Demo Start 14 Days Free Trial
whatsapp-icon
⚙ Data Protection

India
Compliance Centre

How Teamtrace protects your personal data in accordance with India's Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025.

Actively Compliant
DPDP Rules 2025 Aligned
Phase III Ready by May 2027
Security & Compliance
AES-256 Encryption
TLS in Transit
AWS Mumbai (India)
DPDP Act 2023
colon

Teamtrace is compliant with India's Digital Personal Data Protection Act, 2023 to the extent currently enforceable under the phased implementation framework notified on 13 November 2025.

Teamtrace Technologies Inc. is committed to protecting the personal data of every individual who uses our platform. We have implemented a comprehensive data protection framework that includes explicit consent mechanisms, robust security safeguards, a designated Grievance Officer, transparent data retention policies, and a documented breach notification procedure — all aligned with the DPDP Act, 2023 and the DPDP Rules, 2025.

As a cloud-based workforce management platform serving businesses with teams in India, we act as both a Data Fiduciary (for direct users) and a Data Processor (for enterprise clients), and we meet the obligations applicable to each role.

Last Updated: 30 March 2026  |  Version 1.0

Your Rights as a

Under the DPDP Act, 2023, you have the following rights with respect to your personal data held by Teamtrace.

active

Section 11 | DPDP Act

Right to Access

Request a summary of the personal data we hold about you and confirmation of how it is being processed.

→ Email — we respond within 15 business days.

active

Section 12 | DPDP Act

Right to Correction

Request correction of any inaccurate or incomplete personal data we hold about you.

→ Email or update via account settings.

active

Section 12 | DPDP Act

Right to Erasure

Request deletion of your personal data when it is no longer necessary for the purpose it was collected, subject to legal retention requirements.

→ Email — processed within 15 business days.

active

Section 7 | DPDP Act

Right to Withdraw Consent

Withdraw your consent for data processing at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

→ Via account settings or email .

active

Section 13 | DPDP Act

Right to Grievance Redressal

File a grievance with our designated Grievance Officer. If unresolved within 15 business days, you may escalate to the Data Protection Board of India (DPBI).

→ Contact our Grievance Officer — see details below.

coming soon

Section 14 | DPDP Act

Right to Nominate

Nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity.

→ Nomination facility to be implemented by May 2027.

Data

We retain your personal data only for as long as necessary. Below are the specific retention periods for each category of data.

Data Category Retention Period Basis
Historical Data
Sprint records, task IDs, project info, timestamps 		Up to 10 years
Auto-deleted at expiry 		Legal / regulatory / business obligation
Personal Information (PII)
Name, email, phone, address 		While in active use
Or as required by law / contract 		Contract / legal obligation
Usage Data
App interactions, feature usage, analytics 		Shorter period
Based on security / product / legal need 		Legitimate use – product improvement
Inactive Account Data 12 months inactivity
30-day email notice before deletion 		Data minimisation
Legal Obligation Data
Tax records, audit trails, contractual data 		As required by law
Securely deleted at expiry 		Statutory obligation
Backup Data 30 days rolling Disaster recovery

To request deletion of your data, email with subject line "Right to Erasure Request".

Security

We implement industry-standard technical and organizational measures to protect your personal data at every stage.

AES-256 Encryption at Rest

All PII is encrypted at rest using AES-256.

256-bit TLS in Transit

Every communication between our app, website, and backend is encrypted using 256-bit TLS encryption.

Role-Based Access Control

Access to personal data is strictly limited to authorized personnel on a need-to-know basis with role-based authentication.

Activity Logging

All access to and modifications of personal data are logged and monitored for audit and incident investigation.

Periodic Security Audits

Regular vulnerability assessments and penetration testing to identify and remediate potential risks proactively.

AWS Mumbai (India) Hosting

Primary data hosted on AWS ap-south-1 (Mumbai), keeping Indian user data within India by default.

Grievance Officer

If you have any concern about how your personal data is handled by Teamtrace, you can contact our designated Grievance Officer. We are committed to resolving all privacy-related complaints promptly and fairly.

If your grievance is not resolved to your satisfaction within 15 business days, you have the right to escalate it to the Data Protection Board of India (DPBI).

Role

Privacy Compliance Officer / Grievance Officer

Contact Email

anjishnu@codelogicx.com

Acknowledgement

Within 48 hours of receipt

Resolution Timeline

Within 15 business days

Escalation Path

If unresolved after 15 business days, you may escalate your complaint to the Data Protection Board of India (DPBI) via their official digital portal.

Our

The DPDP Act is being implemented in phases. Here is where Teamtrace stands and what we are working towards.

switch-image
switch-image
switch-image
switch-image
switch-image

  • Phase 0 — Completed

    Foundation Built

    Compliance framework document created, Privacy Policy published, Grievance Officer designated, security infrastructure (AES-256, TLS, RBAC, activity logging) implemented, breach notification process documented.

    March 2026

    switch-image

  • Phase I & II — In Progress

    DPBI Registration & Consent Updates

    Registering on DPBI portal, updating Privacy Policy with affirmative consent language, adding DPBI escalation path, naming Grievance Officer, clarifying usage data retention periods, disclosing Stealth Mode monitoring.

    Nov 2025 - mid 2026

    switch-image

  • Phase III — Planned

    Full DPDP Act Compliance

    Data Protection Officer (DPO) appointed, Right to Nominate facility live, multilingual Privacy Notice (22 Indian languages), annual DPIA conducted, independent audit completed, sub-processor contracts fully aligned.

    By 13 May 2027

    switch-image

Data Transfers &

We are transparent about where your data is stored and how it is protected when transferred.

India - Primary Storage

Your data is primarily stored on AWS Mumbai (ap-south-1), keeping it within India.

Canada - Head Office

Business operations and support functions. Internal data handling policies and contractual safeguards apply to all data processed here.

Third-Party Processors

All sub-processors are bound by Data Processing Agreements requiring equivalent data protection standards.

No Restricted Countries

We do not transfer data to any country on the DPDP Act's restricted list. We actively monitor government notifications and will update our practices immediately if any destination is added.