DPDP §14

Data Subject Rights

All 5 rights are exposed as form surfaces. The consuming app must wire the endpoint before production.

Under DPDP §14, data principals in India have enforceable rights against a data fiduciary. This starter exposes each as a form. Submissions POST to /api/dsr; wire that endpoint in the consuming app so acknowledgements and fulfilment follow your stated SLA.

§14(1)

Right to Access

Receive a summary of all your data we hold, why we process it, and who else has received it.

SLA: 7 days

§14(2)

Right to Correction

Correct inaccurate or incomplete personal data we hold about you.

SLA: 14 days

§14(3)

Right to Erasure

Withdraw consent and erase your data, subject to statutory retention obligations.

SLA: 30 days

§13 + §14(4)

Right to Grievance

Raise a complaint about how your data was handled. Routes to our named Grievance Officer.

SLA: 7 days ack · 30 days resolution

§14(5)

Right to Nominate

Nominate another person to exercise your rights in the event of death or incapacity.

SLA: 14 days

What happens after you submit

  1. You receive an acknowledgement email with a ticket reference within minutes.
  2. If we need additional verification (e.g. to confirm you own the email), we ask within 24 hours.
  3. We respond substantively within the SLA shown for that right.
  4. If you're unsatisfied, escalate to the DPO or Grievance Officer.

What we cannot honour

  • Requests where we cannot verify you are the data principal (we will not act on a stranger's request)
  • Erasure where statutory retention applies (e.g. tax records, court-ordered preservation)
  • Access to data we do not hold (we cannot manufacture data on demand)

Last reviewed: 2026-05-26

Grievance Officer (per DPDP §13)

Bhaskar Anand, Director, Talpro India Private Limited

Email: privacy@maitro.tech

Acknowledgement SLA: 7 days · Resolution SLA: 30 days

Maitro uses only strictly necessary session cookies and privacy-first, cookieless analytics. No advertising cookies are set. See our Cookie Policy.