Data Protection
Noventraq is fully compliant with India's Digital Personal Data Protection Act, 2023 (DPDPA). We take data protection seriously and have built our platform with privacy by design.
DPDPA 2023 Compliance
Our Role
Noventraq acts as a Data Processor on behalf of universities (the Data Fiduciaries). Universities determine the purpose and means of processing personal data of students, staff, and parents. We process data strictly as instructed by the institution.
Consent Management
Universities are responsible for obtaining appropriate consent from data principals (students, staff, parents) before entering their data into Noventraq. We provide tools to help institutions manage consent records and withdrawal requests.
Data Localisation
All personal data is stored and processed exclusively within India. We do not transfer any personal data outside the country. Our infrastructure is hosted in Indian data centres with full redundancy.
Breach Notification
In the event of a data breach, we will notify the affected institution and the Data Protection Board of India within 72 hours, as required under DPDPA 2023. We maintain an incident response plan with defined escalation procedures.
Data Principal Rights
Under DPDPA 2023, the following rights are available to data principals (students, staff, parents):
Right to Access
Data principals can request access to their personal data processed by Noventraq through their institution.
Right to Correction
Request correction of inaccurate or incomplete personal data at any time.
Right to Erasure
Request deletion of personal data, subject to legal retention requirements.
Right to Grievance Redressal
Lodge complaints about data processing with our Data Protection Officer.
Data Portability
Export all institutional data in standard formats (CSV, JSON) at any time.
Right to Nominate
Nominate another person to exercise data rights in case of death or incapacity.
Data Protection Officer
For any data protection queries, contact our DPO at dpo@noventraq.com