Legal

DPDP Act Compliance

Last updated: 21 April 2026

Glowmap complies with the Digital Personal Data Protection Act, 2023 (DPDP Act), India's primary data protection law. This page summarises how.

1. Our role

Under the DPDP Act, Glowmap is a Data Fiduciary — we determine the purposes and means of processing your personal data. You are the Data Principal — the individual whose data is being processed.

2. Principles we follow

  • Lawfulness — We process data only with your consent or a valid legal basis
  • Purpose limitation — We use data only for the purposes disclosed at collection
  • Data minimisation — We collect only what's necessary for the service
  • Accuracy — We keep your data accurate and up to date
  • Storage limitation — Data is deleted once no longer needed (see retention periods in Privacy Policy)
  • Security — Reasonable safeguards to protect against unauthorised access
  • Accountability — We take responsibility for compliance

3. Data localisation

All primary personal data of Indian Data Principals is stored on servers located in India (AWS Mumbai, ap-south-1 region). Cross-border transfers are limited to specific sub-processors (AI, payments, WhatsApp) that are notified to you and subject to appropriate safeguards.

4. Your rights as a Data Principal

  • Right to access your data
  • Right to correction and erasure
  • Right to grievance redressal
  • Right to nominate (data rights transfer on death/incapacity)
  • Right to withdraw consent

To exercise any right, email support@glowonthemap.com.

5. Consent

We obtain free, specific, informed, unconditional, and unambiguous consent before processing your data. You can withdraw consent at any time.

6. Data breach notification

In case of a personal data breach, we will notify:

  • The Data Protection Board of India (DPBI) within 72 hours
  • Affected Data Principals without undue delay, via email and in-app notice

7. Grievance Officer

Name: Malladi Aruna
Email: support@glowonthemap.com
Address: Plot 99, Sri Sadguru Nilayam, Pavara Village, Samalkot, Kakinada, AP 533450
Response time: Maximum 7 business days

8. Data Protection Board

If we don't resolve your grievance satisfactorily, you can escalate to the Data Protection Board of India. Details at meity.gov.in.

9. Children's data

Glowmap does not knowingly process data of children (under 18). If we discover we have, we will delete it immediately.

10. Significant Data Fiduciary (SDF)

Glowmap is not currently classified as a Significant Data Fiduciary under the DPDP Act. If our user base or data volume grows to SDF-triggering levels, we will implement additional measures including a Data Protection Officer, DPIAs, and enhanced auditing.

Last reviewed

This document is reviewed quarterly. Current version effective: 21 April 2026.

Questions about this document? Email us at support@glowonthemap.com or WhatsApp us at +91 83412 84384.