Answer 8 simple steps — your policy renders live. Download as .html or .txt.
This goes directly into your policy as the Data Fiduciary — the company responsible for your users' data under the DPDP Act.
Click the chips that apply to your business. Add your own by typing in the field below. Under DPDP, you must disclose every category of data you collect.
Under the DPDP Act, you must state a specific, lawful purpose for every data type you collect. Select all that apply to your business.
Under DPDP Act, you must delete data once the purpose is fulfilled. Specify your retention periods and how users can request deletion.
| Data Category | Retention Period | Legal Basis for Retention |
|---|---|---|
Select all third-party processors you use. These become your Data Processors under the DPDP Act — you're responsible for ensuring they protect your users' data too.
The DPDP Act requires "reasonable security safeguards." Select everything you've implemented — this goes directly into your policy.
These sections are required in your policy regardless. Toggle on to provide specific details; toggle off for the standard DPDP-compliant language.
The DPDP Act requires you to designate a Grievance Officer who Data Principals can contact about their rights. This is mandatory — without it your policy is incomplete.
Review it below, then copy or download. Share the HTML file directly on your website, or copy the text into your CMS.
Click "Generate My Policy" on step 8 to build your document.
This tool generates a starting template based on the DPDP Act, 2023. It is not legal advice. Your privacy policy must be reviewed and validated by a qualified legal professional or DPDP compliance expert before publishing. Every business has unique data practices. Guardata assumes no liability for the completeness or legal sufficiency of this output.
If your business collects any personal data from individuals in India through a website or app, the DPDP Act, 2023 applies to you — regardless of company size.