Privacy Policy
Last updated: April 20, 2026 ยท Compliant with DPDP Act, 2023
1. Overview
North India IT projects LLP ("we", "us", "our") is committed to protecting your personal data in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000. This Privacy Policy explains how we collect, use, store, and share your data when you use our platform.
2. Data We Collect
We collect the following categories of personal data:
| Data Type | Purpose |
|---|---|
| Name, Email, Phone | Account creation, voucher delivery, customer support |
| Payment information | Processed by our payment gateway โ we do NOT store card details |
| Purchase history | Order tracking, receipts, dispute resolution |
| Device & browser info | Security, fraud prevention, analytics |
| IP address | Rate limiting, security logs (retained for 180 days per CERT-In rules) |
3. Legal Basis for Processing (DPDP Act)
Under the DPDP Act 2023, we process your data based on your explicit consent, provided at the time of account registration. You may withdraw consent at any time by contacting us, though this may affect your ability to use the Platform.
4. How We Use Your Data
- Delivering purchased vouchers via email, SMS, or WhatsApp
- Sending order confirmations and receipts (transactional, not promotional)
- Providing customer support and resolving disputes
- Preventing fraud and unauthorized access
- Improving our Platform and user experience
- Complying with legal obligations (GST records, CERT-In logs)
5. Data Sharing
We share your data only with:
- Payment gateway โ to process your transactions securely
- Voucher API providers โ only the minimum data needed to fulfill your order (e.g., email for digital delivery)
- Law enforcement โ only when required by Indian law or court order
We do NOT sell your personal data to third parties for marketing purposes.
6. Data Storage & Security
Your data is stored on servers located in India, in compliance with data localization requirements. We implement industry-standard security measures including:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Hashed and salted passwords (never stored in plain text)
- Rate-limited APIs to prevent abuse
- UUID-based identifiers (non-sequential, non-guessable)
7. Data Retention
We retain your personal data for as long as your account is active. Transaction records are retained for a minimum of 8 years as required under Indian tax and accounting laws (GST Act). Server logs are retained for 180 days as required by CERT-In.
8. Your Rights (DPDP Act)
Under the DPDP Act 2023, you have the right to:
- Access โ Request a copy of your personal data
- Correction โ Request correction of inaccurate data
- Erasure โ Request deletion of your data (subject to legal retention requirements)
- Withdraw Consent โ Withdraw your consent at any time
- Grievance Redressal โ File a complaint with our Data Protection Officer
9. Data Breach Notification
In the event of a personal data breach, we will notify the Data Protection Board of India and affected users within 72 hours as mandated by the DPDP Act.
10. Children's Data
North India IT is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we discover that a minor has created an account, we will delete it immediately.
11. Contact & Data Protection Officer
For any privacy-related queries, data requests, or complaints, please contact our Data Protection Officer via our Contact page.