Last updated: 8 July 2026 · Version 1.0
Acceptable Use Policy
This policy covers what you can and can't do with the DPDPA Shield platform, website, API, SDK, and associated services (we'll call all of these the Platform). It's part of the Master Subscription Agreement between DPDPA Shield Technologies Private Limited and you. By using the Platform, you agree to follow these rules.
1. Permitted Use
You may use the Platform only:
- Through your own employees, contractors, and agents who are authorised under your subscription
- For your internal compliance management under the DPDPA 2023 and applicable Indian law
- Within the plan limits (seats, SDK domains, monthly active users, API calls) in your Order Form
- In compliance with all applicable laws - the DPDPA 2023, IT Act 2000, and any sector regulation that applies to you
2. Prohibited Conduct
The following are expressly prohibited:
2.1 Misuse of the Platform
- Processing personal data for anything other than your own DPDPA compliance programme
- Sharing login credentials, access tokens, or tenant access with unauthorised people
- Letting a competitor access the Platform for product evaluation, benchmarking, or feature analysis
- Using the Platform as part of a service you offer to third parties (managed compliance, consulting, etc.) without a separate Reseller or Partner Agreement with us
2.2 Technical misuse
- Reverse engineering, decompiling, or trying to extract source code, algorithms, or platform logic
- Probing, scanning, or testing for vulnerabilities without our written permission
- Introducing viruses, malware, ransomware, or any malicious code
- Using bots, scrapers, or automated tools to harvest data beyond what the API permits
- Deliberately overloading or disrupting the Platform or its infrastructure
- Circumventing authentication, access controls, rate limiting, or quota mechanisms
2.3 Data misuse
- Uploading personal data you don't have a lawful basis to process under the DPDPA 2023
- Storing or transmitting personal data in ways that violate applicable law
- Attempting to access another tenant's data or any data outside your account
2.4 API and SDK misuse
- Exceeding your plan's rate limits or API quota without an agreed overage arrangement
- Embedding the consent SDK on domains not registered in your account
- Using the API or SDK to collect personal data for purposes other than your own consent management
2.5 Shield AI misuse
- Using Shield AI to generate outputs that could be legal advice for third parties
- Prompting it to reveal information about other tenants, system architecture, or confidential platform logic
- Relying on Shield AI outputs as the sole basis for regulatory filings or legal decisions without independent professional review
2.6 Illegal and harmful use
- Using the Platform for anything unlawful, fraudulent, or misleading
- Harassing, harming, or discriminating against anyone
- Violating any third party's intellectual property rights
3. Your Responsibilities
3.1 Account security. Keep your credentials safe. If you suspect unauthorised access, tell us immediately at hello@dpdpashield.in.
3.2 Accuracy. You're responsible for the accuracy and lawfulness of everything you upload to or process through the Platform.
3.3 Your team. Everyone who accesses the Platform under your account must follow this Policy. You're liable for their actions.
3.4 Compliance is still yours. The Platform is a compliance management tool. Using it doesn't automatically make you compliant - you remain responsible for your own compliance with applicable law.
4. What Happens If You Violate This Policy
We may:
- Issue a written warning
- Suspend your access (fully or partially) while we investigate
- Terminate your subscription per the Master Subscription Agreement
- Report the matter to regulators or law enforcement if required by law
We'll give reasonable notice before suspension when we can do so without compromising the investigation or platform security. If there's an immediate security risk, suspension may happen without prior notice.
5. Reporting Violations
If you see something that might violate this Policy, report it to hello@dpdpashield.in with subject “AUP Report”. We'll acknowledge within two business days and investigate in good faith.
6. Changes to This Policy
We may update this Policy from time to time. If an update materially restricts what you're allowed to do, we'll give you at least 30 days' written notice. Continuing to use the Platform after the effective date means you've accepted the update. The current version is always at dpdpashield.in/legal/aup.
7. Contact
Questions about this Policy:
DPDPA Shield Technologies Private Limited
hello@dpdpashield.in
dpdpashield.in