DPDP Act, 2023 — Compliance Statement
Last Updated: 20 April 2026
DPDP Act, 2023
This statement explains how Navya (“Navya”) complies with the Digital Personal Data Protection Act, 2023 (the “DPDP Act”). It complements our Privacy Policy and is intended to make our obligations and your rights as a Data Principal clear in plain language.
1. Roles
Navya is the Data Fiduciary for personal data we collect from you to operate the Service (the Navya website at navya.in and the Navya mobile apps on Google Play and the Apple App Store). You, the user, are the Data Principal. Our verification partners, payment processors, and cloud hosts act as our Data Processors under written agreements that bind them to the same standards we follow.
2. How we use your data
This statement explains how Navya (“Navya”) complies with the Digital Personal Data Protection Act, 2023 (the “DPDP Act”). It complements our Privacy Policy and is intended to make our obligations and your rights as a Data Principal clear in plain language.
3. Consent notice
At signup we present a clear notice (in English and Hindi at launch, with more Indian languages being added) describing the personal data we collect, the specific purpose for each item, and how you can exercise your rights. The notice also tells you how to contact our Data Protection Officer / Grievance Officer.
4. Your rights as a Data Principal — Sections 11–14
- Right to access a summary of your personal data and the processing activities we have undertaken with it.
- Right to correction, completion, updating, and erasure of your personal data.
- Right of grievance redressal through our Grievance Officer (response within 15 days; escalation to the Data Protection Board of India thereafter).
- Right to nominate another individual who shall, in the event of your death or incapacity, exercise these rights on your behalf.
To exercise any of these rights, write to info@navyasocial.in. We respond within 7 working days.
5. Your duties as a Data Principal — Section 15
You must not impersonate another person while providing data, suppress material information, register false complaints, or furnish false particulars. Breach of these duties may attract penalty under the DPDP Act.
6. Children's data — Section 9
Navya does not knowingly process the data of any individual under 18 years of age. We do not undertake any tracking, behavioural monitoring, or targeted advertising directed at children. See our Children's Safety Policy
7. Reasonable security safeguards — Section 8(5)
We implement appropriate technical and organisational measures to protect personal data: TLS 1.3 in transit, AES-256 at rest, role-based access controls, multi-factor authentication for internal access, periodic VAPT by CERT-In empanelled auditors, employee data-protection training, and a documented incident-response plan.
8. Breach notification — Section 8(6)
In the event of a personal data breach, we will notify the Data Protection Board of India and each affected Data Principal in the form and manner prescribed by the DPDP Rules. Where the breach also constitutes a cyber-security incident, we will additionally report to CERT-In within 6 hours.
9. Cross-border transfers — Section 16
We currently store all personal data on servers located in India (AWS Mumbai region). We do not transfer personal data outside India. Should we ever do so, transfers will be limited to countries not restricted by notification of the Central Government.
10. Retention and deletion — Section 8(7)
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law. See our Account & Data Deletion page for specific timeframes.
11. Grievance Officer / DPO contact
Priya Sharma · Grievance Officer
9/1, Snuff Mill Street, Kolkata 700056
Email: info@navyasocial.in· Phone: +91 8777048909
Hours: Monday – Friday, 10:00 – 18:00 IST
If a grievance is not resolved to your satisfaction within 15 days, you may complain to the Data Protection Board of India under Section 13(3) of the DPDP Act.