DynoConsole — Privacy Policy
Effective Date: 23 May 2026 Last Updated: 23 May 2026 Version: 1.0
This Privacy Policy describes how Serverless Creed ("ServerlessCreed", "we", "us", or "our") — a sole proprietorship organized under the laws of India, operating under GSTIN 27FZZPS3310E1ZX, with principal place of business at Khetwadi-11, Mumbai, India — collects, uses, shares, and protects personal information in connection with the DynoConsole desktop application, the website at https://dynoconsole.com, and related services (collectively, the "Services").
For the avoidance of doubt and for purposes of statutory disclosure under Indian law, Serverless Creed is the registered trade name of a sole proprietorship of which Mr. Vidit Jinesh Shah is the proprietor. The proprietor is the natural person who is the Data Fiduciary under the Digital Personal Data Protection Act, 2023, acting through the business known as Serverless Creed.
This Policy is intended to comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 of India, and to provide additional rights commonly granted to users in other jurisdictions (such as the EU/UK GDPR). It is incorporated by reference into the Terms and Conditions.
By using the Services, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Services.
1. Summary in Plain English
Before the legal detail, here is what matters most:
- DynoConsole runs locally on your computer. Your AWS credentials, DynamoDB item contents, table data, schemas, and other AWS data are sent directly from your machine to AWS using credentials you provide. They are not routed through, stored on, or accessible to ServerlessCreed's servers.
- We collect only the minimum personal information needed to operate the Services: your email and authentication identity (via our identity provider, Clerk), a machine identifier (to enforce the per-License device limit and prevent abuse), payment information (handled by our payment processor DODO Payments — we do not store card numbers), and optional, opt-out diagnostics.
- We use Twitter (X) Ads conversion tracking on our website to measure marketing performance.
- We do not sell your personal information.
- You have rights — including access, correction, and erasure — that you can exercise by emailing vidit@serverlesscreed.com.
The rest of this Policy provides the legal detail.
2. Definitions
For purposes of this Policy:
2.1 "Personal Information" or "Personal Data" means any information that relates to an identified or identifiable natural person, as defined under applicable data-protection law (including "personal data" under the DPDP Act).
2.2 "Data Principal" means the natural person to whom Personal Information relates (referred to as "you" or "your" in this Policy). This term is used in the sense given under the DPDP Act and is broadly equivalent to a "data subject" under GDPR.
2.3 "Data Fiduciary" means the entity that determines the purpose and means of processing Personal Information. ServerlessCreed is the Data Fiduciary for Personal Information processed in connection with the Services. This term is broadly equivalent to a "data controller" under GDPR.
2.4 "Data Processor" means a third party that processes Personal Information on behalf of the Data Fiduciary.
2.5 "Processing" means any operation performed on Personal Information, including collection, storage, use, disclosure, alteration, and erasure.
2.6 "Customer Content" means data accessed, viewed, modified, created, queried, imported, or exported by you using DynoConsole in connection with your own AWS account (including DynamoDB item contents, attribute values, table listings, schemas, indexes, stream records, and AWS credentials). Customer Content is not Personal Information of ServerlessCreed for purposes of this Policy; you are the data fiduciary/controller of Customer Content.
3. Scope
3.1 This Policy applies to:
(a) the DynoConsole desktop application distributed by ServerlessCreed; (b) the website at https://dynoconsole.com and any subdomains; and (c) related sales, billing, licensing, and support interactions you have with us.
3.2 This Policy does not apply to:
(a) Amazon Web Services (AWS), which is operated independently by Amazon Web Services, Inc. Your use of AWS is governed by AWS's own privacy notices and your agreement with AWS. (b) Third-party services linked from the Services (e.g., Clerk, DODO Payments, Resend, Twitter/X). These services have their own privacy policies, which you should review. (c) Customer Content, which you control and which does not pass through our infrastructure.
4. Information We Collect
We collect Personal Information in three ways: (a) you provide it directly, (b) it is collected automatically when you use the Services, and (c) we receive it from third parties (e.g., identity providers, payment processors).
