Compliance

DPDP Act, 2023 — Forkcast statement

India's Digital Personal Data Protection Act, 2023 sets the framework for how personal data is processed in India. This statement explains how Forkcast aligns.

Purpose limitation

Forkcast processes personal data (your name, email, restaurant identifiers, and POS-derived customer-order data) for the specific, stated purposes in our Privacy Policy: providing forecasting, financial analytics, supply alerts, and account billing. We do not process for any other purpose without fresh consent.

Consent

Account creation constitutes consent for the core service. Optional features (analytics cookies, marketing emails) ask for separate consent via the consent banner. Consent can be withdrawn any time from Settings or by writing to privacy@forkcast.in.

Data principal rights

Right to access
Request a copy of all personal data we hold about you.
Right to correction
Correct any inaccurate personal data.
Right to erasure
Request deletion (subject to legal retention obligations).
Right to grievance redressal
Escalate concerns to our Grievance Officer (below).
Right to nominate
Nominate a person to act on your behalf in case of incapacity.

Retention

Active account data is retained for the life of your account. On account closure we soft-delete for 30 days (in case of accidental closure), then hard-delete. Billing records are retained for 8 years per GST requirements; this is a legal obligation that overrides erasure requests for that subset of data.

Cross-border transfers

Primary processing happens in India (Mumbai region). Transactional email (Resend) and error monitoring (Sentry) operate outside India under standard contractual clauses. Aggregate, anonymised statistics may flow out of India; no personal data does.

Grievance Officer

Email privacy@forkcast.in for any DPDP-related concern. We respond within 30 days as required by the Act. Unresolved concerns can be escalated to the Data Protection Board of India.