Privacy Policy
Last Updated: January 2026 | Compliant with DPDP Act, 2023 & SPDI Rules, 2011
1. Legal Framework & Compliance
This Privacy Policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), Information Technology Act, 2000 (Amended 2008), IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and all applicable Indian data protection laws. As a DPIIT-recognized startup under Startup India, we adhere to the highest standards of data protection.
2. Information We Collect
| Category | Description |
|---|---|
| Personal Data | Name, email, phone number, address |
| Sensitive Personal Data (SPDI) | Passwords, financial info, biometric data |
| Device Data | Device IDs, browser type, OS, IP addresses |
| IoT Sensor Data | Facility monitoring, usage patterns |
| Usage Data | Log files, access patterns, analytics |
3. Legal Basis for Processing (DPDP Act, 2023)
- Your explicit consent obtained through clear affirmative action
- Performance of contractual obligations
- Compliance with legal obligations under Indian law
- Legitimate interests that do not override your rights
4. Data Sharing
We may share your data with service providers (under strict confidentiality), legal requirements, or business transfers. We do NOT sell your personal data to third parties.
5. Data Security Measures (SPDI Rules, 2011)
- ISO 27001 aligned security practices
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Role-based access controls and audit logging
- Regular security assessments and vulnerability testing
6. Your Rights (Data Principal Rights)
| Right | Description |
|---|---|
| Right to Access | Know what data is being processed |
| Right to Correction | Request correction of inaccurate data |
| Right to Erasure | Request deletion of your data |
| Right to Withdraw Consent | Withdraw consent at any time |
| Right to Grievance Redressal | Lodge complaints with Grievance Officer |
7. Criminal Consequences for Unauthorized Access
| Law | Section | Penalty |
|---|---|---|
| IT Act | Section 43 | Up to ₹1 crore |
| IT Act | Section 66 | 3 years + ₹5 lakh |
| IT Act | Section 72 | 2 years + ₹1 lakh |
| IT Act | Section 72A | 3 years + ₹5 lakh |
| DPDP Act | Various | Up to ₹250 crores |
8. Grievance Officer
Grievance Officer
Email: grievance@myhub.co.in
Response Time: Within 30 days of receipt
Unresolved grievances may be escalated to the Data Protection Board of India under DPDP Act, 2023.
© 2026 MyHuB IoTech Private Limited. All Rights Reserved.