4.1 Information You Provide
(a) Account and authentication information. When you sign up or sign in to your DynoConsole account through our identity provider, Clerk, we (and Clerk) collect:
- Email address
- Name (if provided)
- Profile picture (if provided)
- Authentication metadata, including OAuth provider identifiers if you sign in via Google, GitHub, or a similar provider
- Acceptance status of our legal documents (Terms, Privacy Policy, EULA) and the version accepted
(b) License and purchase information. When you start a free trial, purchase a Subscription, or purchase a Lifetime License, we collect:
- License Key (generated by us and tied to your Account)
- Plan type (Trial, monthly, yearly, Lifetime)
- Purchase, renewal, and cancellation history
- The number of machines associated with your License
(c) Payment information. When you make a purchase, payment information (card number, billing address, transaction details) is collected and processed by our payment processor, DODO Payments. We do not store full card numbers or CVV on our systems. We retain only the transaction reference, the amount, the currency, and a partial card identifier (e.g., last 4 digits and brand) as needed for invoicing, refund processing, and accounting.
(d) Support communications. When you contact us by email or other channels, we receive any information you choose to provide, including your name, email, the content of your message, and any attachments.
(e) Feedback and surveys. If you voluntarily participate in surveys, beta programs, or product feedback, we receive the responses you provide.
4.2 Information Collected Automatically
(a) License validation telemetry. Each time the Software validates your License Key against our licensing servers, we collect:
- License Key identifier
- Email address associated with the License
- A machine identifier (a one-way derived identifier — such as a hash of selected hardware and OS characteristics — used to enforce the per-License device limit and prevent abuse). The machine identifier is not a globally unique device ID and does not by itself identify you outside our system.
- IP address of the request
- Operating system, OS version, and Software version
- Timestamp of the request
(b) Update checks. The Software periodically checks for updates. These checks send the current Software version, OS, and locale to our update servers.
(c) Crash and error diagnostics (optional). If enabled, the Software may transmit crash reports and diagnostic data (stack traces, system metadata, anonymous session identifier) to help us identify and fix bugs. You can disable this in the Software's settings.
(d) Usage analytics (optional). If enabled, the Software may transmit anonymized usage analytics (e.g., which features are used, button clicks, screen views) to help us improve the product. Analytics events do not include Customer Content. You can disable this in the Software's settings.
(e) Website analytics and advertising. When you visit https://dynoconsole.com, we use the Twitter (X) Ads conversion pixel to measure the effectiveness of our marketing (for example, when you complete a download). This may include information about your visit and actions for attribution purposes. We may additionally use privacy-conscious analytics (such as page-view counts, referrer, country-level location, browser type) to understand site traffic.
4.3 Information We Receive from Third Parties
(a) Identity provider data (Clerk). When you sign in via Clerk, we receive your authentication identity (Clerk user ID) and the subset of profile information (typically email, name, profile picture, and verified OAuth identifiers) that Clerk shares with us per your authorization with the underlying provider.
(b) Payment processor data (DODO Payments). Our payment processor confirms the success or failure of transactions and provides a transaction reference, a partial card identifier, the billing country, and the amount. Subscription lifecycle events (creation, renewal, cancellation, refund) are also relayed to us.
(c) Advertising platforms. Twitter (X) Ads may share aggregated, anonymized conversion data attributable to our advertising campaigns.
4.4 Information We Do Not Collect
To be explicit, the following Customer Content is NOT collected, transmitted to, or stored by ServerlessCreed:
- The contents of DynamoDB items, attribute values, or projection expressions in your AWS account.
- Table listings, table schemas, key schemas, index definitions, or stream records from your AWS account (beyond what you may voluntarily include in support communications).
- AWS access keys, secret keys, session tokens, SSO tokens, IAM Roles Anywhere credentials, or other AWS credentials.
- IAM role names, IAM policies, or account-level AWS configuration.
- Other AWS service data accessed through the Software within your account.
AWS credentials are resolved on your device through the standard AWS credential chain (e.g., shared credentials file, environment variables, SSO cache) and, where additionally stored by the Software, using operating-system-provided secure storage (such as the macOS Keychain, Windows Credential Manager, or Linux secret-service) where available. AWS API calls made by the Software go directly from your device to AWS, not through ServerlessCreed's servers.
4.5 AI-Assisted Features
Where the Software offers AI-assisted features (such as SDK code generation), prompts sent to AI providers may include schema descriptions, attribute names, or example expressions that you explicitly elect to share. We do not send AWS credentials or full item contents to AI providers unless you explicitly elect to include them. The Software's settings describe which AI providers are available and how to disable AI features.
