Free up to 30 residents. Book a free demo →
T
Twnship
Get Started

DPDPA Compliance

How Twnship meets its obligations under India's Digital Personal Data Protection Act 2023 — from consent and data localisation to resident rights and breach notification.

Data Fiduciary

Twnship is the Data Fiduciary for committee data and a Data Processor for resident data under DPDPA 2023.

Data stays in India

All society and resident data is stored and processed on servers within India. Transactional emails use Resend (Ireland/EU).

Resident rights honoured

Access, correction, erasure, consent withdrawal, nomination — all six DPDPA rights are actionable.

Twnship DPDPA Compliance Statement

Last updated: June 2026 · Act effective: 1 September 2023

01About the DPDPA 2023

India's Digital Personal Data Protection Act 2023 (DPDPA) governs how organisations collect, store, use, and process personal data of Indian citizens. It came into effect on 1 September 2023 and is enforced by the Data Protection Board of India.

As a SaaS platform that stores and processes personal data of residents and RWA committee members, Twnship is a regulated entity under the Act. This page explains how we fulfil our obligations.

02Our role under the Act

The DPDPA distinguishes between a Data Fiduciary (the entity that determines the purpose and means of processing) and a Data Processor (an entity that processes on behalf of the Fiduciary). Twnship plays both roles:

Data Fiduciary

For data collected directly from RWA committees and admins — account information, billing details, and usage data. Twnship determines why and how this data is processed.

Data Processor

For resident personal data (name, phone, flat number, payment records) — processed on behalf of the housing society, which is the Data Fiduciary for its residents.

03Our obligations & how we meet them

Lawful purpose & consent

We process personal data only for a specific, clear purpose. Residents give consent at registration. Consent records are maintained and can be withdrawn at any time.

Data minimisation

We collect only what is necessary to operate the platform. We do not collect sensitive personal data such as financial account numbers, Aadhaar, or biometrics.

Data accuracy

Residents and committee members can update their own information through the app. We do not retain stale data beyond its useful purpose.

Storage limitation

Personal data is retained only as long as necessary. Inactive accounts are purged within 90 days of closure. Financial records are retained for 7 years under Indian law.

Security safeguards

Data in transit is encrypted with TLS 1.2+. Data at rest is encrypted with AES-256. Access controls, regular audits, and incident response procedures are in place.

Breach notification

In the event of a personal data breach, we will notify affected data principals and the Data Protection Board of India within the timeframes prescribed under DPDPA 2023.

04Data localisation

All society and resident personal data is stored and processed on servers located within India.

One exception: transactional emails (OTPs, payment receipts, notifications) are sent via Resend, whose infrastructure is hosted on AWS eu-west-1 (Ireland). Only the email address and message content are transmitted to Resend for delivery; no other personal data leaves India. Resend is bound by a data processing agreement with appropriate safeguards.

We do not transfer personal data to any other country or jurisdiction.

05Data principal rights

Under DPDPA 2023, every resident (data principal) has the following rights. To exercise any of them, email us at hello@twnship.com.

  • Right to access

    Request a copy of all personal data we hold about you

  • Right to correct

    Ask us to fix inaccurate or incomplete personal data

  • Right to erase

    Request deletion of your personal data, subject to legal retention periods

  • Right to withdraw consent

    Withdraw consent for processing at any time without affecting past use

  • Right to grievance redressal

    Raise a complaint with our Grievance Officer; resolved within 30 days

  • Right to nominate

    Nominate a person to exercise your rights in the event of death or incapacity

06Children's data

Twnship does not knowingly collect personal data from anyone under the age of 18. The platform is intended for RWA committees and adult residents only. If a child's data is inadvertently collected, it will be deleted promptly upon request. Under DPDPA 2023, processing of children's data requires verifiable parental consent — a requirement we meet by excluding minors from our service entirely.

07Breach notification

In the event of a personal data breach, Twnship will:

  • Notify the Data Protection Board of India within the timeframe prescribed under the Act
  • Notify affected data principals of the nature of the breach and the steps being taken
  • Maintain an internal breach register and conduct a root-cause analysis

08Related policies

Privacy Policy

Full details on what data we collect and how we use it

Terms of Service

The agreement governing your use of Twnship

Refund Policy

How we handle cancellations and billing disputes

09Updates to this statement

We will update this compliance statement as the DPDPA 2023 rules are notified and as our platform evolves. Material changes will be communicated by email or in-app notice. The date at the top of this page reflects when it was last revised.

Questions about DPDPA compliance?

Contact our Grievance Officer for any data protection queries, right-exercise requests, or compliance concerns. We acknowledge within 48 hours and resolve within 30 days.

Grievance Officer / Data Protection Contact

For DPDPA rights requests and compliance queries:

hello@twnship.com

S.A.S Nagar, Mohali, India

Chat with us on WhatsApp