🇮🇳

Digital Personal Data Protection Act 2023

Privacy Policy for India Residents

Last Updated: July 3, 2026

For India Residents

This page outlines your data protection rights under India's Digital Personal Data Protection Act 2023 (DPDP Act), which came into force to protect the digital personal data of Indian citizens.

Not in India? See regional privacy rights for EU (GDPR), California (CPRA), or other locations.

What is the DPDP Act?

The Digital Personal Data Protection Act 2023 is India's comprehensive data protection law that regulates the processing of digital personal data. It establishes the rights of individuals (Data Principals) and the obligations of organizations (Data Fiduciaries) that process personal data.

LevoroFit as Data Fiduciary

Under the DPDP Act, LevoroFit acts as a Data Fiduciary - an entity that determines the purpose and means of processing your personal data.

You are the Data Principal - the individual whose personal data is being processed. This policy explains your rights and our obligations.

Does DPDP Act Apply to Me?

DPDP Act protections apply to you if:

  • You are a citizen of India or resident of India
  • Your personal data is processed in digital form by LevoroFit

Consent-Based Processing

Your Consent is Required

Under the DPDP Act, we can only process your personal data after obtaining your free, specific, informed, unconditional, and unambiguous consent.

You can withdraw your consent at any time through your account settings.

Personal Data We Collect

We collect the following categories of personal data with your consent:

1. Account & Contact Information

What we collect: Name, email address, phone number, username

Purpose: Account creation, authentication, communication

Legal basis: Consent for providing services (Section 6)

2. Health & Wellness Data (Sensitive Personal Data)

Sensitive Data - Explicit Consent Required

Health data is classified as sensitive personal data under DPDP Act. We obtain explicit consent before collection.

What we collect (with explicit consent): Weight, height, body measurements, sleep patterns, dietary preferences, exercise habits, water intake, age, gender

Purpose: Nutrition coaching, meal planning, fitness tracking, wellness recommendations

Shared with: Your chosen wellness professional (nutritionist, coach)

3. Financial Information

What we collect: Subscription plan details, payment transaction records

Purpose: Billing, subscription management

Note: Payment card details are processed directly by Razorpay/Stripe (payment processors)

4. Technical Data

What we collect: IP address, device information, browser type, usage logs

Purpose: Security monitoring, fraud prevention, service improvement

Legal basis: Legitimate purposes (security and fraud prevention)

Your Rights as Data Principal

Under the DPDP Act, you have the following rights:

1. Right to Access (Section 11)

You have the right to obtain confirmation whether we are processing your personal data and access a summary of such processing activities.

How to exercise: Email privacy@levorofit.com or use "Export My Data" in account settings.

2. Right to Correction (Section 12)

You can request correction, completion, or updating of your personal data if it is inaccurate or incomplete.

How to exercise: Update information directly in account settings or email privacy@levorofit.com.

3. Right to Erasure (Section 13)

You can request deletion of your personal data when consent is withdrawn or processing is no longer necessary.

How to exercise: Use "Delete My Account" in settings or email privacy@levorofit.com.

Processing time: We will process deletion requests within 30 days. Data is purged within 180 days after account deletion.

4. Right to Data Portability

You can request your personal data in a structured, commonly used, and machine-readable format (JSON).

How to exercise: Use "Export My Data" feature in account settings.

5. Right to Withdraw Consent

You can withdraw your consent for processing personal data at any time, with the same ease as giving consent.

How to exercise: Go to Settings → Privacy → Manage Consent or email privacy@levorofit.com.

6. Right to Nominate

You can nominate another person to exercise your rights in case of death or incapacity.

How to exercise: Email privacy@levorofit.com with nomination details.

7. Right to Grievance Redressal

You can file a grievance regarding processing of your personal data.

How to exercise: Email privacy@levorofit.com. We will respond within 30 days.

Data Localization & Storage

Your Data Stays in India

In compliance with DPDP Act data localization requirements, personal data of Indian residents is stored within India.

Data Center Location: Google Cloud Platform - asia-south1 (Mumbai, India)

Security: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).

Cross-Border Data Transfer

Under certain circumstances, we may transfer your personal data outside India to service providers:

Service ProviderLocationPurposeSafeguards
Google CloudIndia (primary)Data storage, hostingDPA signed, ISO 27001
SendGrid (Twilio)USAEmail deliveryDPA signed, encryption
RazorpayIndiaPayment processingPCI-DSS compliant

All cross-border transfers are conducted with adequate safeguards including Data Processing Agreements (DPAs), standard contractual clauses, and encryption.

Data Retention Period

  • Active accounts: Data retained while your account is active and you continue using our services
  • Deleted accounts: Personal data purged within 180 days of account deletion request
  • Financial records: Retained for 7 years (Indian tax law and accounting standards requirement)
  • Audit logs: Retained for 1 year for security and compliance purposes
  • Consent records: Retained for 7 years after consent withdrawal (legal obligation)

Security Measures (Section 8)

As a Data Fiduciary, we implement reasonable security safeguards to protect your personal data:

Technical Measures

  • • TLS 1.2+ encryption in transit
  • • AES-256 encryption at rest
  • • Secure password hashing (scrypt)
  • • Regular security audits

Organizational Measures

  • • Role-based access controls
  • • Employee training on data protection
  • • Access logging and monitoring
  • • Incident response procedures

Data Breach Notification (Section 9)

In Case of Data Breach

If we experience a data breach that affects your personal data, we will:

  • • Notify the Data Protection Board of India immediately
  • • Notify you (the affected Data Principal) without undue delay
  • • Provide details about the nature of the breach, categories of data affected, and remedial measures taken
  • • Offer guidance on protective steps you can take

Children's Data (Section 7)

Minimum Age: 18 Years

LevoroFit is not intended for children below 18 years of age. We do not knowingly collect or process personal data of children without verifiable parental consent.

If we learn that we've collected data from a child without proper consent, we will delete it immediately.

Grievance Redressal Officer

In compliance with Section 14 of the DPDP Act, we have appointed a Grievance Redressal Officer to address your complaints regarding processing of your personal data.

Name: Privacy & Data Protection Team

Email: privacy@levorofit.com

Phone: +91 94748 32695

Address: Dwarka, New Delhi, India

Response Time: We will acknowledge your complaint within 7 days and resolve it within 30 days.

Right to Approach Data Protection Board

If you are not satisfied with the resolution of your grievance, you have the right to file a complaint with the Data Protection Board of India.

Data Protection Board of India

The Data Protection Board is the regulatory authority responsible for enforcing the DPDP Act and protecting the rights of Data Principals.

Website: www.dataprotection.gov.in (when operational)

Our Obligations as Data Fiduciary

Under the DPDP Act, we commit to:

✓ Transparency

Provide clear notice about data collection, purpose, and processing activities

✓ Purpose Limitation

Process data only for lawful purposes specified at the time of collection

✓ Data Minimization

Collect only necessary data that is adequate and not excessive

✓ Accuracy

Ensure personal data is accurate, complete, and updated

✓ Storage Limitation

Retain data only as long as necessary for the specified purpose

✓ Reasonable Security

Implement appropriate technical and organizational safeguards

Contact Us

For any questions about this DPDP policy or to exercise your rights as a Data Principal:

Privacy & Data Protection Team

Email: privacy@levorofit.com

Phone: +91 94748 32695

Address: Dwarka, New Delhi, India

We will respond to all requests within 30 days (DPDP Act requirement).