5. How We Use Your Information
We process Personal Information for the following purposes. Under the Digital Personal Data Protection Act, 2023, processing is lawful only on the basis of (a) your consent under Section 6, or (b) "certain legitimate uses" enumerated in Section 7 of the Act. The Act does not recognize the GDPR concepts of "performance of contract" or "legitimate interests" as standalone bases.
For each purpose below, the DPDP basis column identifies whether we rely on consent (§6) or a legitimate use (§7), with the specific clause of §7 cited where relevant. Where additional jurisdictional bases apply (e.g., for users in the EEA/UK/California), those are addressed in Section 16.
| Purpose | Categories Used | DPDP Basis (India) |
|---|---|---|
| Provide, operate, and maintain the Services you signed up for | Email, Clerk user ID, License Key, machine identifier, IP, OS, Software version | Consent (§6) for sign-up; and §7(a) — data voluntarily provided for the specified purpose of obtaining the Services |
| Authenticate you and keep your session secure (via Clerk) | Email, Clerk user ID, OAuth identifiers, session cookies | Consent (§6) given at sign-in; and §7(a) — for the specified purpose of authentication |
| Process payments and prevent fraud (via DODO Payments) | Email, payment metadata, transaction history, IP, billing country | §7(g) — compliance with applicable law (Income Tax Act, GST law, anti-money-laundering rules); and consent (§6) for the underlying transaction |
| Validate license activations and enforce the per-License device limit | Email, License Key, machine identifier, IP | Consent (§6) given at the time of License acceptance; and §7(a) — for the specified purpose of license enforcement |
| Deliver transactional emails (license keys, receipts, security advisories) via Resend | §7(a) — voluntarily provided for the purpose of receiving the Services; transactional communications inherent to the License relationship | |
| Provide customer support and respond to enquiries you initiate | Email, support message content | §7(a) — data voluntarily provided for the specified purpose of receiving support; consent (§6) for any sensitive information you choose to share |
| Measure marketing performance and conversions on our website (via Twitter/X Ads) | Visit metadata, conversion events, hashed identifiers | Consent (§6) — subject to the cookie notice on our website, where required |
| Improve product quality through diagnostics and usage analytics (only if you have not opted out) | Crash data, anonymous usage events, OS, Software version | Consent (§6) — opt-out architecture; consent is deemed withdrawn upon disabling in Settings |
| Comply with legal obligations (e.g., tax, accounting, anti-money-laundering, court orders, regulatory requests) | Email, billing details, transaction history | §7(g) — compliance with any law in force in India |
| Defend, investigate, and resolve disputes; enforce our Terms and Conditions and EULA | All categories as relevant | §7(i) — purposes connected with employment, or the exercise or defence of legal claims (read with the residual statutory power to process for lawful purposes) |
We do not:
- Sell Personal Information.
- Rent or lease Personal Information.
- Use Personal Information for cross-context behavioral profiling beyond the website conversion tracking described above.
- Process Personal Information through automated decision-making with legal or similarly significant effects on you.
6. How We Share Personal Information
We share Personal Information only with the categories of recipients below, and only as necessary for the purposes described in Section 5.
6.1 Service Providers (Data Processors)
We engage third-party service providers to operate the Services. These providers process Personal Information on our behalf under contracts that require them to protect it and use it only for the purposes we specify. Current providers include:
- Clerk — authentication and account management. Sign-in, session, and profile data are processed by Clerk in accordance with their privacy policy.
- DODO Payments — payment processing. Card data is processed by DODO under PCI-DSS standards; we do not have access to full card numbers.
- Resend — transactional email delivery (license keys, receipts, security advisories, support replies).
- Amazon Web Services (AWS) — we host our licensing backend, account data, and update servers in AWS, primarily in Amazon DynamoDB and related services in our own AWS account. Data may be processed in AWS regions both inside and outside India.
- Twitter (X) Ads — receives conversion and visit data from our website for advertising attribution. Subject to Twitter/X's own privacy practices.
- Optional error and crash reporting providers — receive diagnostic data only when you have not opted out.
- Optional analytics providers — receive anonymized usage data only when you have not opted out.
