Effective from date of account creation · Last updated: May 2026
Acceptance: This Data Processing Agreement is accepted by the Company upon creating an account at niyojan.live. The act of account creation constitutes the Company's agreement to all terms in this DPA, which forms part of the overall agreement between the Company and NIYOJAN together with the Terms of Service and Privacy Policy.
Data Fiduciary (Controller): The event planning or coordination company that creates a NIYOJAN account, represented by the individual who completes account registration ("Company").
Data Processor: Nitish N Daftari, trading as NIYOJAN, Pune, Maharashtra, India ("NIYOJAN").
Purpose and Scope
The Company uses the NIYOJAN platform to process WhatsApp message data from their event coordination groups for the purpose of extracting operational intelligence — specifically tasks, decisions, vendor payment data, and team commitments — to support business operations.
This Data Processing Agreement governs how NIYOJAN, as Processor, handles personal data on behalf of the Company, as Data Fiduciary, in compliance with India's Digital Personal Data Protection Act 2023 and any other applicable data protection law.
Roles and Responsibilities
The Company (Data Fiduciary) is responsible for:
Determining which WhatsApp groups to link to NIYOJAN and therefore the scope of data collected
Informing all WhatsApp group participants — including employees, contractors, vendors, clients, and family members — that AI-powered message processing is active in linked groups
Obtaining any consent or providing any notice required under applicable law to individuals whose messages will be processed
Ensuring that processing employee or contractor communication groups complies with Indian labour law and any applicable employment contracts
Responding to data access, correction, and deletion requests from individuals whose personal data was collected through the Company's linked groups
Notifying the Data Protection Board of India of any data breach as required under the DPDP Act 2023
NIYOJAN (Data Processor) will:
Process personal data only for the purpose of providing the NIYOJAN platform services, and only on the basis of data received from groups the Company has explicitly linked
Not process personal data for any purpose other than those described in the Privacy Policy and these Terms
Implement and maintain appropriate technical and organisational security measures as described in the Privacy Policy
Assist the Company in responding to individual data rights requests where technically feasible within the platform's capabilities
Delete or return all Company personal data upon termination of the service relationship within 30 days, subject to legal retention requirements
Notify the Company within 72 hours of discovering a personal data breach that may affect Company data
Data Minimisation
NIYOJAN will process only the minimum personal data necessary to provide the platform services described in this DPA. Specifically:
Only message text is processed by the AI model — media files, documents, and non-text content are never accessed or stored
Message text is processed by the AI model solely to extract operational data (tasks, decisions, payments, commitments) for the Company's dashboard
Raw message text is permanently deleted after 90 days — it is not retained beyond what is needed for the extraction quality monitoring window
NIYOJAN will not access, analyse, or use personal data for any purpose beyond what is technically required for the processing purposes described in this DPA
No human at NIYOJAN reads message content unless the Company raises a specific support request about an incorrect extraction
Sub-Processors
NIYOJAN currently uses the following sub-processors that may process personal data:
Sub-processor
Purpose
Data transferred
Location
Anthropic, Inc.
AI-powered extraction of operational intelligence from message text
All platform data including messages, extracted tasks, account information
Bangalore, India
NIYOJAN will notify the Company by email at least 14 days before engaging any new sub-processor that will process personal data from the Company's linked groups. The Company may object to a new sub-processor within that 14-day period by contacting privacy@niyojan.live. If the objection cannot be resolved and the Company does not wish to accept the new sub-processor, the Company may terminate this agreement and receive a prorated refund of any prepaid subscription fees.
Security Measures
NIYOJAN implements the following technical and organisational security measures:
TLS/HTTPS encryption for all data in transit
Encryption at rest for database storage on DigitalOcean Bangalore infrastructure
Authenticated session-based access control for the dashboard
Read-only operation of the WhatsApp observer number
Environment variable storage of all API keys and credentials
Access to production systems restricted to authorised personnel only
Data Breach Notification
If NIYOJAN discovers or is notified of a personal data breach that may affect Company data, NIYOJAN will:
Notify the Company by email at the address registered on the account within 72 hours of discovery
Provide details of: the nature of the breach, categories and approximate number of individuals affected, categories and approximate volume of records affected, likely consequences of the breach, and measures taken or proposed to address the breach
The Company, as Data Fiduciary, is solely responsible for notifying the Data Protection Board of India and affected individuals as required under the DPDP Act 2023.
Data Retention and Deletion
NIYOJAN retains personal data in accordance with the retention periods described in the Privacy Policy. Upon termination of the service relationship for any reason, NIYOJAN will permanently delete all Company personal data within 30 days, with the exception of consent records which are retained as a legal record.
Upon request, NIYOJAN will provide the Company with written confirmation that deletion has been completed.
Audit and Compliance
The Company may request written confirmation from NIYOJAN at any time that this DPA is being complied with. NIYOJAN will respond to such requests within 30 days.
Requests for detailed technical audits of NIYOJAN's systems will be considered on a case-by-case basis. NIYOJAN reserves the right to require reasonable advance notice, scope agreement, and cost-sharing arrangements for any such audit.
Term and Termination
This DPA takes effect on the date the Company creates a NIYOJAN account at niyojan.live and remains in force for the duration of the service relationship. Upon termination of the service relationship for any reason, this DPA continues to apply to any retained data until deletion is complete.
Governing Law
This DPA is governed by the laws of India and is subject to the dispute resolution provisions of the NIYOJAN Terms of Service.