Privacy Policy

Last Updated: February 2, 2026

1. Introduction

IndieBridge ("IndieBridge," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud reseller and compliance services ("Services").

This Privacy Policy is designed to comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable data protection laws in India. Under the DPDP Act, IndieBridge acts as a Data Fiduciary for the personal data we collect and process in connection with our Services.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our data practices, please do not use our Services.

2. Definitions

For the purposes of this Privacy Policy:

  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data.
  • "Data Principal" means the individual to whom the personal data relates (you, our customer, or your authorized representatives).
  • "Data Fiduciary" means any person who alone or in conjunction with other persons determines the purpose and means of processing personal data. IndieBridge is a Data Fiduciary.
  • "Data Processor" means any person who processes personal data on behalf of a Data Fiduciary.
  • "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, and erasure.
  • "Cloud Providers" means the third-party cloud infrastructure providers whose services we resell.

3. Information We Collect

3.1 Information You Provide Directly

We collect personal data that you voluntarily provide when you:

  • Register for an account or request our Services
  • Complete forms on our website (contact forms, partnership inquiries)
  • Communicate with us via email, phone, or other channels
  • Subscribe to our newsletters or marketing communications
  • Participate in surveys or provide feedback

This information may include:

  • Identity Information: Full name, job title, company name
  • Contact Information: Email address, phone number, business address
  • Business Information: Company registration details, GST Identification Number (GSTIN), Permanent Account Number (PAN), business type
  • Financial Information: Bank account details for payment processing, billing address
  • Communication Records: Content of emails, support tickets, and other correspondence

3.2 Information Collected Automatically

When you access our website or Services, we may automatically collect certain technical information:

  • Device Information: Device type, operating system, browser type and version
  • Log Data: IP address, access times, pages viewed, referring URL
  • Usage Data: Features used, actions taken, service consumption patterns
  • Location Data: General geographic location based on IP address

3.3 Transaction and Billing Data

As part of providing our Services, we collect and maintain:

  • Invoice and billing records
  • Payment transaction history
  • Service usage and consumption data
  • GST and tax-related documentation
  • Account balance and credit information

3.4 Information from Third Parties

We may receive information about you from third parties, including Cloud Providers (service usage data), payment processors (transaction confirmations), and business information providers (for verification purposes).

4. How We Use Your Information

4.1 Primary Purposes

We process your personal data for the following primary purposes:

  • Service Delivery: To provide, maintain, and improve our cloud reseller Services
  • Account Management: To create and manage your account, verify your identity, and authenticate access
  • Billing and Payments: To process payments, generate invoices, and manage your account balance
  • Customer Support: To respond to your inquiries, provide technical assistance, and resolve issues
  • Communication: To send service-related notifications, updates, and administrative messages

4.2 Legal and Compliance Purposes

We process your personal data to comply with legal obligations, including:

  • Tax Compliance: To fulfill GST filing requirements, generate tax invoices, and maintain records as required by Indian tax law
  • Regulatory Compliance: To comply with RBI regulations, anti-money laundering requirements, and other applicable laws
  • Legal Proceedings: To establish, exercise, or defend legal claims
  • Audit and Reporting: To maintain records for statutory audits and regulatory reporting

4.3 Business Operations

We may also use your information for:

  • Analytics: To analyze usage patterns and improve our Services
  • Security: To detect, prevent, and respond to fraud, abuse, or security incidents
  • Marketing: To send promotional communications (with your consent)
  • Research: To conduct research and develop new features or services

4.4 Purpose Limitation

We will only process your personal data for the purposes described in this Privacy Policy or as otherwise communicated to you at the time of collection. If we need to process your data for a new purpose, we will notify you and, where required by law, obtain your consent before doing so.

5. Legal Basis for Processing

Under the DPDP Act, we process your personal data based on the following legal grounds:

5.1 Consent

For most processing activities, we rely on your consent, which you provide when you:

  • Create an account and agree to our Terms of Service
  • Submit forms on our website
  • Opt-in to marketing communications
  • Provide information during customer support interactions

Your consent is free, specific, informed, unconditional, and unambiguous. You may withdraw your consent at any time by contacting us, though this will not affect the lawfulness of processing conducted prior to withdrawal.

5.2 Legitimate Uses

We may process your personal data without explicit consent where permitted under the DPDP Act for legitimate uses, including:

  • Performance of a contract to which you are a party
  • Compliance with legal obligations under Indian law
  • Response to medical emergencies or threats to life
  • Employment-related purposes (for employee data)

5.3 Legal Obligations

We process certain personal data to comply with legal obligations, including GST law, income tax regulations, RBI guidelines, and other applicable Indian laws. This processing does not require your consent but is necessary for us to operate lawfully.

6. Information Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

6.1 Cloud Providers

We share necessary information with our partnered Cloud Providers to provision and deliver the cloud services you have requested. This may include your account identifier, service configuration details, and usage data. Cloud Providers act as Data Processors and are contractually bound to protect your data.

6.2 Payment Processors

We share payment-related information with authorized payment processors and banking partners to process your transactions. These partners are RBI-authorized and maintain appropriate security measures.

6.3 Service Providers

We may engage third-party service providers who assist us in operating our business, including:

  • Hosting and infrastructure providers
  • Customer support platforms
  • Email and communication services
  • Analytics and monitoring tools
  • Accounting and audit services

These service providers are contractually obligated to use your data only for the purposes of providing services to us and to maintain appropriate security measures.

6.4 Government and Regulatory Authorities

We may disclose your personal data to government authorities, regulators, or law enforcement agencies when required by law or in response to:

  • GST and tax authority requests
  • Court orders or legal process
  • Regulatory investigations or audits
  • National security or public interest requirements
  • Prevention or detection of crime

6.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.

