Legal · DPDP Notice

DPDP Act Notice.

Disclosures required under §5 of the Digital Personal Data Protection Act 2023, for Data Principals located in India. This notice supplements (and does not replace) our Privacy Policy and Reservation Terms. If there is any conflict, the more protective provision applies.

Effective: [TO BE FILLED ON LAUNCH] Last updated: [TO BE FILLED ON LAUNCH] Version: 1.0 · Pre-launch draft
01

What this is.

This notice fulfils the requirements of §5 of the Digital Personal Data Protection Act 2023 ("DPDP Act") and the rules made thereunder. It tells you, in plain language, what personal data Anty AI processes about you, why, on what lawful basis, and what rights you have as a Data Principal.

How to read this notice.   Sections 03 (categories of data) and 04 (purposes) are the most important — they tell you exactly what we collect and why. Section 06 (your rights) and Section 08 (Grievance Officer) tell you how to exercise control. The rest is supporting context.
02

The Data Fiduciary.

The Data Fiduciary for the personal data processed in connection with the Anty AI service is:

Legal name: [Insert legal entity — e.g., Anty AI Technologies Private Limited]

CIN: [Insert CIN]

Registered office: [Insert registered address]

Email: legal@antyai.com

Website: antyai.com

Where applicable Indian law designates Anty AI as a "Significant Data Fiduciary" (per §10 DPDP Act and any rules made thereunder), additional disclosures, audit obligations and Data Protection Officer responsibilities will apply. We will publish a separate notice if and when that designation takes effect.

03

Categories of personal data we process.

For Data Principals located in India, the categories are:

3.1 Biometric data.

Facial geometry, voice spectrum and other biometric markers derived from samples you provide. These are sensitive personal data classified by the DPDP Act. We process these only with your explicit consent (see §05 below).

3.2 Identity data.

Full name, date of birth, government-issued ID copies (Aadhaar, passport, driving licence, PAN — your choice), nationality, photographs, signature.

3.3 Contact data.

Email address, telephone number, postal address (where required), preferred language.

3.4 Authorized-representative data.

Where a manager, agent, lawyer or family member acts for you, the same identity and contact data for them, plus documentation of their authority.

3.5 Commercial data.

Subscription tier, billing details and payment-instrument metadata (collected only post-launch; full card numbers are not stored by us). No payment data is collected from waitlist members.

3.6 Service data.

Detection records, takedown filings, platform correspondence, dashboard usage, support requests.

3.7 Technical data.

IP address, device identifiers, browser, OS, time zone, cookies and similar technologies.

04

Purposes of processing.

We process your personal data only for these stated purposes:

  1. To verify your identity and authority to act for the person whose biometric data is being enrolled.
  2. To generate and securely store an encrypted biometric template based on your samples.
  3. To detect content on the public internet that uses your likeness without authorization, by matching against your template.
  4. To classify each detected match by intent (commercial fraud, NCII, deceptive impersonation, fan content, satire, news, etc.) before any action is taken.
  5. To file takedown notices with platforms, hosts and intermediaries under DMCA, IT Rules 2021, DPDP Act, EU AI Act, NO FAKES Act, TAKE IT DOWN Act, ELVIS Act and applicable personality-rights case law.
  6. To re-monitor continuously and re-file takedowns for re-uploads.
  7. To deliver detections, takedowns and outcomes to you through a secure dashboard.
  8. To provide an evidence package if you choose to pursue civil or criminal action against an uploader through your own counsel.
  9. To process subscription payments and refunds (post-launch only — no payments are processed at the waitlist stage).
  10. To comply with our legal, regulatory, tax, audit and accounting obligations.
  11. To prevent fraud, abuse and unauthorized use of the service.

We do not process your personal data for: advertising, marketing of third-party products, AI model training that benefits anyone other than you, sale or licence to data brokers, or any purpose not listed above. Additional purposes require renewed, specific consent.

06

Your rights as a Data Principal.

Under §11–§14 of the DPDP Act you have:

  1. Right to information about processing — to obtain a summary of the personal data being processed and the processing activities undertaken.
  2. Right to correction, completion, updating and erasure — to ensure your data is accurate and to demand its deletion when no longer required.
  3. Right of grievance redressal — to have any grievance addressed by our Grievance Officer within prescribed timelines.
  4. Right of nomination — to nominate another individual who, in the event of your death or incapacity, may exercise these rights on your behalf.

To exercise any of these rights, email privacy@antyai.com or our Grievance Officer (see §08). We will acknowledge within 48 hours and respond within 30 days, in line with the DPDP Act and any rules made thereunder.

07

Withdrawing consent.

You may withdraw your consent to processing at any time by emailing privacy@antyai.com or using the in-dashboard withdrawal control.

Consequences of withdrawal:

  • We will stop processing your personal data for the purposes covered by the withdrawn consent within a reasonable period (typically 7 days).
  • If withdrawal makes it impossible to provide the service (e.g., withdrawal of consent to process biometric data), the service will be terminated and remaining subscription fees prorated and refunded.
  • Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
  • Some data may need to be retained to comply with statutory record-keeping obligations (tax, AML, etc.). Such retention is described in our Privacy Policy §07.
08

Grievance Officer.

As required by §8(10) of the DPDP Act and §3(1)(11) of the IT Rules 2021, we appoint a Grievance Officer to receive and resolve your complaints relating to processing of personal data.

Grievance Officer · India

Name: [TO BE APPOINTED BEFORE LAUNCH]

Designation: Grievance Officer

Email: grievance@antyai.com

Postal address: [Insert registered office address]

Telephone: [Insert direct line]

Office hours: Monday to Friday, 10:00–18:00 IST (excluding public holidays in Maharashtra)

Acknowledgement: within 48 hours of receipt

Resolution: within 30 days of receipt

If you are not satisfied with our Grievance Officer's response, you may escalate to the Data Protection Board of India.

09

Complaints to the Data Protection Board.

You may lodge a complaint with the Data Protection Board of India ("DPB") established under §18 of the DPDP Act, in respect of any breach of the DPDP Act by Anty AI. The DPB has the power to inquire, summon, examine on oath, inspect, and impose financial penalties (up to ₹250 crore) for breaches.

You should normally exhaust the grievance-redressal mechanism with our Grievance Officer (§08 above) before approaching the DPB, except in cases of urgent or serious breach.

Contact details for the DPB (current at the date of this notice — please verify before filing):

  • Website: dpb.gov.in (placeholder; check for the operational URL)
  • Postal address: as published by the Government of India when the DPB is operationalised
10

Cross-border data transfers.

To deliver a global service, we may transfer your personal data outside India to cloud-hosting regions and sub-processors in other jurisdictions. Each such transfer complies with §16 of the DPDP Act and any restrictions notified by the Central Government.

Currently, we may transfer data to:

  • Cloud-hosting infrastructure in [TO BE SPECIFIED — e.g., AWS Mumbai, AWS Singapore].
  • Sub-processors located in [TO BE SPECIFIED — e.g., United States, European Union, United Kingdom].

The current list of sub-processors and the countries in which they operate is available on written request from privacy@antyai.com. We will give you at least 30 days' notice before adding any new sub-processor that processes your biometric data.

11

Updates to this notice.

We may update this notice from time to time. For material changes — those that affect your rights, the categories of data we collect, the purposes of processing, the lawful basis, or the Grievance Officer's contact — we will:

  • Email you at least 30 days before the change takes effect.
  • Post the change prominently on antyai.com.
  • Where the change requires renewed consent, request your renewed consent. If you do not consent, the new processing will not apply to your data.

The current version of this notice and a complete change log are always posted at antyai.com/dpdp-notice.