Privacy Policy

DraftUnicode (“we”, “us” or “our”) is committed to protecting the privacy, security, and dignity of every individual who uses our platform. We regard the right to privacy as a fundamental right, as affirmed by the Hon’ble Supreme Court of India we have designed our systems accordingly. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and what rights you hold in respect of it. By accessing or using the DraftUnicode website or services, you confirm that you have read, understood, and agreed to the practices described in this Policy.

1. SCOPE AND APPLICATION

This Policy applies to all users of the DraftUnicode platform, including the website, API, and any related desktop or mobile applications. It governs the collection, processing, storage, and deletion of personal data in connection with your use of our services. DraftUnicode operates from India and our services are primarily directed at users within India. Where we process data of individuals outside India, we do so in compliance with applicable cross-border data transfer rules under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and any applicable Rules notified thereunder.

2. INFORMATION WE COLLECT

We follow the principle of data minimization. We collect only what is genuinely necessary to provide and improve our services. We do not collect data speculatively or for purposes beyond those described below.

2.1 Account and Identity Information

When you register for an account, we collect your full name, email address, mobile number, billing address and minimum information needed for user profile. This information is required to create and manage your subscription, authenticate you as a user, communicate service notifications, and provide customer support.

2.2 Payment and Billing Information

All payment transactions are processed through Razorpay, a third-party payment gateway. We collect only payment metadata specifically the transaction identifier, transaction date, and amount to reconcile billing records. We do not collect, store, or transmit raw credit or debit card numbers, CVV codes, or bank account credentials. All sensitive payment data is handled exclusively by Razorpay under its own PCI-DSS compliant environment.

2.3 Platform Usage and Technical Data

We automatically collect certain technical data when you access our platform, including your IP address, browser type and version, device type and operating system, pages visited, session duration, and click and navigation patterns. This data is used strictly for diagnostic purposes, security monitoring, and service optimization. It is processed in aggregated or pseudonymised form and is not used to identify you personally except where necessary for security investigations.

2.4 Conversion Content (User Documents)

Any document or file that you upload to the platform for conversion (“User Content”) is processed transiently in an encrypted environment solely for the purpose of performing the requested conversion. We do not read, analyze, retain, or otherwise process your documents for any purpose beyond fulfilling your conversion and compliance request. All conversion content is permanently and irrecoverably deleted from our servers within seven (7) days of upload, regardless of whether the conversion was completed. We do not reuse, license, or train any machine-learning models on your documents, and we do not share them with any third party.

3. HOW WE USE YOUR INFORMATION

We use personal data only for legitimate, specified purposes as follows:

Service Delivery: To operate the DraftUnicode platform, process conversions, authenticate accounts, and respond to support requests.Billing and Subscriptions: To process subscription fees, manage renewals, issue invoices (including GST-compliant tax invoices), and resolve billing disputes through Razorpay.Communications: To send service-critical notifications such as password resets, account warnings, billing updates, and scheduled maintenance alerts. You may opt out of promotional or marketing emails at any time through the unsubscribe link in any such email or by contacting us.Platform Security and Analytics: To detect and prevent abuse, fraud, or unauthorized access; to monitor platform performance; and to improve the reliability and accuracy of our services.Legal Compliance: To fulfil obligations imposed on us by applicable law, including tax and accounting requirements, lawful orders of competent courts, and directions of regulatory authorities.

We do not use personal data for automated profiling, behavioral advertising, or any purpose not stated above.

4. DATA SHARING AND DISCLOSURE

DraftUnicode does not sell, rent, lease, or otherwise commercially exploit your personal data. We disclose information only in the following limited circumstances:

Service Providers: We share data with carefully vetted third-party service providers who assist us in operating the platform, including Razorpay (payment processing), cloud infrastructure providers, and transactional email services. All such providers are bound by data processing agreements that prohibit them from using your data for any purpose other than the contracted service and require them to maintain appropriate security standards.Legal and Regulatory Disclosure: We may disclose personal data if required to do so by a valid court order, subpoena, or direction from a government authority having jurisdiction. We will, to the extent legally permitted, notify you of any such compelled disclosure before complying.Business Restructuring: In the event of a merger, acquisition, or sale of substantially all assets of DraftUnicode, user data may be transferred to the successor entity, subject to that entity’s commitment to uphold the protections set out in this Policy. We will notify you of any such transfer and give you the option to request deletion of your data.Protection of Rights: We may disclose data where reasonably necessary to prevent fraud, enforce our Terms of Service, or protect the safety, rights, or property of DraftUnicode, our users, or the public.

