DPDP Act, 2023 — Compliance Overview

1. Legal framework

The DPDP Act, 2023 governs processing of digital personal data in India. TANIYUR acts as a Data Fiduciary when we determine the purpose and means of processing personal data in connection with our platform and website. Data Principals (residents, committee members, visitors to our site, and others whose personal data we process) have statutory rights, including access, correction, erasure (where applicable), grievance redressal, and nomination, as provided under the DPDP Act and applicable rules.

2. Notice, consent, and legitimate uses

We provide clear notice of what personal data we collect and for what purposes through our Privacy Policy. Where the DPDP Act requires consent, we seek it in a granular manner (for example, before you submit contact details or use features that involve optional processing). We also rely on legitimate uses recognised under the Act where applicable—for example, compliance with law or voluntary provision of data for specified purposes—with appropriate safeguards.

3. Purpose limitation and data minimisation

We process personal data only for stated purposes (such as society operations, billing, security logs, product improvement in aggregate form where allowed, and responding to enquiries). We avoid collecting data that is not reasonably necessary for those purposes.

4. Security and organisational measures

We implement technical and organisational measures appropriate to the risk, including encryption in transit, access controls, authentication, logging, and separation of environments. Details are summarised in our Privacy Policy; specific controls may evolve as the product and threat landscape change.

5. Processors and third parties

We use reputable service providers (for example, cloud hosting, database, authentication, payment, and messaging integrations) strictly under contract and instructions compatible with the DPDP Act. We do not sell personal data.

6. Cross-border transfers

Where personal data is transferred outside India, we do so in line with the DPDP Act and notifications issued by the Central Government from time to time (including restrictions or permitted destinations, as applicable).

7. Retention and erasure

We retain personal data only as long as needed for the purposes described, legal obligations, or dispute resolution, then delete or anonymise it in accordance with our retention practices (see Privacy Policy).

8. Children's data

Where processing relates to children as defined under the DPDP Act, we require parental consent or follow other lawful bases and safeguards as the law requires.

9. Grievance redressal and the Data Protection Board

You may contact our grievance channel (see below). If you are not satisfied with our response, you may escalate in accordance with the DPDP Act, including before the Data Protection Board of India, once applicable processes and rules fully apply to your case.

10. Breach notification

Where the DPDP Act or rules require us to notify the Board and/or affected Data Principals of a personal data breach, we will comply with those requirements.

11. Related documents

• Privacy Policy — categories of data, rights, retention, and contacts.
• Terms & Conditions — contractual terms, including incorporation of the Privacy Policy where referenced.

12. Contact

Grievances and data-rights requests: privacy@taniyur.com

Replace or supplement this address in deployment configuration if your organisation uses a dedicated Data Protection Officer or Grievance Officer inbox.