Privacy Policy

Last updated: 15 June 2026

This Privacy Policy explains how CynorSense Solutions Pvt. Ltd. ("CynorSense", "we", "us") handles personal data in connection with the DPDPA.support marketing website at dpdpa.support and the DPDPA.support product (the "Service"). We are committed to handling personal data lawfully under India's Digital Personal Data Protection Act, 2023 ("DPDP Act").

DPDPA.support is a consent management and compliance platform that helps Wix site operators act as compliant data fiduciaries. It is not a Board-registered Consent Manager.

1. Who this policy covers

This policy describes our own processing in two distinct roles:

  • As a data fiduciary — for visitors to this marketing website and for prospects who contact us (for example, to request a demo).
  • As a data processor — when our customers (Wix site operators) install DPDPA.support and we process personal data of their data principals on their behalf and under their instructions. In that role, the customer remains the data fiduciary and their own privacy notice governs.

2. Personal data we collect on this website

  • Contact data you provide voluntarily. When you email us or book a demo via a mailto: link, we receive your email address and any details you include.
  • Limited analytics data. We use privacy-respecting analytics to understand aggregate site usage (such as pages viewed and approximate region). This site does not embed third-party advertising trackers.

This marketing site does not run a server-side sign-up form; demo and sales contact is handled through email. We do not knowingly collect data from children.

3. Purposes and legal basis

  • Responding to enquiries and demo requests — to communicate with you about the Service.
  • Operating and improving the website — using aggregate analytics.
  • Security and abuse prevention — protecting the site and our infrastructure.

We process personal data on the basis of your consent and our legitimate need to respond to requests you initiate, consistent with the DPDP Act's notice-and-consent framework.

4. How the product handles personal data

When a customer installs DPDPA.support on their Wix site, the Service processes their data principals' consent and rights data strictly on the customer's instructions. The platform is self-hosted on our infrastructure and multi-tenant. Each tenant's secrets are isolated in OpenBao per instance, sessions are tenant-bound, tenant isolation is enforced fail-closed, and webhooks are verified with RS256 signatures. Consent events flow from Wix to the platform over signed webhooks and are persisted to an append-only audit store as the customer's system of record.

For data principals of our customers' sites, the customer's privacy notice and the in-product "my-data" dashboard (covering access and erasure with legal-hold) govern individual rights.

5. Sharing and sub-processors

We do not sell personal data. We share data only with infrastructure and service providers necessary to operate the Service, including Wix (for the app distribution and billing relationship), and only to the extent required. Where we act as a processor for a customer, any onward processing is governed by our agreement with that customer.

6. Retention

We retain enquiry and contact data only as long as needed to respond and for our legitimate records. Product data is retained per the customer's configured retention rules; under erasure, records freeze under a documented legal-hold and auto-purge with proof when the retention clock expires.

7. Your rights

Subject to the DPDP Act, you may request access to, correction of, or erasure of your personal data, and you may withdraw consent. To exercise these rights regarding data we hold about you directly, contact our Data Protection Officer at dpo@cynorsense.com. If your data was collected by one of our customers' sites, please use that site's my-data dashboard or contact that site operator.

8. Security

We apply technical and organisational safeguards including secret isolation, tenant-bound sessions, fail-closed isolation, signed webhooks, and tenant-voiced error handling that avoids infrastructure leakage. See the canonical Acceptable Use for details.

9. Changes to this policy

We may update this policy from time to time. The "Last updated" date above reflects the latest revision.

10. Canonical and binding version

This page is a plain-language summary for the DPDPA.support website. The canonical, binding privacy policy is published at Privacy Policy. Where there is any conflict, the canonical version prevails. Our data processing terms are set out in the Cookie Policy.

11. Contact

Data Protection Officer, CynorSense Solutions Pvt. Ltd.
Email: dpo@cynorsense.com
1-2-237/4, Plot No.195 Srinivas Nagar, Kapra Municipality, ECIL, Telangana, India - 500062