dpdp — by design, audited.
Plain-English plus technical detail of how our products comply with DPDP. Consent capture, retention by class, withdrawal flow, sub-processor list, DPO contact.
When you deploy an Aminobots system, your customer data is your data. We process it on your behalf, in your tenancy, under your encryption keys. We never see your customer's personal information in plaintext. We retain processed records only as long as DPDP requires by class — KYC for 7 years, customer interaction logs for 5 years, transaction records for 10 years.
If your customer requests their data be deleted, the system supports that. If your customer requests their consent be withdrawn, the system supports that. If your auditor requests evidence of every data event, the immutable audit log produces it.
| class | retention | basis |
|---|---|---|
| KYC records | 7 years | RBI Master Directions |
| Customer interaction logs | 5 years | DPDP general retention |
| Transaction records | 10 years | RBI Banking Regulation Act |
| Clinical records (KidneyCare) | 5 years | ICMR 2017 guidelines |
| AI inference traces (non-PII) | 2 years | Internal audit + model improvement |
- consent withdrawalEvery deployment supports consent withdrawal. The system marks the user's records and prevents further processing within 24 hours.
- data deletionOn request, records are deleted within the legal grace period (typically 30 days). Audit log retention follows the retention-class table.
- DPO contactFor DPDP grievances, contact our Data Protection Officer at [email protected]. Response within 5 business days; resolution within 30.