Enterprise Compliance

Data Processing Agreement

This DPA outlines how DexaByte InfoTech processes personal data on behalf of clients in compliance with Digital Personal Data Protection Act, 2023 (India) and GDPR principles.

Last Updated: December 17, 2025 | Version 2.0

Data Processor

DexaByte InfoTech

Compliance

DPDPA 2023 & GDPR

Encryption

AES-256 & TLS 1.3

Definitions & Roles

Controller: The client who determines purposes and means of processing personal data.

Processor: DexaByte InfoTech, which processes data on behalf of the Controller.

Personal Data: Any information relating to an identified or identifiable natural person processed under client projects.

Data Principal: The individual to whom personal data relates (as per DPDPA 2023).

Processing Instructions

We process personal data only:

On documented instructions from the Controller (project agreements)
To provide agreed services (web development, software, marketing)
To comply with applicable Indian and international laws
With explicit consent where required by DPDPA 2023

Security Measures

Technical

• AES-256 encryption at rest
• TLS 1.3 in transit
• Role-based access (RBAC)
• Regular penetration testing

Organizational

• Employee background checks
• Data protection training
• Confidentiality agreements
• Incident response plan

Sub-Processors

We use trusted sub-processors with adequate safeguards:

Provider	Purpose	Location
AWS	Hosting & Storage	Mumbai, India
Google Workspace	Communication	India/US
Cloudflare	Security & CDN	Global

*All sub-processors comply with DPDPA 2023 and GDPR requirements.

Data Subject Rights

We assist Controllers in responding to Data Principal requests under DPDPA 2023:

Right to Access: Confirmation of processing and data copies
Right to Correction: Rectification of inaccurate data
Right to Erasure: Deletion of personal data
Right to Grievance Redressal: Complaint resolution

Response time: Within 30 days of receiving valid request.

Data Breach Notification

In case of personal data breach:

Notify Controller within 48 hours of discovery
Provide details: nature, categories, likely consequences
Cooperate with Data Protection Board of India if required
Document all breaches for audit purposes

Data Deletion & Return

Upon termination of services:

Delete or return all personal data within 30 days
Provide certificate of deletion upon request
Retain only where required by Indian law
Secure wipe of all storage media (DoD 5220.22-M standard)

Audits & Compliance

We maintain compliance through:

Annual third-party security audits
ISO 27001:2013 certification maintenance
DPDPA 2023 compliance assessments
Documentation available for client audits (under NDA)

Data Protection Officer

For DPA-related queries or data subject requests:

info@dexabyteinfotech.com

Email DPO Download DPA