Legal

DPDP Compliance

Last updated: 18 June 2026

Pyra Technologies Pvt. Ltd. processes personal data in accordance with India's Digital Personal Data Protection Act, 2023 (the "DPDP Act"). This notice summarises how we meet our obligations and how Data Principals can exercise their rights.

1. Our role

For our own website and account data, Pyra is a Data Fiduciary and determines the purpose and means of processing. For the call data we handle on behalf of business customers, Pyra is a Data Processor acting under the customer's documented instructions; that customer is the Data Fiduciary toward its own callers.

2. Notice and consent

Where we rely on consent, we provide a clear notice of the personal data processed and the purpose, in plain language. Consent is obtained through an affirmative action and can be withdrawn at any time as easily as it was given.

3. Data localization

Personal data and call data are stored and processed within India, in AWS Mumbai (ap-south-1). Data is encrypted in transit and at rest.

4. Purpose limitation and retention

We process personal data only for the purposes for which it was collected. Call recordings and transcripts are retained for a default of 90 days and are then deleted, unless a different retention period is configured by the customer or required by law.

5. Rights of Data Principals

Right to access a summary of personal data processed and processing activities.
Right to correction, completion, updating, and erasure of personal data.
Right of grievance redressal through the channels below.
Right to nominate another individual to exercise rights in case of death or incapacity.

Where Pyra acts as a Data Processor, requests from a caller are routed to the relevant business customer (the Data Fiduciary), and we assist that customer in responding.

6. Security safeguards

Encryption of data in transit and at rest.
Access controls and least-privilege access to personal data.
Logging and monitoring of access to sensitive systems.
Contractual security obligations on our subprocessors.

7. Breach notification

In the event of a personal data breach, we will notify the Data Protection Board of India and affected parties in the manner and within the timelines required by the DPDP Act, and will support affected customers in meeting their own notification obligations.

8. Children's data

We do not knowingly process the personal data of children except as permitted under the DPDP Act and with the consent of a parent or lawful guardian where required.

9. Grievance redressal

Our Grievance Officer can be reached at grievance@pyrahq.in. You may also contact our privacy team at privacy@pyrahq.in. We acknowledge and respond to grievances within the timelines prescribed under the DPDP Act. If you are not satisfied with our response, you may approach the Data Protection Board of India.