from dpo@cynorsense.com
Hosting/infrastructure provider	[PLACEHOLDER: hosting provider name and region] — hosts the consent ledger and app services

No analytics, advertising, or AI sub-processors process Data Principal data.

5. Retention and deletion

Consent and audit records are retained as statutory compliance evidence for the Fiduciary (DPDP Act §8(2)).
Erasure (§12): an erasure request triggers an immediate processing freeze — all consents are withdrawn, marketing consent is revoked, email subscriptions are unsubscribed, and the member account is removed. Records subject to statutory retention (e.g., books-of-account and tax law, approximately 8 years, per DPDP Act §8(7)) are frozen storage-only under a documented legal hold with a retention clock, then physically purged by an automated retention engine when the clock expires, with purge proof recorded.
Uninstall: tenant data is retained for 90 days after uninstall to allow reinstatement, then deleted — except records under an active legal hold, which follow the retention clock above.

6. Your rights

If you are a Data Principal (a visitor of a site using DPDPA.center), exercise your rights — access, correction, erasure, grievance — directly via the site’s My Data page, or contact the site’s Data Fiduciary/DPO. We act on the Fiduciary’s instructions and will assist them in fulfilling your request. If you are a site owner, contact dpo@cynorsense.com for any request concerning your account data.

7. Jurisdiction and changes

This policy is governed by the laws of India. We will notify site owners of material changes via the app or the DPO email on record. Continued use after the effective date of a revision constitutes acceptance.

Grievance Officer (India): [PLACEHOLDER: name of designated Grievance Officer], reachable at dpo@cynorsense.com.