DPDPA Compliance Policy

1. Objective. This policy outlines Thrivana’s compliance with the Digital Personal Data Protection Act, 2023 for HabitNu in India.

2. Status as Data Fiduciary. Thrivana determines the purpose and means of processing data and is classified as a Data Fiduciary. Vendors act as Data Processors under our supervision.

3. Core Obligations. Obtain consent and provide clear notice. Process data only for lawful and stated purposes. Provide access, correction, and erasure. Maintain records of processing and consent logs. Ensure data remains stored and processed only in India.

4. Children’s Data. We obtain verifiable parental consent for minors under eighteen and prohibit profiling or targeted advertising involving minors.

5. Grievance Redressal. Submit data‑related grievances to dpo@thrivana.in. We acknowledge within seven days and resolve within thirty days. Unresolved complaints may be escalated to the Data Protection Board of India.

6. Audit and Review. Annual internal and external audits are conducted. Policies are reviewed and updated as regulations evolve.

‍