DPDP Compliance

This page explains how Yumi Connect complies with India’s Digital Personal Data Protection Act 2023 (DPDP Act). It complements our Privacy Policy with the DPDP-specific details required by the Act.

1. Roles under the DPDP Act

• For data about you (the cardholder), Yumi Connect is the Data Fiduciary and you are the Data Principal.
• For data about your visitors that they submit through Snap & Link, you (the cardholder) are the Data Fiduciary and we act as a Data Processor on your behalf. You determine the purpose and means of that processing.

2. Lawful purpose for processing

We process personal data only for clearly stated purposes you consent to at sign-up: operating the Service, processing payments, sending transactional and security emails, and improving the product. We do not process data for any purpose you haven’t agreed to.

3. Consent & withdrawal

Consent at sign-up is granular: you can decline product-update emails without affecting your account. You can withdraw consent at any time from your dashboard or by emailing hello@yumi.app. Withdrawal applies going forward and doesn’t affect prior lawful processing.

4. Your rights as a Data Principal

• Right to information about processing
• Right to access & correction
• Right to erasure
• Right to grievance redressal
• Right to nominate (someone to exercise your rights if you are unable to)

Email any of these requests to hello@yumi.app. We respond within 7 working days.

5. Cross-border transfers

Personal data is hosted primarily within India (Supabase / AWSap-south-1, Mumbai). Limited transfers to other regions happen via our sub-processors (Vercel CDN edge caches, Resend mail delivery). All transfers are governed by standard contractual clauses and only to countries we’re permitted to transfer to under the DPDP Act.

6. Data breach notification

If we discover a personal-data breach, we notify the Data Protection Board of India and affected Data Principals as required by the Act, in the format and time-window the Board prescribes (currently 72 hours).

7. Children’s data

Yumi Connect is not directed at children under 18 and we do not knowingly process children’s personal data. If you believe a child has signed up, tell us and we’ll delete the account.

8. Significant Data Fiduciary status

We are not currently classified as a Significant Data Fiduciary. If the volume or sensitivity of data we process changes that status, we will publish the additional safeguards required (DPO appointment, data audits, impact assessment) and notify you here.

9. Grievance officer

Per Section 11 of the Act:

• Name — Muhibbuddin Shaid Hakkeem
• Email — hello@yumi.app
• Postal address — Chennai, Tamil Nadu, India
• Response window — 7 working days

If you’re not satisfied with our response, you may escalate to the Data Protection Board of India.