Legal Information

1. Privacy Policy

This Privacy Policy explains how DPDP Readiness Scanner ("we", "our", "the Service") collects, uses, and protects personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and applicable Indian law.

1.1 Data We Collect

• Work email address — collected at sign-up to verify your organisation identity and send the magic-link login. We accept only professional/work email addresses; personal email providers (Gmail, Yahoo, Hotmail, etc.) are not permitted.
• Organisation name and scan domain — provided by you during onboarding to configure your account.
• Scan URLs and results — the URLs you submit for scanning and the compliance reports we generate are stored and associated with your account.
• Payment information — we do not store card or bank details. Payments are processed by Razorpay; we only retain the Razorpay order ID and payment ID for transaction records.
• Technical logs — IP address, timestamp, and HTTP metadata collected automatically for security and rate-limiting purposes.

1.2 How We Use Your Data

• To authenticate you via magic-link email and maintain your session.
• To run compliance scans and deliver reports linked to your account.
• To process payments and unlock full reports.
• To enforce usage limits (3 scans per domain per account).
• To prevent abuse and enforce our rate limits.
• To send transactional emails (magic links, payment receipts). We do not send marketing emails without your explicit consent.

1.3 Legal Basis for Processing

We process your personal data on the basis of your consent, which you provide when you sign up for the Service. You may withdraw consent at any time by requesting account deletion (see Section 1.6). Processing of payment data is also necessary for performance of the contract between us.

1.4 Data Sharing

We do not sell or share your personal data with third parties for advertising or marketing. We share data only with:

• Razorpay — for payment processing (governed by Razorpay's Privacy Policy).
• Email delivery provider — for sending magic-link and transactional emails.
• Infrastructure providers — our hosting and database providers (bound by data processing agreements).

We may disclose data if required by law or a competent government authority under the DPDP Act or other applicable legislation.

1.5 Data Retention

• Scan results are retained for 12 months from the date of the scan.
• Account and authentication data are retained for the lifetime of the account.
• Expired session tokens are deleted within 7 days of expiry.
• Payment records are retained for 7 years as required by Indian financial regulations.

1.6 Your Rights Under the DPDP Act

As a Data Principal, you have the following rights:

• Right to access — request a summary of personal data we hold about you.
• Right to correction — request correction of inaccurate personal data.
• Right to erasure — request deletion of your account and associated personal data.
• Right to grievance redressal — contact our Grievance Officer (see Section 4).
• Right to nominate — nominate an individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, email our Grievance Officer at the address in Section 4. We will respond within 7 business days.

1.7 Security

We implement reasonable technical and organisational security measures including HTTPS, server-side session storage, hashed authentication tokens, and access controls. In the event of a personal data breach, we will notify affected users and the Data Protection Board of India within 72 hours as required by the DPDP Act.

1.8 Cookies

We use a single session cookie to maintain your logged-in state. This cookie is strictly necessary for the Service to function and does not track you across other websites. We do not use advertising or analytics cookies.

2. Terms of Service

By accessing or using DPDP Readiness Scanner ("the Service"), you agree to be bound by these Terms. If you do not agree, do not use the Service.

2.1 Eligibility

The Service is intended for businesses and professionals. You must use a professional/work email address to register. You represent that you have authority to agree to these Terms on behalf of your organisation.

2.2 Permitted Use

• You may only scan domains that you own or are authorised to test on behalf of the domain owner.
• Each account is limited to one declared scan domain. Scans are limited to 3 per domain on the free plan.
• You may not use the Service to scan third-party websites without authorisation, to conduct competitive intelligence on competitors, or for any unlawful purpose.
• You may not attempt to circumvent rate limits, scan limits, or authentication controls.

2.3 Report Accuracy

We make no warranty that the Service is error-free or that scan results are complete, accurate, or current. DPDP rules and enforcement guidance may change; reports may not reflect the latest regulatory developments.

2.4 Account Responsibility

You are responsible for maintaining the confidentiality of your account and for all activity that occurs under it. Magic-link login emails are single-use and expire after 15 minutes. Notify us immediately if you suspect unauthorised access.

2.5 Intellectual Property

The Service, its software, and the report templates are proprietary to DPDP Readiness Scanner. You may use and share your own compliance reports. You may not copy, reverse-engineer, or resell the Service itself.

2.6 Limitation of Liability

To the maximum extent permitted by law, we are not liable for any indirect, incidental, or consequential damages arising from your use of the Service, including regulatory penalties, compliance failures, or reliance on report findings. Our total liability is limited to the amount you paid for the specific report giving rise to the claim.

2.7 Governing Law

These Terms are governed by the laws of India. Disputes shall be subject to the exclusive jurisdiction of courts in Bengaluru, Karnataka.

2.8 Changes to Terms

We may update these Terms from time to time. Continued use of the Service after changes are posted constitutes acceptance. Material changes will be notified via email to registered users.

3. Refund & Cancellation Policy

This policy applies to payments made for unlocking full DPDP compliance reports through the Service.

3.1 What You're Paying For

A one-time payment of ₹4,499 + GST unlocks the full DPDP compliance report for your scanned URL, including all findings, remediation steps, penalty exposure analysis, and PDF export. The report is delivered immediately upon successful payment verification.

3.2 Refund Eligibility

• Technical failure — if your payment is processed but the full report is not unlocked within 30 minutes due to a technical error on our side, you are entitled to a full refund or immediate resolution.
• Duplicate charge — if you are charged more than once for the same report, the duplicate charge will be fully refunded.
• Report not delivered — if the scan fails and a report cannot be generated, you will not be charged (scans are queued before payment; payment unlocks an already-completed scan).

3.3 Non-Refundable Cases

• Once you have accessed the full report, the payment is non-refundable, as the digital product has been delivered.
• Dissatisfaction with report findings or compliance scores is not grounds for a refund — scan results are an accurate reflection of the technical state of your website at the time of scanning.
• Payments are non-transferable between accounts or scan domains.

3.4 How to Request a Refund

Email our Grievance Officer (see Section 4) with your payment ID (available in your Razorpay payment confirmation email) and a description of the issue. We will investigate and respond within 3 business days. Approved refunds are processed within 5–7 business days to the original payment method.

3.5 GST

Prices are displayed exclusive of GST (18%). GST is added at checkout. GST-registered businesses can claim input tax credit on this purchase. A GST invoice is available on request.

4. Contact & Grievance Officer

For privacy-related requests (access, correction, erasure), refund claims, or any concerns about the Service, contact our Grievance Officer:

We are committed to resolving complaints promptly. If you are unsatisfied with our response, you may escalate to the Data Protection Board of India once it has established its complaint mechanism.