Privacy Policy

This Privacy Policy describes how Dheemai Technologies Private Limited ("Dheemai", "we", "us", or "our"), a company incorporated under the Companies Act 2013 with its registered office at Chennai, Tamil Nadu, India, collects, uses, shares, and protects information about you when you use our website (www.dheemai.com) and our products and services.

This Privacy Policy is compliant with the Digital Personal Data Protection Act 2023 (DPDP Act), the Information Technology Act 2000 and associated rules, and other applicable Indian and international data protection laws.

1. Information We Collect

We collect information you provide directly to us and information collected automatically when you use our services.

1.1 Information You Provide

• Contact information: Name, email address, phone number, company name, job title when you fill our contact forms, request demos, or subscribe to communications.
• Account information: Username, password, and profile details when you create an account to use our products.
• Payment information: Billing address and payment details (processed by our payment provider; we do not store full card details).
• Communications: Content of emails, support tickets, and other communications you send us.
• Product usage data: Data you upload or input when using our products (e.g., documents for TamperCheck, identity data for KYC Verifier) processed in accordance with our Data Processing Agreement.

1.2 Automatically Collected Information

• Usage data: Pages visited, features used, time spent, click patterns, and navigation paths.
• Device information: IP address, browser type and version, operating system, device type.
• Cookies and similar technologies: As described in Section 8 below.
• Log data: Server logs recording access time, request type, and error codes.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and improve our products and services
• To process transactions and manage your account
• To respond to your enquiries, support requests, and communications
• To send you product updates, security alerts, and administrative messages
• To send you marketing communications (where you have provided consent or we have a legitimate interest)
• To personalise your experience and provide relevant content
• To monitor and analyse usage patterns to improve our services
• To detect, investigate, and prevent fraudulent activity and abuse
• To comply with legal obligations, including tax, audit, and regulatory requirements
• To enforce our Terms of Service and protect our rights

3. Legal Basis for Processing

Under the DPDP Act 2023 and applicable laws, we process your personal data on the following legal bases:

• Consent: Where you have given us explicit consent, such as for marketing communications.
• Contract performance: To fulfil our contractual obligations to you as a customer or user.
• Legal obligation: Where processing is necessary to comply with applicable laws.
• Legitimate interests: For purposes like fraud prevention, security, and improving our services, where these interests are not overridden by your rights.

4. Sharing of Your Information

We do not sell your personal data. We may share your information with:

• Service providers: Third-party vendors who provide services on our behalf (cloud hosting, analytics, payment processing, email delivery), subject to appropriate data processing agreements.
• Business partners: With your consent, for co-marketing or partnership purposes.
• Legal requirements: When required by law, court order, or government authority, or to protect our rights, safety, or property.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including:

• Account data: For the duration of your account plus 3 years after closure
• Contract and billing records: 7 years for tax and legal compliance
• Marketing consent records: Until withdrawn plus 3 years
• Support communications: 3 years from the date of the last communication
• Log and security data: 12 months

After the applicable retention period, we securely delete or anonymise your personal data.

6. Your Rights as a Data Principal

Under the DPDP Act 2023 and other applicable laws, you have the following rights regarding your personal data:

• Right to access: Request a summary of personal data we hold about you and how it is being processed.
• Right to correction: Request correction of inaccurate or incomplete personal data.
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to withdraw consent: Withdraw consent for processing where consent is the legal basis, without affecting prior lawful processing.
• Right to grievance redressal: Lodge a complaint with our Grievance Officer (details below).
• Right to nominate: Nominate another person to exercise your rights in the event of your death or incapacity.

To exercise these rights, contact our Grievance Officer at privacy@dheemai.com. We will respond within 72 hours of receipt.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Access controls, multi-factor authentication, and role-based permissions
• Regular security assessments, penetration testing, and vulnerability management
• ISO 27001-aligned information security management practices
• Employee training on data protection and security
• Incident response procedures with timely breach notification

In the event of a personal data breach affecting your rights, we will notify you and the Data Protection Board of India as required by the DPDP Act.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website. Categories of cookies we use:

• Essential cookies: Necessary for the website to function; cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site (e.g., page views, session duration).
• Marketing cookies: Used to show you relevant advertising; activated only with your consent.
• Preference cookies: Remember your settings and preferences.

You can manage cookie preferences through the cookie consent banner on our website or your browser settings. Disabling certain cookies may affect functionality.

9. International Data Transfers

Your personal data is primarily stored and processed in India. Where we transfer data to countries outside India (e.g., for cloud services), we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, as permitted under the DPDP Act and applicable rules.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email (where we have your email address) or by posting a prominent notice on our website with a revised date. Your continued use of our services after the effective date constitutes acceptance of the updated policy.

12. Contact Us & Grievance Officer

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Grievance Officer:

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once it is constituted under the DPDP Act 2023.