We periodically review service providers for compliance with applicable data-protection law.
6.2 Legal and Regulatory Disclosures
We may disclose Personal Information when we believe in good faith that disclosure is required to:
(a) comply with applicable law, regulation, legal process, or governmental request (including from authorities in India under the DPDP Act, the IT Act, or court orders); (b) enforce our Terms and Conditions or other agreements; (c) detect, prevent, or address fraud, security incidents, or technical issues; or (d) protect the rights, property, or safety of ServerlessCreed, our users, or the public.
Where legally permitted, we will notify you before such disclosure and give you a reasonable opportunity to challenge it.
6.3 Business Transfers
If ServerlessCreed (or substantially all of its assets relating to the Services) is acquired, merged with another entity, or undergoes a bankruptcy or similar proceeding, Personal Information may be transferred to the successor entity. We will give you reasonable notice — by email or via the Services — before Personal Information becomes subject to a different privacy policy.
6.4 With Your Consent
We may share Personal Information with third parties when you have specifically consented to such sharing.
6.5 No Sale of Personal Information
We do not sell, rent, or otherwise commercially trade Personal Information.
7. International Data Transfers
7.1 Because we use cloud infrastructure (such as AWS) and service providers (such as Clerk, DODO Payments, Resend, and Twitter/X) that may operate outside India, your Personal Information may be transferred to, processed in, and stored in countries other than the country in which you reside.
7.2 Where required by Section 16 of the DPDP Act, we will only transfer Personal Information to countries not restricted by the Central Government, and we will rely on appropriate safeguards (such as contractual commitments with our service providers).
7.3 If you are in the European Economic Area (EEA) or the United Kingdom, transfers outside the EEA/UK are made on the basis of (a) European Commission / UK adequacy decisions, where available; (b) Standard Contractual Clauses; or (c) other legally recognized transfer mechanisms.
8. Data Retention
We retain Personal Information only for as long as necessary for the purposes set out in this Policy, after which we securely delete or anonymize it. Specific retention periods include:
| Category | Retention Period |
|---|---|
| Active Subscription, Lifetime License, and account data | For the life of the License plus seven (7) years for tax/accounting compliance |
| Payment transaction records | Seven (7) years (Indian tax and accounting requirements) |
| Support communications | Up to three (3) years after the last contact, unless we are required to retain longer |
| Crash and diagnostic data | Up to thirteen (13) months in identifiable form, then anonymized or deleted |
| Usage analytics | Anonymized at collection; aggregate analytics retained without identifiability |
| Website advertising / conversion data | As retained by Twitter/X under its own retention policies; we retain only aggregate reporting |
| Backups | Up to ninety (90) days beyond the primary retention period |
If you request deletion of your data under Section 10 below, we will delete or anonymize within thirty (30) days, except where retention is required by law (e.g., tax records, fraud-prevention obligations).
9. Data Security
9.1 We implement reasonable technical and organizational measures to protect Personal Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, including:
- Encryption of data in transit (HTTPS/TLS) for all communications with our servers.
- Encryption of payment data at the payment processor's end (PCI-DSS compliant via DODO Payments).
- Storage of AWS credentials locally on your device using the AWS credential chain and OS-level secure storage where available; AWS credentials never leave your machine.
- Access controls and least-privilege principles for ServerlessCreed staff and AWS IAM roles.
- Periodic review of third-party processors.
9.2 No method of transmission or storage is perfectly secure. While we strive to protect Personal Information, we cannot guarantee absolute security. You play an important role too: keep your License Key, Account credentials, and AWS credentials confidential, and use strong device-level security (passwords, full-disk encryption, lock screen, etc.).
9.3 Breach notification. In the event of a personal data breach that is likely to result in harm to you, we will notify you and the Data Protection Board of India (or other appropriate authority) as required by the DPDP Act and other applicable law.
10. Your Rights and Choices
Subject to applicable law, you have the following rights with respect to your Personal Information. Many of these are explicitly granted under the DPDP Act; if you are in another jurisdiction, equivalent rights may apply under your local law (e.g., GDPR, CCPA).
10.1 Rights under the DPDP Act, 2023
(a) Right to access information (Section 11) — request confirmation of, and a summary of, the Personal Information we process about you.
