DPDP Compliance Statement

1. Our role under the DPDP Act

The Digital Personal Data Protection Act, 2023 ("DPDP Act") governs the processing of digital personal data in India. Under the Act, Parakeeet AI Pvt Ltd typically operates as a Data Processor on behalf of our clients (Data Fiduciaries) — processing personal data only on documented instructions through our Data Processing Agreement.

Where Parakeeet directly collects personal data (e.g. discovery-call inquiries from parakeeet.com), we operate as the Data Fiduciary for that data and process it per our Privacy Policy.

2. Principles we apply

Lawful purpose — we process personal data only for the specific purposes stated in our agreement with you and consented to by the relevant individual.

Data minimisation — we collect only the data needed to deliver the agreed service. Where we can deliver outcomes with less data, we do.

Accuracy — we maintain processes to keep personal data accurate and to correct it when notified of errors.

Storage limitation — we retain personal data only as long as required for the agreed purpose or legal obligation.

Security — we apply technical and organisational measures appropriate to the sensitivity of the data, including encryption in transit and at rest, role-based access, audit logging, and infrastructure isolation.

Accountability — we maintain documentation of our processing activities and can produce it on reasonable request.

3. Data Principal rights

Individuals whose personal data we process ("Data Principals" under the Act) have the following rights:

Right to access — to know what data we hold about them and how it is used.

Right to correction and erasure — to have inaccurate data corrected or, where appropriate, deleted.

Right to grievance redressal — to raise concerns about our data handling and receive a timely response.

Right to nominate — to nominate another individual to exercise these rights in the event of incapacity or death.

When we act as Data Processor for a client, we route Data Principal requests to the relevant client (Data Fiduciary) and support their response.

To exercise any right directly, email founders@parakeeet.com with the subject line "DPDP Request".

4. Data Processing Agreement

We sign a Data Processing Agreement (DPA) with every client at engagement onboarding. The DPA specifies: scope of processing, categories of personal data, retention, security measures, sub-processor list, breach notification obligations, and data-return / deletion procedures on termination.

Standard DPA template is available on request before contracting.

5. Sub-processors

We use a limited set of third-party sub-processors to deliver our services — cloud infrastructure, communication APIs, integration platforms. Our current sub-processor list is provided to active clients on request and updated as it changes. Changes that affect the security or location of your data are notified in advance.

6. Cross-border transfers

Most processing occurs within India. Where data flows to sub-processors outside India (typically cloud infrastructure providers), we ensure: (a) the destination is permitted under the DPDP Act; and (b) appropriate contractual safeguards are in place.

7. Breach notification

In the event of a personal data breach, we notify the affected Data Fiduciary (client) without undue delay and, where required by the DPDP Act, support timely notification to the Data Protection Board of India and to affected Data Principals.

8. Grievance officer

We have designated a grievance officer to handle DPDP-related queries and complaints. Email founders@parakeeet.com with the subject line "DPDP Grievance" and we will acknowledge within 7 business days and respond substantively within 30 days.

9. Updates

As DPDP Act implementation rules and Data Protection Board guidance evolve, we update this statement to reflect changes in our practices. The "Last updated" date at the top reflects the current version.