Legal

DPDP Act Compliance

How SplitEase complies with India's Digital Personal Data Protection Act, 2023.

Our commitment

SplitEase is fully compliant with the Digital Personal Data Protection Act 2023 (DPDP Act). We treat data privacy not as a legal checkbox but as a core product value. This page explains exactly how we implement each obligation under the Act.

1. About the DPDP Act

The Digital Personal Data Protection Act, 2023 is India's primary data protection legislation. It establishes the rights of data principals (individuals) and the obligations of data fiduciaries (organisations that process personal data). SplitEase is a data fiduciary under the Act, as we collect and process personal data of our users.

2. Lawful basis for processing

We process personal data only under the following lawful grounds:
  • Consent: You give explicit, informed consent when you sign up to SplitEase. You may withdraw consent at any time by deleting your account.
  • Legitimate use: Processing necessary to perform the contract (providing the SplitEase service), comply with legal obligations, or respond to medical emergencies.

3. Purpose limitation

We collect and use personal data only for the specific purposes disclosed at the time of collection. We do not repurpose your data for unrelated activities without seeking fresh consent.

4. Data minimisation

We collect the minimum data necessary to provide SplitEase. For example:
  • We do not require your date of birth to create an account.
  • Voice recordings are processed in real-time and never stored.
  • Receipt images used for OCR are deleted after parsing unless you explicitly save them.

5. Your rights under the DPDP Act

๐Ÿ“‹
Right to access

Request a complete copy of all personal data we hold about you. We respond within 7 business days.

โœ๏ธ
Right to correction

Request correction of any inaccurate or incomplete personal data. You can also update most data directly in the app.

๐Ÿ—‘๏ธ
Right to erasure

Request deletion of your personal data. We permanently delete everything within 30 days, except where retention is legally required.

โš–๏ธ
Right to grievance redressal

File a complaint about our data processing. We acknowledge grievances within 48 hours and resolve within 30 days.

๐Ÿ‘ค
Right to nominate

Nominate a trusted person to exercise your data rights in the event of death or incapacity.

To exercise any of these rights, email our Data Protection Officer at hello@splitease.ai with the subject line "DPDP Rights Request".

6. Data Protection Officer

Our designated DPO is responsible for overseeing DPDP Act compliance:
DPO Contact
Email: hello@splitease.ai
Address: SplitEase Technologies Pvt. Ltd., Gurugram, Haryana, India

7. Security safeguards

We implement the following technical and organisational measures:
  • AES-256 encryption at rest for all personal data.
  • TLS 1.3 encryption for all data in transit.
  • Role-based access control and principle of least privilege.
  • Multi-factor authentication required for all production access.
  • Regular third-party security audits and penetration testing.
  • Incident response plan with regulatory notification within 72 hours of a qualifying breach.

8. Cross-border transfers

We primarily store and process data within India. Where we use international service providers (e.g., AWS, Stripe), we ensure appropriate contractual safeguards are in place, consistent with DPDP Act requirements.

9. Grievance redressal

If you have a complaint about how we process your personal data, please contact our Grievance Officer at hello@splitease.ai. If your complaint is not resolved to your satisfaction, you may also lodge a complaint with the Data Protection Board of India once it is constituted.