Terms & Conditions

1. Acceptance and authority

By creating an account, signing an Order Form, accessing or otherwise using DPDPA Suite ("Service"), you confirm that you have read, understood and agreed to these Terms, the Privacy Policy, the Cookies Policy, the Data Protection Policy and the Data Processing Addendum. If you are using the Service on behalf of an organisation ("Customer"), you represent that you are an authorised signatory of that Customer and that all references to "you" mean the Customer.

2. Definitions

• "DPDP Act" means the Digital Personal Data Protection Act, 2023, and any rules notified thereunder including the DPDP Rules, 2025.
• "Customer Data" means data, content and records (including personal data) that you submit to or generate through the Service.
• "Authorised User" means an individual the Customer authorises to use the Service under the Customer's account.
• "Order Form" means any subscription, ordering, or commercial document referencing these Terms.
• "Documentation" means the user guides, technical documentation and SLAs we publish for the Service.

3. The Service

DPDPA Suite is a multi-tenant software-as-a-service platform that helps organisations operationalise the DPDP Act and allied rules. We may update, improve, replace or modify features from time to time provided that no such change materially degrades core functionality during the term of an Order Form. We will give reasonable prior notice of material adverse changes.

4. Accounts and Authorised Users

• You are responsible for the actions of every Authorised User of your tenant.
• You must keep credentials confidential and use multi-factor authentication where offered.
• You must promptly notify us of any actual or suspected unauthorised access.
• We reserve the right to suspend access in case of imminent security risk, with notice where lawful and practicable.

5. Acceptable use

You will not, and will ensure your Authorised Users do not:

• reverse engineer, decompile, disassemble or attempt to derive source code from the Service;
• copy, resell, sublicense, rent, lease, or provide the Service to third parties (except as expressly permitted);
• use the Service in violation of any applicable law, including the DPDP Act, the Information Technology Act, 2000, CERT-In directions, or export-control laws;
• upload malware, viruses, or content that infringes intellectual property or privacy rights;
• send unsolicited marketing or spam through any feature of the Service;
• attempt to gain unauthorised access to the Service, other tenants, or any underlying infrastructure;
• circumvent technical or administrative limits (e.g. rate limits, role-based access controls).

6. Customer Data and roles

You retain ownership of Customer Data. For Customer Data that is personal data, you act as Data Fiduciary and we act as your Data Processor under the DPDP Act. We process Customer Data strictly to deliver and support the Service, in line with our Data Processing Addendum which forms part of these Terms.

You are responsible for the lawfulness of Customer Data, for collecting necessary consents from Data Principals, for the accuracy of records, for configuring roles and retention, and for responding to Data Principal requests. We will provide reasonable assistance through the Service's features and the support channels described in the Documentation.

7. Fees, taxes and renewal

• Paid plans are billed in advance per the Order Form in effect.
• Fees are exclusive of GST, withholding taxes and other applicable levies, which are payable by you.
• Subscriptions renew automatically for successive terms unless either party gives at least 30 days' prior written notice of non-renewal.
• Late payments accrue interest at 1.5% per month or the maximum rate permitted by law, whichever is lower.
• Fees are non-refundable except where mandated by law or expressly agreed in writing.

8. Intellectual property

All right, title and interest in and to the Service, including all software, models, designs, templates, branding and Documentation, is and remains the exclusive property of DPDPA Suite and its licensors. During the subscription term, we grant you a non-exclusive, non-transferable, non-sublicensable right to access and use the Service for your internal business purposes. Feedback you provide may be incorporated into the Service without obligation to you.

9. Confidentiality

Each party will protect the other's confidential information using at least the same standard of care it uses for its own and not less than a reasonable standard of care. Confidential information may be disclosed only to personnel and advisors with a need to know and bound by equivalent confidentiality obligations.

10. Service Level Agreement

Subject to your subscription tier, we target 99.9% monthly uptime for the production environment, excluding scheduled maintenance and force majeure. The full SLA, support response times and service credits are set out in the Documentation.

11. Warranties and disclaimers

We warrant that the Service will materially conform to its Documentation. Except as expressly stated, the Service is provided "as is" and "as available" and we disclaim, to the maximum extent permitted by law, all other warranties whether express, implied or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement and any warranty arising from course of dealing or usage of trade.

12. Limitation of liability

To the maximum extent permitted by law, neither party will be liable for any indirect, incidental, special, consequential, exemplary or punitive damages, or for loss of profits, revenue, data or goodwill. Our aggregate liability arising out of or in connection with these Terms is limited to the fees paid by you to us under the relevant Order Form in the twelve months preceding the event giving rise to the claim. Nothing in these Terms limits liability that cannot be limited under applicable law, including liability for gross negligence, wilful misconduct or fraud.

13. Indemnification

You will defend, indemnify and hold us harmless from third-party claims arising out of (a) your or any Authorised User's breach of these Terms or applicable law, or (b) Customer Data that infringes any third-party right or violates law. We will defend you against third-party claims that your authorised use of the Service infringes Indian intellectual property rights, subject to standard carve-outs and procedures.

14. Suspension and termination

• Either party may terminate for material breach not cured within 30 days of written notice.
• Either party may terminate immediately on the other party's insolvency, winding-up or analogous event.
• We may suspend access for non-payment, suspected unlawful activity, or where required by a competent authority.
• On termination, your right to use the Service ends; we will, on written request received within 30 days of termination, return or delete Customer Data per our Data Protection Policy.

15. Force majeure

Neither party is liable for delay or failure caused by events beyond reasonable control, including acts of God, war, civil unrest, pandemic, governmental action, widespread network or power failures, or cyber attacks that bypass commercially reasonable safeguards.

16. Governing law and dispute resolution

These Terms are governed by the laws of India. Any dispute arising out of or in connection with these Terms will be submitted to the exclusive jurisdiction of the courts at New Delhi. Either party may seek interim or injunctive relief in any court of competent jurisdiction.

17. Miscellaneous

• These Terms, the Privacy Policy, Cookies Policy, Data Protection Policy and any Order Form constitute the entire agreement between the parties on the subject matter.
• If any provision is held unenforceable, the remainder remains in effect.
• Failure to enforce a right is not a waiver.
• You may not assign these Terms without our prior written consent; we may assign to an affiliate or in connection with a reorganisation.
• Notices must be in writing and sent to the addresses on the Order Form or to hello@dpdpasuite.com.

18. Data Principal duties (DPDP §15)

When you exercise your rights or interact with DPDPA Suite as a Data Principal, you must:

• comply with applicable law, including the DPDP Act and Information Technology Act, 2000;
• not impersonate another person while submitting consent, DSARs or grievances;
• not suppress material information or provide false particulars in any DSAR or grievance;
• not file frivolous or vexatious complaints with us or with the Data Protection Board;
• furnish only verifiably authentic information when seeking correction or updation of your personal data.

Breach of these duties may result in penalties as prescribed in the Schedule to the DPDP Act, in addition to suspension of access to the Service.

19. Contact

Email: hello@dpdpasuite.com
Phone: +91 88513 05915