Privacy Policy — Nayudu Clan Directory
Effective date: [9th June 2026] Policy version: 1.0 Last updated: [9th June 2026]
This Privacy Policy explains how the Nayudu Clan Directory ("we", "us", "the Directory") collects, uses, stores, and protects your personal data. It is written to align with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.
1. Who we are (the Data Fiduciary)
Under the DPDP Act, the entity that decides how and why your data is processed is the Data Fiduciary. For this Directory, that is:
- Name: nayudutechlaw
- Contact: nayudutechlaw@gmail.com
- Address: Bengaluru
- Grievance / Data Protection contact: Nayudu Ramachandra , nayudutechlaw@gmail.com
If you have any questions about this policy or your data, contact the grievance contact above.
2. What personal data we collect
We collect only what is needed to run a members-only family directory:
You provide directly:
- Identity details: full name, date of birth, gender
- Contact details: email address, phone number
- Clan / lineage details: family name, gotra, native place, current city, and links to relatives within the clan
- Optional profile content: a short bio and a profile photo
Collected automatically:
- Account and security data: login timestamps and technical logs needed to keep the account secure
- Consent records: which permissions you granted or withdrew, and when
We do not intentionally collect special categories of data beyond what you choose to share in your profile. Please do not enter financial account numbers, government ID numbers, or health information into your profile.
3. Why we process your data (purposes)
We process your data only for these stated purposes:
| Purpose | What it means |
|---|---|
| Account operation (required) | Creating and securing your account and showing you your own dashboard. |
| Directory listing (consent) | Showing your profile to other approved clan members. |
| Community communications (consent) | Sending you clan announcements and event invitations. |
| Member-to-member contact (consent) | Letting other approved members see your chosen contact details. |
You can use the Directory with only the required purpose enabled; the consent-based purposes are optional and can be turned off at any time.
4. The legal basis: your consent
Under the DPDP Act, we rely on your consent, which is free, specific, informed, and unambiguous. At signup you are shown clear toggles for each optional purpose. We record what you agreed to and the version of this policy in force at that time.
Children's data: If you are under 18, you may only register with verifiable consent from a parent or lawful guardian, as the DPDP Act requires. We do not knowingly process a child's data for tracking, behavioural monitoring, or targeted advertising.
5. Who can see your data
- Other members: only members an administrator has approved can view the directory, and they see only the contact details you have chosen to make visible.
- Administrators: clan administrators can see member data to verify, approve, and manage memberships, and to respond to your requests.
- Pending or rejected accounts: your profile is not visible to other members until an administrator approves you.
We do not sell your personal data. We do not share it with advertisers.
6. Data processors and third parties
We use trusted service providers to run the Directory:
- [Supabase / hosting provider] — database, authentication, and hosting.
- [Email provider, if any] — sending account and announcement emails.
These providers process data only on our instructions under the DPDP Act's Data Processor obligations. List any others you add here.
7. Where your data is stored
Your data is stored on [REGION / DATA CENTRE — e.g., Supabase ap-south-1, Mumbai]. If data is transferred outside India, we will do so only as permitted under the DPDP Act and applicable government notifications.
8. How long we keep your data
We retain your data for as long as your membership is active. If you withdraw consent or delete your account, we delete or anonymise your personal data within [e.g., 30 days], except where we must retain certain records to meet a legal obligation. Consent records may be kept as proof of compliance even after account closure.
9. Your rights as a Data Principal
Under the DPDP Act you have the right to:
- Access — get a summary of the personal data we hold about you and how it is processed.
- Correction & updating — fix inaccurate or incomplete data (you can edit most of this yourself in your dashboard).
- Erasure — ask us to delete your data when it is no longer needed.
- Withdraw consent — turn off any optional purpose at any time, as easily as you gave it. Withdrawing consent does not affect processing already done.
- Grievance redressal — raise a complaint with our grievance contact (Section 1). If unresolved, you may escalate to the Data Protection Board of India.
- Nominate — nominate another person to exercise your rights in the event of death or incapacity.
To exercise any of these, contact our grievance contact in Section 1. We will respond within a reasonable period.
10. How we protect your data
We apply reasonable security safeguards, including row-level database security so members can only access data they are permitted to see, access controls for administrators, encrypted connections, and audit logging of administrative actions. No system is perfectly secure, but we work to protect your data and will notify you and the Data Protection Board of a personal data breach as required by law.
11. Changes to this policy
We may update this policy. When we make material changes we will update the version number and effective date, and where appropriate we may ask you to review the changes and reconfirm your consent.
12. Contact
For any privacy question or to exercise your rights:
- Grievance contact: Nayudu Ramachandra
- Email: nayudutechlaw@gmail.com
- Address: Bengaluru
Nayudu Clan Directory — committed to keeping our family's data private and in our family's hands.