top of page
  • Facebook
  • LinkedIn

DPDP Notice & Data Principal Rights (India)

LAST UPDATED: 05 Feb 2026

CONTACT: privacy@policytruth.in

 

1) Our status under law

We act as a “Data Fiduciary” under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) because we determine why and how your personal data is processed to deliver our document review reports.

 

2) What personal data we collect (data minimisation)

We collect only what is reasonably necessary to deliver the service you request.

A. Data you provide directly

- Contact data: name, email, phone

- Uploaded documents: loan/insurance PDFs and related supporting pages you upload

B. Data collected automatically (security/operations)

- Basic technical logs (e.g., IP address, device/browser, timestamps) to prevent abuse, secure the platform, and troubleshoot

 

IMPORTANT: Upload only what is needed. If possible, redact/mask identifiers (e.g., PAN/Aadhaar, full address) unless required for the clause you want reviewed.

 

3) Purposes of processing (specific purposes only)

We process personal data only for:

- Service delivery: extracting and analysing document terms and generating your plain-English report

- Customer support: resolving delivery issues and clarifying questions within the support window

- Security and fraud prevention: protecting users and our systems

 

We do not sell your personal data and we do not share it with banks/insurers/agents for sales or solicitation.

 

4) Consent (how we take it, how you withdraw it)

We rely primarily on your consent for processing your uploaded documents and contact details for service delivery.

- Consent is captured via clear, separate checkboxes on our submission/checkout forms.

- You may withdraw consent by using the Data Request process (see Section 7).

Effect of withdrawal:

- If you withdraw before processing/delivery, we stop processing (and cancellation/refund may apply per our Refund Policy).

- If you withdraw after delivery, we will delete your data per Section 6 unless we must retain limited records for legal compliance.

 

5) Children’s data (under 18)

Our services are intended only for individuals aged 18 years or older.

If we learn that a minor’s data has been processed without valid guardian consent, we will delete it promptly.

 

6) Retention & deletion (storage limitation)

We retain personal data only as long as necessary for the purposes stated above.

Default retention (you may adjust):

- Uploaded documents: deleted within [10] days after report delivery (or earlier upon valid request)

- Support correspondence: retained up to [30] days

- Transaction/Invoice records: retained as required by applicable tax/accounting laws

 

After retention ends, we delete or irreversibly anonymise the data.

 

7) Your rights as a Data Principal (DPDP Act)

Subject to the DPDP Act, you can request:

- Access: a summary of personal data processed for your order

- Correction: correct inaccurate contact details

- Erasure: delete your personal data (where we are not legally required to retain it)

- Withdraw consent: stop further processing (see Section 4)

- Grievance redressal: raise a complaint with our Grievance/Privacy Officer

- Nomination: nominate someone to exercise your rights in case of incapacity/death

 

8) How to exercise your rights (Data Requests)

Submit a request:

- Email: privacy@policytruth.in

 

We may request verification to protect against fraud. We maintain request logs for accountability.

 

9) Grievance Redressal Officer (required disclosure)

Name: Mr.Rajiv Kumar

Designation: Grievance / Privacy Officer

Email: grievance@policytruth.in

SLA (internal): acknowledgement within 48 hours; resolution within 30 days.

 

If you are not satisfied with our response, you may escalate as per remedies available under the DPDP Act, including approaching the Data Protection Board of India when applicable.

 

10) Security safeguards (high level)

We maintain reasonable security safeguards such as:

- HTTPS/TLS for data in transit

- Access controls and least-privilege for staff/admins

- Segregation of customer submissions

- Periodic security reviews and vendor risk checks

 

11) Cross-border transfers

If any processing/storage occurs outside India via our vendors, we will ensure it is permitted under the DPDP Act and applicable government directions.

 

12) Updates to this Notice

We may update this page. The “Last Updated” date reflects the latest version. Material changes will be posted on this website.

Disclaimer: PolicyTruth.in provides educational, informational document analysis only and does not provide legal, financial, investment, insurance, or tax advice. We are not a SEBI-registered investment adviser/research analyst and we are not an IRDAI-registered insurance intermediary/broker/agent. We do not sell or solicit loans or insurance, do not recommend products/providers, and do not assess suitability for your personal circumstances. We do not opine on whether you should buy, renew, cancel, surrender, switch, hold, or claim under any product. Any analysis/report is based only on (i) the text and numbers in the documents you upload and (ii) publicly available material; it may be incomplete or contain errors if documents are incomplete/unclear. Verify all critical terms directly in the original document and with the issuer, and consult licensed professionals for advice tailored to your situation. No outcomes are guaranteed; use at your own risk. Liability is limited as per our Terms & Conditions.

​Phone
+91 8368996538

Email
team@policytruth.in

Subscribe to get exclusive updates

“PolicyTruth” is a brand name reflecting our focus on accurate plain-English explanations; it does not allege wrongdoing by any institution.

© 2026 PolicyTruth  | A unit of Guruvion @Guruvion.com. All rights reserved.

bottom of page