Data Protection & DPDP Compliance

Last updated: 18 July 2026

This notice explains how AlphaGrid complies with India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the applicable Information Technology Act rules. It supplements — and should be read with — our full Privacy Policy.

1. Data Fiduciary

AlphaGrid is operated by MergeConflict Studio LLP (LLPIN: [LLPIN — to be filled]), the Data Fiduciary responsible for your personal data. We process personal data lawfully, for specified purposes, and only to the extent necessary to provide the Service.

2. Lawful Processing & Consent

We collect your personal data with your consent, given through a clear affirmative action (accepting our Terms and Privacy Policy at sign-up, and enabling optional features). Our consent requests are specific, and you can withdraw consent as easily as you gave it — by turning off a feature or deleting your account. We also rely on certain legitimate uses permitted by the DPDP Act, such as fulfilling a service you request and meeting legal obligations.

3. Purpose Limitation & Data Minimisation

We collect only the personal data we need for the purposes described in our Privacy Policy, and we do not use it for unrelated purposes. We do not sell personal data, and we do not use it for third-party advertising or cross-site tracking.

4. Your Rights as a Data Principal

Under the DPDP Act you have the right to:

  • Access a summary of your personal data and how we process it.
  • Have inaccurate or incomplete data corrected or updated.
  • Erase your personal data and close your account.
  • Withdraw consent at any time.
  • Nominate another person to exercise your rights in case of death or incapacity.
  • A readily available grievance-redressal mechanism.

You can correct your profile and delete your account instantly from Settings → Delete Account. For any other request, contact our Grievance Officer below.

5. Retention

We retain personal data only while your account is active or as needed to provide the Service. On deletion, we erase your personal data, except records we are legally required to keep (e.g. tax and payment records), which are retained for the statutory period and then deleted or de-identified.

6. Security & Breach Notification

We apply reasonable security safeguards to protect personal data (encryption in transit, access controls, hashed credentials). In the event of a personal-data breach, we will notify the Data Protection Board of India and affected Data Principals in the manner and within the timelines required by the DPDP Act.

7. Children’s Data

The Service is for users aged 18 and above. We do not knowingly process the personal data of children, and we do not carry out tracking, behavioural monitoring or targeted advertising directed at children.

8. Grievance Officer

For any data-protection question, request or complaint, contact our Grievance Officer:

Grievance Officer: [Grievance Officer name]

MergeConflict Studio LLP

Email: support@mergeconflict.in

We aim to acknowledge grievances promptly and resolve them within the timelines required by law. If you remain dissatisfied, you may approach the Data Protection Board of India.