1.Overview

The Digital Personal Data Protection Act, 2023 ("DPDP Act") is the primary Indian law governing digital personal data processing. Because BoSS is built for Indian businesses and processes digital personal data in India-related contexts, we design our product and operating practices with DPDP requirements in mind.

Sahayogi One Private Limited is building DPDP Act compliance progressively. We are not claiming full compliance today — we align our data practices with DPDP requirements from day one so that compliance matures alongside the product. This page describes our current readiness posture, not a certification that every obligation is fully implemented across every workflow.

2.Scope & Applicability

This page is most relevant to:

Account, support, onboarding, and website inquiry data processed directly by us
Business platform usage where personal data appears inside customer-managed records
Security logs, authentication events, and operational records created by the service

3.Roles and Responsibility

For website leads, account administration, direct support interactions, and our own service operations, we may determine the purpose and means of processing ourselves.

For customer data entered into BoSS as part of the customer's business operations, the customer typically remains responsible for the underlying business purpose, notices, and permissions for that data, while we act as a service provider supporting the platform workflow.

4.Data Principal Requests

We currently handle privacy and data-rights requests through a manual support process. Requests may include access, correction, deletion, or grievance-related concerns, subject to legal retention duties, security requirements, and customer-controlled data contexts.

We do not represent on this page that a full self-service DPDP rights-management portal is already available.

5.Consent and Notices

Our processing posture depends on the context. Some processing is necessary to operate the service, secure accounts, or meet statutory obligations. Optional communications or future non-essential processing may require clearer, separate notice or consent handling as product flows evolve.

Internal implementation notes in this repository already identify some consent and rights areas as work in progress. We therefore avoid representing this page as proof that all consent-management features are complete.

6.Retention & Erasure

We retain data according to service needs, legal retention rules, audit requirements, and the current product mechanics for the affected record type. In some cases, access can be disabled or records can be soft-deleted before they can be fully erased.

Deletion or erasure requests are therefore reviewed case by case rather than guaranteed through a single fixed automated timeline.

7.Incident Assessment

If we confirm a personal-data incident, we assess containment, remediation, customer communication, and any notification duties that apply under law or contract. The precise response depends on the facts of the incident and the legal context at that time.

8.Contact

For privacy or grievance-related questions connected to DPDP matters, contact:

Privacy and Grievance Contact

Sahayogi One Private Limited

Email: support@sahayogione.com

DPDP Act Readiness