Privacy Policy

Last updated: 27/3/2026

Welcome to Aqua Consento, the flagship DPDP compliance solution by Aquarious Technology Private Limited. We are an Indian company committed to safeguarding the definition of "Personal Data" as outlined in the Digital Personal Data Protection Act, 2023 ("DPDP Act").

This Privacy Policy outlines how we, as a Data Fiduciary, collect, process, and protect the personal data of our users ("Data Principals") within the territory of India. It also details how our solution assists organizations in maintaining their own compliance postures.

1. Definitions under DPDP Act, 2023

  • Data Principal: The individual to whom the personal data relates.
  • Data Fiduciary: Any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.
  • Consent Manager: A person registered with the Data Protection Board of India, who acts as a single point of contact to enable a Data Principal to give, manage, review, and withdraw her consent through an accessible, transparent, and interoperable platform.

2. Data We Collect & Process

To provide our Consent Management Platform (CMP) services, we collect minimal data required to verify identities and maintain immutable audit trails:

  • Identity Information: Name, official email address, and phone number for account creation and authentication.
  • Consent Artifacts: Digital records of consents granted, paused, or withdrawn by your end-users (Data Principals), including timestamps and method of consent.
  • Technical Telemetry: IP addresses (masked where possible), browser fingerprints, and device IDs to ensure non-repudiation of consent records.

3. Purpose of Processing

We process personal data solely for "Legitimate Uses" as permitted under Section 7 of the DPDP Act:

  • Service Delivery: To operate the Aqua Consento platform and dashboard.
  • Compliance Evidence: To generate tamper-proof audit logs that Data Fiduciaries can present to the Data Protection Board of India during inquiries.
  • Communication: To send critical notices regarding privacy policy updates, consent status changes, or security alerts.

4. Rights of Data Principals

In accordance with Chapter 3 of the DPDP Act, we empower you with the following rights:

(a) Right to Access: You may request a summary of your personal data being processed and the processing activities undertaken by us.

(b) Right to Correction & Erasure: You can request correction of misleading or inaccurate data, or erasure of data no longer necessary for the purpose it was collected.

(c) Right to Grievance Redressal: We have established a robust mechanism to address your grievances within the stipulated timelines.

(d) Right to Nominate: You have the right to nominate an individual to exercise your rights in the event of death or incapacity.

5. Cross-Border Data Transfer

Aqua Consento primarily processes data on servers located within India. Any transfer of data outside India is conducted strictly in accordance with the Central Government's notifications and creating necessary restriction lists (Negative List) as per the DPDP Act provisions.

6. Data Security Practices

We implement "Reasonable Security Safeguards" to prevent data beaches, utilizing industry-standard encryption (AES-256) for data at rest and TLS 1.3 for data in transit. We regularly conduct Data Protection Impact Assessments (DPIA) to identify and mitigate risks.

7. Grievance Officer

For any complaints or queries regarding your personal data, you may contact our designated Grievance Officer:

Name: [Grievance Officer Name]
Designation: Data Protection Officer
Company: Aquarious Technology Private Limited
Email: privacy@aquaconsento.com
Address: Kolkata, West Bengal, India

If your grievance is not resolved within the prescribed timeline, you have the right to approach the Data Protection Board of India.

Book Demo
Chat on WhatsApp
+91 6290447344