MyHELIX

Effective date: 15 May 2026

DPDP Act 2023 — Compliance

How myHelix complies with India's Digital Personal Data Protection Act 2023.

Grievance Officer (Section 8(10))

Dr Anil Bhatt

Founder & DPDP Grievance Officer, myHelix

Email: bhatt@myhelix.cloud

Support: hello@myhelix.cloud

WhatsApp: +91-XXXXX-XXXXX

Acknowledgement within 24 hours. Resolution within 30 days.

Lawful purpose for processing

Every piece of personal data we process has a specific lawful purpose, declared at the point of collection, and you consent to that purpose explicitly. We do not process data for any other purpose without re-consent.

Notice at collection (Section 5)

At each point of data collection, we display: (a) what is being collected, (b) why, (c) who can see it, (d) how to withdraw consent, (e) how to file a complaint, (f) how to escalate to the Data Protection Board of India.

Data Principal Rights (Sections 11–14)

  1. Right to access — every record we hold about you, downloadable.
  2. Right to correction and erasure — fix or delete in <30 days.
  3. Right to grievance redressal — via our Grievance Officer, then DPB.
  4. Right to nominate — designate a person to exercise rights on your behalf.

Consent Manager-ready

Every consent grant is recorded in an append-only ledger with hash-chain integrity. You can inspect the full consent history from your settings. Consents are machine-readable, exportable, and compatible with future DPB consent-manager interoperability standards.

Children's data (Section 9)

For users under 18, all consent must be given by a parent or legal guardian. We do not process children's data for behavioural monitoring or targeted advertising.

Data localisation

Personal data is stored at-rest in Mumbai (ap-south-1). We do not transfer data outside India for storage. AI inference is performed on transient redacted contexts with zero retention by sub-processors.

Data Protection Impact Assessment

We have completed a DPIA for the platform. Findings: (i) high-volume sensitive health data warrants Significant Data Fiduciary classification once we cross thresholds, (ii) we will appoint an independent Data Auditor at 50,000 users, (iii) row-level security and append-only audit log are the primary technical safeguards.

Breach notification

In the event of a personal data breach, we will notify the Data Protection Board of India and every affected user within 72 hours, per Section 8(6).

Escalation path

  1. First, contact our Grievance Officer (above). We acknowledge within 24 hours.
  2. If unresolved within 30 days, escalate to the Data Protection Board of India.
  3. Final recourse: appeal to the Telecom Disputes Settlement and Appellate Tribunal (TDSAT).

See also Privacy Policy · Terms of Service