Tody Android beta is open · Join early access
Compliance

Compliance posture written for actual reviewers

India data residency, consent management, audit log, abuse prevention, and DPDP-aware data handling — the controls procurement teams and DPOs ask about.

01

India data residency

Customer data is stored and processed in Indian data centres. Backups remain in India unless customers explicitly opt in to cross-border movement.

02

Consent management

Recipients can opt out of marketing categories. Consent is tracked per template category and stored alongside delivery records.

03

DPDP-aware data handling

We process customer data only for the purposes communicated to the data principal and respect retention & erasure requests under the Digital Personal Data Protection framework.

04

Audit logs

Template changes, campaigns, key issuance, wallet movements, and admin actions are all logged with exportable trails.

05

Abuse prevention

Rate limits, account suspension, template review, and reporting tools prevent spam and abusive sender behaviour.

06

Sub-processors

We maintain a current list of sub-processors and notify enterprise customers of changes. List available on request.

Data subject rights

Rights of the people we hold data about

Anyone whose data we process can request access, correction, erasure, or restriction. Requests should be sent to privacy@tody.in. We respond within statutory timelines.

  • Right to access your personal data
  • Right to correction of inaccurate data
  • Right to erasure where lawful
  • Right to restrict processing
  • Right to nominate someone in case of incapacity
  • Right to grievance redressal — grievance@tody.in
POST /api/v1/dsar/access
Acknowledged · ticket DSAR-9842
Data package prepared in 7 days
Delivered via secure link

Need our compliance pack?

Architecture, data flow, sub-processors, and security questionnaire response available under NDA.