6.6 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. Cross-Border Data Transfers

7.1 Nature of Transfers

As we facilitate access to cloud services provided by foreign Cloud Providers, some of your data may be transferred to and processed in countries outside India. This includes:

  • Service provisioning data sent to Cloud Provider systems
  • Technical support communications with Cloud Provider teams
  • Usage and billing data synchronized with Cloud Provider platforms

7.2 Safeguards

When transferring data outside India, we ensure appropriate safeguards are in place:

  • Data Processing Agreements with Cloud Providers that include data protection obligations
  • Transfers only to countries or entities that provide adequate protection as permitted under the DPDP Act
  • Technical and organizational measures to protect data during transfer

7.3 Your Consent

By using our Services, you consent to the transfer of your data to Cloud Providers located outside India for the purpose of service delivery. You may withdraw this consent, but doing so may affect our ability to provide certain Services to you.

8. Data Retention

8.1 Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are determined by:

  • Active Account Data: Retained for the duration of your account and our business relationship
  • GST and Tax Records: Retained for a minimum of 6 years from the end of the relevant financial year, as required by GST law
  • Income Tax Records: Retained for a minimum of 8 years from the end of the relevant assessment year
  • Contractual Records: Retained for 8 years after the end of the contractual relationship
  • Communication Records: Retained for 3 years from the date of communication
  • Marketing Preferences: Retained until you withdraw consent or unsubscribe

8.2 Deletion and Anonymization

When personal data is no longer required for the purposes for which it was collected and no legal retention requirement applies, we will:

  • Securely delete the personal data from our active systems
  • Remove personal data from backups within a reasonable timeframe
  • Anonymize data that may be retained for statistical or analytical purposes

8.3 Retention After Account Termination

After you terminate your account, we will retain certain data as required by law (particularly tax and GST records) and for the establishment, exercise, or defense of legal claims. Data not subject to legal retention requirements will be deleted within 90 days of account termination.

9. Your Rights as a Data Principal

Under the DPDP Act, you have the following rights regarding your personal data:

9.1 Right to Access

You have the right to obtain confirmation of whether we process your personal data and to access a summary of your personal data and the processing activities performed on it.

9.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal data. You can update most account information directly through your account settings, or contact us for assistance.

9.3 Right to Erasure

You have the right to request erasure of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent. This right is subject to our legal obligations to retain certain data (such as tax records).

9.4 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing conducted before the withdrawal.

9.5 Right to Grievance Redressal

You have the right to have your grievances addressed. We have established a grievance redressal mechanism as described in Section 12 of this Privacy Policy.

9.6 Right to Nominate

You have the right to nominate another individual to exercise your rights in the event of your death or incapacity.

9.7 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 13. We will respond to your request within the timeframe prescribed by applicable law (generally within 30 days). We may need to verify your identity before processing your request.

10. Data Security

10.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data encryption in transit (TLS/SSL) and at rest where appropriate
  • Access Controls: Role-based access controls limiting data access to authorized personnel
  • Authentication: Secure authentication mechanisms for account access
  • Monitoring: Security monitoring and logging of system access
  • Training: Regular security awareness training for our team
  • Vendor Assessment: Security evaluation of third-party service providers

10.2 Your Security Responsibilities

You are responsible for:

  • Maintaining the confidentiality of your account credentials
  • Using strong, unique passwords
  • Notifying us immediately of any unauthorized access to your account
  • Ensuring the security of devices used to access our Services

10.3 Limitations

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we commit to promptly addressing any security incidents that may occur.

11. Data Breach Notification

11.1 Our Commitment

In the event of a personal data breach that is likely to cause harm to you, we will notify you and the Data Protection Board of India without unreasonable delay, as required by the DPDP Act.

11.2 Notification Content

Our breach notification will include:

  • Description of the nature of the breach
  • Categories and approximate number of affected individuals
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact information for further inquiries

11.3 Cloud Provider Breaches

If a data breach occurs at a Cloud Provider that affects your data, we will work with the Cloud Provider to understand the scope and impact, and will notify you as appropriate. Cloud Providers are contractually obligated to notify us of any breaches affecting our customers' data.

12. Grievance Redressal

12.1 Grievance Officer

In accordance with the DPDP Act, we have appointed a Grievance Officer to address your concerns regarding the processing of your personal data. You may contact our Grievance Officer at:

Grievance Officer

IndieBridge

Contact us through: indiebridge.co/contact

12.2 Grievance Process

When you submit a grievance:

  • We will acknowledge receipt of your grievance within 48 hours
  • We will investigate and respond to your grievance within 30 days
  • If we need additional time, we will inform you of the reason for the delay
  • We will keep you informed of the progress and outcome of your grievance

12.3 Escalation

If you are not satisfied with our response to your grievance, you have the right to file a complaint with the Data Protection Board of India as established under the DPDP Act.

13. Cookies and Tracking Technologies

13.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website. They help us provide you with a better experience by remembering your preferences and understanding how you use our site.

13.2 Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly. These cannot be disabled.
  • Functional Cookies: Remember your preferences and settings to enhance your experience.
  • Analytics Cookies: Help us understand how visitors interact with our website so we can improve it.
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness (only with your consent).

13.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However, disabling certain cookies may affect the functionality of our website.

14. Children's Privacy

Our Services are designed for businesses and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

15. Third-Party Links and Services

Our website and Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to such third-party services.

We encourage you to review the privacy policies of any third-party services you access through our platform. We are not responsible for the privacy practices or content of third-party services.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last Updated" date at the top of this page
  • We will notify you by email or through a prominent notice on our website
  • For significant changes, we may seek your renewed consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our website:

IndieBridge

Website: indiebridge.co/contact