(b) Right to correction and erasure (Section 12) — request correction of inaccurate or incomplete data, or erasure of Personal Information that is no longer necessary for the purposes for which it was collected (subject to legal-retention exceptions).
(c) Right to grievance redressal (Section 13) — file a grievance with our Grievance Officer (see Section 14) and receive a response within a reasonable time.
(d) Right to nominate (Section 14) — nominate another natural person to exercise your rights under the DPDP Act in the event of your death or incapacity. To exercise this, contact us in writing.
(e) Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal, and may limit our ability to provide the Services.
10.2 Additional Choices
(a) Opt out of diagnostics and analytics — disable crash reporting and usage analytics in the Software's settings.
(b) Opt out of advertising conversion tracking — manage tracking preferences via your browser, the cookie banner on our website (where applicable), and Twitter/X's privacy controls.
(c) Marketing emails — we do not send promotional emails by default. Transactional emails (License Key delivery, billing receipts, security advisories, legal-document updates, expiry reminders) are part of the Services and cannot be opted out of while you have an active relationship with us.
(d) Cancel your Subscription and request deletion — see Section 22 of the Terms and email vidit@serverlesscreed.com to request account closure and data deletion.
10.3 How to Exercise Your Rights
Send your request to vidit@serverlesscreed.com with sufficient detail for us to verify your identity (typically the email associated with your Account). We may request additional verification if the request appears suspicious. We will respond within the timeframes required by applicable law (generally within thirty (30) days under the DPDP Act and GDPR).
10.4 No Discrimination
We will not discriminate against you for exercising any of your privacy rights. However, certain rights (such as deletion of licensing data) may necessarily affect your ability to continue using the Services.
11. Cookies and Similar Technologies
11.1 Desktop application. DynoConsole is a desktop application and does not use HTTP cookies in the conventional web sense. The Software stores configuration data, preferences, License Keys, and (where applicable) credentials in local files and operating-system-provided secure storage on your device. AWS credentials are read from your AWS credential chain.
11.2 Website. The website https://dynoconsole.com may use a set of cookies, local storage, and similar technologies, including:
- Strictly necessary cookies — required for the website to function (e.g., session, security).
- Authentication cookies (Clerk) — set by our identity provider to keep you signed in.
- Preference cookies — remember your settings (e.g., theme).
- Advertising / conversion cookies (Twitter/X Ads) — used to attribute conversions (e.g., downloads) to our advertising campaigns. Subject to your consent where required by law.
- Analytics cookies (optional) — anonymized aggregate visit statistics.
You can manage cookies through your browser settings, through any cookie banner provided on the website, and through Twitter/X's privacy options. Disabling certain cookies may affect website functionality or your ability to stay signed in.
12. Children's Privacy
12.1 Not directed at children. The Services are not intended for, marketed to, or directed at children. For the purposes of this Section, a "child" means a person who has not completed eighteen (18) years of age, in line with the definition under the Digital Personal Data Protection Act, 2023 ("DPDP Act"). We do not knowingly collect Personal Information from children.
12.2 Verifiable parental consent (DPDP Act §9(1)). Where we become aware that we are about to process the Personal Information of a child, we will obtain verifiable consent from the parent or lawful guardian before doing so, in such manner as may be prescribed by the rules made under the DPDP Act. We will not process a child's Personal Information without such consent, except as expressly permitted by the Act or the rules thereunder.
12.3 Statutory prohibitions (DPDP Act §9(3)). We do not, and will not, with respect to children:
(a) undertake processing of Personal Information that is likely to cause any detrimental effect on the well-being of a child; (b) engage in tracking or behavioural monitoring of children; or (c) engage in targeted advertising directed at children.
These prohibitions apply irrespective of whether the parent has consented to other processing.
12.4 Discovery and deletion. If we become aware that we have collected Personal Information from a child without the required verifiable parental consent, we will delete that information promptly and take reasonable steps to prevent further such collection. If you believe we have collected Personal Information from a child, please contact us at vidit@serverlesscreed.com and we will investigate and act within thirty (30) days.
12.5 Persons with disabilities. Where we process the Personal Information of a person with disability who has a lawful guardian, we will obtain consent of the lawful guardian in the manner prescribed under the DPDP Act.
