Back to Home

Privacy Policy

Last Updated: June 10, 2026

Introduction

This Privacy Policy explains how Dopo Labs Private Limited (“Company”, “we”, “us”, or “our”), a company incorporated in Kerala, India, collects, uses, stores, and protects your information when you use our products, services, and websites (collectively, the “Services”). This includes our SaaS products such as Adukkala OS, client project deliverables, and the dopolabs.com website.

By using our Services, you consent to the data practices described in this policy. This policy is published in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the DPDP Rules, 2025, read with the Information Technology Act, 2000 and the rules made thereunder. For the purposes of the DPDP Act, Dopo Labs Private Limited acts as a Data Fiduciary, and you, the individual whose personal data we process, are a Data Principal.

1. Information We Collect

Personal Information

Name, email address, phone number, and business details (company name, GST number) provided during account registration, subscription, or inquiry forms.

Billing & Payment Data

Subscription plan details and transaction records. We do not store credit/debit card numbers directly — all payment processing is handled by our PCI-DSS compliant payment gateway partner (Cashfree Payments).

Device & Usage Information

Device ID, device model, operating system version, IP address, browser type, and usage analytics for session management, security, and improving our Services.

Location Data

Collected only in our mobile applications (e.g., Adukkala OS) for device proximity verification and delivery tracking when explicitly enabled by the user.

2. How We Use Data

  • To provide, operate, and maintain our SaaS products and client services.
  • To process subscription payments and maintain billing records.
  • To communicate service updates, maintenance notices, and support responses.
  • To improve, troubleshoot, and secure the Services.
  • To send push notifications for product-related alerts (with your consent).
  • To comply with legal obligations and resolve disputes.

We process your personal data on the basis of the consent you provide, or for legitimate uses permitted under the DPDP Act (such as fulfilling a service you have requested or complying with a legal obligation). Where processing relies on consent, you may withdraw it at any time — withdrawing consent is as easy as giving it, and can be done by contacting us at support@dopolabs.com. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

3. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS 1.2+ (HTTPS).
  • Data at rest is stored in encrypted cloud databases (AES-256 encryption).
  • Access to production systems is restricted to authorized personnel with multi-factor authentication.
  • Regular security audits and vulnerability assessments are conducted.

4. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to any third party for marketing or commercial purposes. Your data is shared only with carefully selected service providers (Data Processors) who are essential to operating our Services, limited to the following categories:

  • Cloud Infrastructure & Hosting: Reputable cloud hosting and database providers for secure data storage and application delivery.
  • Payment Processing: A PCI-DSS compliant payment gateway for subscription billing. We do not store your full card details.
  • Communications & Notifications: Messaging and push-notification services for service-related alerts.
  • Analytics & Error Monitoring: Diagnostic and monitoring tools for crash reporting, security, and performance improvement.

Each provider is bound by contractual obligations and their own privacy and security commitments, and processes data solely for the purposes we specify. We do not share data with advertisers or data brokers. A current list of the specific sub-processors we use is available on request by writing to support@dopolabs.com.

5. Data Retention

Account and billing data is retained for the duration of your subscription and for up to 30 days after cancellation. Analytics data is aggregated and anonymized after 90 days. Financial records are retained as required by applicable Indian tax laws (up to 8 years). You may request full data export or deletion at any time.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and all associated data.
  • Export your data in a machine-readable format.
  • Withdraw consent for optional data collection (e.g., location tracking, marketing emails).
  • Nominate another individual to exercise your rights on your behalf in the event of your death or incapacity, as provided under the DPDP Act.
  • Seek redressal of grievances regarding our handling of your personal data through our Grievance Officer (see Section 11).

To exercise any of these rights, contact us at support@dopolabs.com. We will process requests within 30 days. To protect your data, we may ask you to verify your identity before acting on a request, and we may decline or charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive, to the extent permitted by applicable law.

7. Children's Privacy

Our Services are intended for business use by individuals aged 18 and above. We do not knowingly collect personal information from children under 18. Where we become aware that a user is a child, we will process their personal data only with verifiable consent of a parent or lawful guardian, as required under Section 9 of the DPDP Act. We do not undertake tracking, behavioural monitoring, or targeted advertising directed at children.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or website notification at least 7 days before they take effect. Continued use of our Services after changes constitutes acceptance of the updated policy.

9. Grievance Redressal & Data Protection Board

We have appointed a Grievance Officer to address any questions, concerns, or complaints regarding the processing of your personal data. You may reach the Grievance Officer using the contact details in Section 11. We will acknowledge grievances promptly and respond within the timelines prescribed under the DPDP Act and applicable rules.

If your grievance is not satisfactorily resolved, you have the right to lodge a complaint with the Data Protection Board of India established under the DPDP Act.

10. Governing Law & Jurisdiction

This Privacy Policy and any disputes arising out of or in connection with it are governed by the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the rules and regulations made thereunder. The courts at Kasaragod, Kerala shall have jurisdiction, subject to the statutory authority of the Data Protection Board of India.

11. Contact Us & Grievance Officer

For privacy concerns, data-related requests, or grievances:

Dopo Labs Private Limited

Kanhangad, Kasaragod, Kerala, India — 671315

Grievance Officer: support@dopolabs.com

Please mention “Data Privacy Request” in the subject line so we can route your request to the Grievance Officer without delay.