Skip to content

DPDP Act Compliance

Last updated: 15 April 2026

Overview

Spondbyte Technologies Pvt Ltd is committed to compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) enacted by the Parliament of India. This page outlines how we align with the Act’s requirements in our website operations and data processing activities.

Lawful purpose

We process personal data only for specific, clear, and lawful purposes — primarily to respond to business enquiries, provide requested resources, and improve our website. We do not process data for purposes beyond what was disclosed at the time of collection.

Consent

Personal data is collected only when you voluntarily submit it through our contact form, resource download gate, or OTP verification flow. By submitting these forms, you provide informed consent for the specific processing described. You may withdraw consent at any time by contacting us.

Data minimisation

We collect only the data necessary for the stated purpose. Contact forms request name, organisation, role, email, phone, and project details — all directly relevant to scoping a technical deployment. We do not collect demographic, financial, or sensitive personal data.

Storage limitation

Personal data submitted through forms is retained only as long as necessary to fulfil the purpose for which it was collected. Enquiry data is retained for the duration of the business relationship or evaluation period. You may request deletion at any time.

Security safeguards

  • All form submissions are transmitted over HTTPS (TLS 1.3).
  • Email notifications use encrypted SMTP.
  • Data is stored in secured Google Workspace with role-based access.
  • OTP verification adds a second factor before form submission.
  • Rate limiting protects against automated abuse.

Rights of the data principal

Under the DPDP Act, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure of your data.
  • Withdraw consent for future processing.
  • Nominate another person to exercise these rights on your behalf.
  • Lodge a grievance with us or with the Data Protection Board of India.

Cross-border data transfer

We do not transfer personal data outside India except where required for core service delivery (e.g., email infrastructure). Any such transfer complies with the DPDP Act’s provisions on cross-border data flow.

Children’s data

This website is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will delete it promptly.

Grievance redressal

For any DPDP-related queries, grievances, or data requests, contact our Data Protection Officer at info@spondbyte.com. We will acknowledge your request within 48 hours and resolve it within 30 days.