13. Third-Party Links and Services
13.1 The Services may contain links to third-party websites, services, or content (including the AWS console, AWS documentation, Clerk hosted pages, DODO Payments checkout, and Twitter/X). We are not responsible for the privacy practices of those third parties.
13.2 In particular, your use of Amazon Web Services is governed by the AWS Customer Agreement and the AWS Privacy Notice. ServerlessCreed has no control over how AWS processes your data.
13.3 Before providing Personal Information to any third party reached through the Services, please review that party's privacy practices.
14. Grievance Officer
In accordance with Rule 5 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and Sections 8(10) and 13 of the DPDP Act, 2023, we have appointed a Grievance Officer to address concerns and complaints regarding the processing of your Personal Information.
- Name: Vidit Jinesh Shah
- Designation: Proprietor and Grievance Officer
- Email: vidit@serverlesscreed.com
- Postal Address: Khetwadi-11, Mumbai, India
We will:
- acknowledge receipt of your grievance within seven (7) business days;
- resolve the grievance within thirty (30) days of receipt, in line with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the expectations under the DPDP Act, 2023; and
- inform you in writing of the outcome, including the steps taken and any further options available to you.
If we require additional information or time to investigate a complex grievance, we will communicate this to you before the 30-day period expires and provide a revised timeline.
If you are not satisfied with our response, you may approach the Data Protection Board of India (once established under the DPDP Act) or any other competent regulatory authority. Indian users may also approach the appropriate Consumer Disputes Redressal Commission under the Consumer Protection Act, 2019, where applicable.
15. Changes to this Privacy Policy
15.1 We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. The "Last Updated" date at the top of this Policy indicates when it was most recently revised.
15.2 If we make material changes that affect how we process your Personal Information, we will notify you by email (to the address on file) or through a prominent notice in the Software or on our website, at least thirty (30) days before the change takes effect, except where a shorter notice period is required by law.
15.3 Your continued use of the Services after a change takes effect constitutes acceptance of the updated Policy.
16. Jurisdiction-Specific Notices
16.1 India (DPDP Act, 2023)
This Policy is intended to be read consistently with the DPDP Act. For purposes of the DPDP Act:
- Data Fiduciary: Serverless Creed (the sole proprietorship of Mr. Vidit Jinesh Shah).
- Grievance Officer: See Section 14.
- Significant Data Fiduciary status: We are not currently designated as a Significant Data Fiduciary under Section 10 of the DPDP Act. If that changes, we will appoint a Data Protection Officer and update this Policy.
16.2 European Economic Area / United Kingdom (GDPR / UK GDPR)
If you are in the EEA or the UK, you have additional rights under the GDPR / UK GDPR, including the rights to data portability and to lodge a complaint with your local supervisory authority. You may also object to processing based on legitimate interests. We do not currently have an EU/UK representative; if you require one for the exercise of your rights, please contact us, and we will work in good faith to facilitate.
16.3 California (CCPA / CPRA)
If you are a California resident, you have the right to know what categories of Personal Information we collect, to request deletion, to correct inaccurate information, and to opt out of "sale" or "sharing" of Personal Information. We do not "sell" Personal Information as defined under the CCPA/CPRA. We do use the Twitter (X) Ads conversion pixel on our website, which under certain CCPA/CPRA interpretations may constitute "sharing" for cross-context behavioral advertising; you may opt out of such sharing by managing cookie preferences and by emailing vidit@serverlesscreed.com.
17. Contact Us
For any questions, requests, or complaints regarding this Privacy Policy or our processing of your Personal Information:
- Email (General, Support, Privacy, and Grievance): vidit@serverlesscreed.com
- Postal Address: Khetwadi-11, Mumbai, India
- Website: https://dynoconsole.com
- GSTIN: 27FZZPS3310E1ZX
Note on legal review. This Privacy Policy is drafted to align with the Digital Personal Data Protection Act, 2023, the IT Act, 2000 and rules thereunder, and common international privacy regimes (GDPR, CCPA). Before publication, it should be reviewed and signed off by qualified Indian legal counsel — in particular for: alignment with the DPDP Rules once notified, accuracy of retention periods against your actual data-handling practices, alignment with the specific service providers you engage (Clerk, DODO Payments, Resend, Twitter/X Ads), and accuracy of the cross-border transfer language against any future Central Government notifications restricting destination countries.