DPDP Act 2023 & GDPR Aware

Privacy Policy

Last Updated: May 14, 2026

Back to Home

Introduction

This Privacy Policy describes how we collect, use, store, and share your personal data when you visit yugamatix.com or use any of our services. It applies to all visitors and customers regardless of location.

We design our practices to comply with India's Digital Personal Data Protection Act, 2023 (DPDP Act) as our primary framework, and the EU General Data Protection Regulation (GDPR) for visitors from the European Economic Area.

Who Controls Your Data

The Data Fiduciary (under DPDP Act) and Data Controller (under GDPR) for this website is:

Legal Entity: YugamDynamics (Sole Proprietorship)

Trade Name: YugaMatix

Contact: hello@yugamatix.com

Data We Collect

From the Contact Form (/contact)

  • Name and email (required)
  • Phone and company name (optional)
  • Your message content

From the Newsletter Form (footer)

  • Email address only

From the Project Inquiry Form

  • Name and email (required)
  • Project requirement description

From the Pay Invoice Form (/pay)

  • Name, email, invoice reference, payment amount
  • GSTIN and additional notes (optional)

Automatically Collected

  • IP address (for spam protection and rate limiting)
  • Browser type, device type, and operating system
  • Pages visited and time spent (anonymous, for performance)

We do not collect financial information directly. All payments are processed by Cashfree Payments India Pvt Ltd, who handles card and UPI data per their own privacy policy and PCI-DSS compliance.

How We Use Your Data

Respond to your inquiriesLegitimate interest
Deliver services you purchasedContract
Send newsletters you subscribed toConsent
Issue tax invoices and receiptsLegal obligation
Detect spam and prevent abuseLegitimate interest
Maintain audit and tax recordsLegal obligation

We do not use your data for automated decision-making, profiling, or advertising. We do not sell your data to anyone.

Third-Party Services We Use

We use the following processors to operate the website. Each handles your data under its own terms and only for the purposes listed here.

Brevo (formerly Sendinblue)
Transactional email delivery (contact form, newsletter, payment intent notifications)
Location: France, EUData: Email address, name, message content
Cloudflare Turnstile
Spam and bot protection on all forms
Location: United StatesData: IP address, browser fingerprint (anonymized)
Cashfree Payments India Pvt Ltd
Payment processing (post-approval)
Location: IndiaData: Payment details (handled directly by Cashfree, never stored on our servers)
Contabo GmbH
Virtual private server (IaaS) where our website and application run
Location: Germany (European Union)Data: All server logs and application data
GitLab
Source code and content versioning
Location: United StatesData: Blog content (no user personal data)

International Data Transfers

Most of our processors are based outside India: Brevo (France), Contabo (Germany), Cloudflare and GitLab (United States). When your data is transferred to or processed by these vendors, we rely on contractual safeguards (Standard Contractual Clauses, Data Processing Agreements) provided by each vendor to ensure your data continues to receive a level of protection equivalent to the DPDP Act and GDPR.

How Long We Keep Data

Contact form submissions24 months
Newsletter subscribersUntil you unsubscribe
Payment intent / invoice records7 years (Indian tax law)
Server logs (IP, request data)90 days

After these periods, your personal data is deleted or anonymized. You may request earlier deletion at any time using the rights described below.

Your Rights

Under the Indian DPDP Act 2023, you have the right to:

  • Access a summary of your personal data we hold
  • Correct or update inaccurate personal data
  • Erasure of your personal data (right to be forgotten)
  • Withdraw consent for any processing based on consent
  • Nominate someone to exercise your rights in your absence
  • File a grievance with us, and escalate to the Data Protection Board of India if unresolved

Under the GDPR (for EU/EEA visitors), you additionally have the right to:

Access
Rectification
Erasure
Restriction
Portability
Objection

To exercise any of these rights, email hello@yugamatix.com with the subject "Privacy Request — [type]". We respond within 30 days, as required by both DPDP and GDPR.

Cookies

We use only essential cookies required for the website to function (session management, spam protection). We do not use cookies for advertising, tracking, or profiling. For full details, see our Cookie Policy.

Children's Data

Our services are intended for businesses and adults. We do not knowingly collect personal data from anyone under 18 years of age. If you believe a minor has submitted data through one of our forms, please contact us and we will delete it.

Security

We protect your data with HTTPS encryption in transit, isolated user accounts on our hosting infrastructure, server-side input validation, rate limiting on all form endpoints, and bot-protection (Cloudflare Turnstile). Payment details are handled exclusively by Cashfree and never stored on our servers. No security setup is perfect — we apply reasonable, industry-standard safeguards.

Governing Law

This Privacy Policy is governed by the laws of India. Any disputes arising from this policy are subject to the exclusive jurisdiction of the courts in Punjab, India, where YugamDynamics is registered.

Changes to This Policy

We may update this Privacy Policy as our services or applicable laws change. Material changes will be announced on this page with an updated "Last Updated" date. For significant changes, we will also notify newsletter subscribers by email.

Contact Us About Privacy

Questions, requests, or complaints about how we handle your data — please email us. We respond within 30 days.

hello@yugamatix.com