5. DATA RETENTION AND DELETION

5.1 User Content / Conversion Documents

All documents uploaded for conversion are permanently deleted within seven (7) calendar days of upload. This period is limited to the minimum necessary to allow for any reasonable re-processing or support request. No archived or backup copy is retained beyond this period.

5.2 Account and Billing Data

We retain your account information (name, email, billing address) for the duration of your active subscription and for a period of five (5) years thereafter as required by applicable tax and accounting legislation. Once the mandatory retention period expires, or upon your verified account deletion request, we will permanently erase or anonymise your personal data.

5.3 Technical and Usage Logs

Server and access logs containing IP addresses and technical identifiers are retained for a maximum of ninety (90) days, after which they are automatically purged.

5.4 Deletion upon Consent Withdrawal

If you withdraw your consent for processing or request erasure of your data under the DPDP Act, we will cease processing your personal data and delete it within thirty (30) days of your verified request, except where retention is mandated by law.

6. COOKIES AND TRACKING TECHNOLOGIES

DraftUnicode uses session cookies solely to maintain authenticated login sessions and to preserve basic user preferences (such as language settings). These cookies do not contain personally identifiable information and are not used for advertising or cross-site tracking. We do not deploy third-party tracking pixels, analytics SDKs that share data with advertisers, or fingerprinting technologies. You may disable cookies through your browser settings; however, doing so may impair the functionality of the platform, including your ability to remain logged in.

7. DATA SECURITY

We implement industry-standard security controls to protect your personal data from unauthorised access, alteration, disclosure, or destruction. Our security measures include, without limitation: transport-layer encryption (TLS 1.2 or higher) for all data in transit; AES-256 encryption for sensitive data at rest; strict access controls and role-based permissions for our engineering and support staff; regular vulnerability assessments and security audits; and multi-factor authentication for administrative access to production systems. Notwithstanding the foregoing, no electronic system is entirely immune to security incidents. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly at [email protected] if you suspect any unauthorised access to your account.

8. YOUR RIGHTS AS A DATA PRINCIPAL

Under the DPDP Act, 2023 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, you have the following rights with respect to your personal data:

You may request a summary of the personal data we hold about you and the purposes for which it is being processed.You may request that we correct any inaccurate personal data or complete any incomplete data we hold about you.You may request the deletion of your personal data. Subject to our legal retention obligations, we will erase your data within thirty (30) days of a verified request.You may withdraw your consent to processing at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.You have the right to raise a grievance with our Data Protection Officer (DPO) and, if unresolved, to approach the Data Protection Board of India.You may nominate an individual to exercise your privacy rights on your behalf in the event of your death or incapacity, in accordance with the DPDP Act.

To exercise any of the above rights, please contact our DPO at [email protected]. We will respond to all verified requests within thirty (30) days. We may require you to verify your identity before processing a request.

9. CHILDREN’S PRIVACY

Our services are intended solely for individuals who are at least eighteen (18) years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data without verifiable parental consent, we will delete that data immediately. If you believe a minor has registered on our platform, please notify us at [email protected].

10. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in applicable law, our data practices, or our services. Material changes will be communicated to you by email to your registered address and by prominent notice on our website at least fifteen (15) days prior to taking effect. The updated Policy, together with its effective date, will always be accessible on our website. Your continued use of the platform after a change has taken effect constitutes your acceptance of the revised Policy. If you do not accept the changes, you must cease using the platform and may request deletion of your data.

11. CONTACT AND GRIEVANCE OFFICER

For any queries, concerns, or requests relating to this Privacy Policy or the exercise of your data rights, please contact:

Data Protection Officer (Grievance Officer) DraftUnicode Ahmedabad, Gujarat, India Email: [email protected] Response Time: Within 30 days of receipt of your request

You also have the right to file a complaint with the Data Protection Board of India if your grievance is not resolved to your satisfaction.