NIYOJAN
PrivacyTermsDPALegal
Legal

Data Processing Agreement

Effective from date of account creation · Last updated: May 2026
Acceptance: This Data Processing Agreement is accepted by the Company upon creating an account at niyojan.live. The act of account creation constitutes the Company's agreement to all terms in this DPA, which forms part of the overall agreement between the Company and NIYOJAN together with the Terms of Service and Privacy Policy.
Contents
  • Parties
  • Purpose and Scope
  • Roles and Responsibilities
  • Data Minimisation
  • Sub-Processors
  • Security Measures
  • Data Breach Notification
  • Data Retention and Deletion
  • Audit and Compliance
  • Term and Termination
  • Governing Law

Parties

Data Fiduciary (Controller): The event planning or coordination company that creates a NIYOJAN account, represented by the individual who completes account registration ("Company").

Data Processor: Nitish N Daftari, trading as NIYOJAN, Pune, Maharashtra, India ("NIYOJAN").

Purpose and Scope

The Company uses the NIYOJAN platform to process WhatsApp message data from their event coordination groups for the purpose of extracting operational intelligence — specifically tasks, decisions, vendor payment data, and team commitments — to support business operations.

This Data Processing Agreement governs how NIYOJAN, as Processor, handles personal data on behalf of the Company, as Data Fiduciary, in compliance with India's Digital Personal Data Protection Act 2023 and any other applicable data protection law.

Roles and Responsibilities

The Company (Data Fiduciary) is responsible for:

  • Determining which WhatsApp groups to link to NIYOJAN and therefore the scope of data collected
  • Informing all WhatsApp group participants — including employees, contractors, vendors, clients, and family members — that AI-powered message processing is active in linked groups
  • Obtaining any consent or providing any notice required under applicable law to individuals whose messages will be processed
  • Ensuring that processing employee or contractor communication groups complies with Indian labour law and any applicable employment contracts
  • Responding to data access, correction, and deletion requests from individuals whose personal data was collected through the Company's linked groups
  • Notifying the Data Protection Board of India of any data breach as required under the DPDP Act 2023

NIYOJAN (Data Processor) will:

  • Process personal data only for the purpose of providing the NIYOJAN platform services, and only on the basis of data received from groups the Company has explicitly linked
  • Not process personal data for any purpose other than those described in the Privacy Policy and these Terms
  • Implement and maintain appropriate technical and organisational security measures as described in the Privacy Policy
  • Assist the Company in responding to individual data rights requests where technically feasible within the platform's capabilities
  • Delete or return all Company personal data upon termination of the service relationship within 30 days, subject to legal retention requirements
  • Notify the Company within 72 hours of discovering a personal data breach that may affect Company data

Data Minimisation

NIYOJAN will process only the minimum personal data necessary to provide the platform services described in this DPA. Specifically:

  • Only message text is processed by the AI model — media files, documents, and non-text content are never accessed or stored
  • Message text is processed by the AI model solely to extract operational data (tasks, decisions, payments, commitments) for the Company's dashboard
  • Raw message text is permanently deleted after 90 days — it is not retained beyond what is needed for the extraction quality monitoring window
  • NIYOJAN will not access, analyse, or use personal data for any purpose beyond what is technically required for the processing purposes described in this DPA
  • No human at NIYOJAN reads message content unless the Company raises a specific support request about an incorrect extraction

Sub-Processors

NIYOJAN currently uses the following sub-processors that may process personal data:

Sub-processorPurposeData transferredLocation
Anthropic, Inc.AI-powered extraction of operational intelligence from message textWhatsApp message text, sender identifier, timestampUnited States of America
DigitalOcean, LLCApplication hosting and database storageAll platform data including messages, extracted tasks, account informationBangalore, India

NIYOJAN will notify the Company by email at least 14 days before engaging any new sub-processor that will process personal data from the Company's linked groups. The Company may object to a new sub-processor within that 14-day period by contacting privacy@niyojan.live. If the objection cannot be resolved and the Company does not wish to accept the new sub-processor, the Company may terminate this agreement and receive a prorated refund of any prepaid subscription fees.

Security Measures

NIYOJAN implements the following technical and organisational security measures:

  • TLS/HTTPS encryption for all data in transit
  • Encryption at rest for database storage on DigitalOcean Bangalore infrastructure
  • Authenticated session-based access control for the dashboard
  • Read-only operation of the WhatsApp observer number
  • Environment variable storage of all API keys and credentials
  • Access to production systems restricted to authorised personnel only

Data Breach Notification

If NIYOJAN discovers or is notified of a personal data breach that may affect Company data, NIYOJAN will:

  • Notify the Company by email at the address registered on the account within 72 hours of discovery
  • Provide details of: the nature of the breach, categories and approximate number of individuals affected, categories and approximate volume of records affected, likely consequences of the breach, and measures taken or proposed to address the breach

The Company, as Data Fiduciary, is solely responsible for notifying the Data Protection Board of India and affected individuals as required under the DPDP Act 2023.

Data Retention and Deletion

NIYOJAN retains personal data in accordance with the retention periods described in the Privacy Policy. Upon termination of the service relationship for any reason, NIYOJAN will permanently delete all Company personal data within 30 days, with the exception of consent records which are retained as a legal record.

Upon request, NIYOJAN will provide the Company with written confirmation that deletion has been completed.

Audit and Compliance

The Company may request written confirmation from NIYOJAN at any time that this DPA is being complied with. NIYOJAN will respond to such requests within 30 days.

Requests for detailed technical audits of NIYOJAN's systems will be considered on a case-by-case basis. NIYOJAN reserves the right to require reasonable advance notice, scope agreement, and cost-sharing arrangements for any such audit.

Term and Termination

This DPA takes effect on the date the Company creates a NIYOJAN account at niyojan.live and remains in force for the duration of the service relationship. Upon termination of the service relationship for any reason, this DPA continues to apply to any retained data until deletion is complete.

Governing Law

This DPA is governed by the laws of India and is subject to the dispute resolution provisions of the NIYOJAN Terms of Service.

© 2026 NIYOJAN · Nitish N Daftari, Pune, India
PrivacyTermsDPALegal