Get Early Access

Get Early Access

Get Early Access

Get Early Access

Get Early Access

Get Early Access

Updated on October 07, 2025

Updated on October 07, 2025

Updated on October 07, 2025

Data Protection Policy

Data Protection Policy

Company : Calcure Technologies Private Limited (“Company”, “We”, “Us”, “Our”)
Company : Calcure Technologies Private Limited (“Company”, “We”, “Us”, “Our”)

Brand : RYYT mobile application and any associated websites (collectively, the “App”, “Platform”, or “Service”).

1. Purpose
1. Purpose
1. Purpose

The purpose of this Data Protection Policy is to establish Calcure Technologies’ commitment to protecting personal data of all Users, employees, partners, and stakeholders. This Policy sets out the organizational and technical measures we adopt to comply with:

  • Digital Personal Data Protection Act, 2023 (DPDP Act)

  • Information Technology Act, 2000 and related rules

  • IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)

2. Scope
2. Scope
2. Scope

This Policy applies to:

  • All personal data collected through the RYYT App, website, and related services.

  • All employees, contractors, interns, and third-party vendors of Calcure Technologies who may process such data.

  • Both digital and physical forms of personal data under our control.

This Policy applies to:

  • All personal data collected through the RYYT App, website, and related services.

  • All employees, contractors, interns, and third-party vendors of Calcure Technologies who may process such data.

  • Both digital and physical forms of personal data under our control.

This Policy applies to:

  • All personal data collected through the RYYT App, website, and related services.

  • All employees, contractors, interns, and third-party vendors of Calcure Technologies who may process such data.

  • Both digital and physical forms of personal data under our control.

3. Principles of Data Protection
3. Principles of Data Protection
3. Principles of Data Protection

We commit to the following principles:

  1. Lawfulness, Fairness & Transparency – Data will be collected and processed in compliance with Indian laws, with notice and consent where required.

  2. Purpose Limitation – Data will be processed only for specified, legitimate purposes.

  3. Data Minimization – We will collect only the data necessary to deliver our services.

  4. Accuracy – We will make reasonable efforts to keep personal data accurate and up to date.

  5. Storage Limitation – Personal data will not be retained longer than necessary, unless required by law.

  6. Security & Confidentiality – Data will be secured through appropriate technical and organizational safeguards.

  7. Accountability – We will maintain documentation of data practices and compliance measures.

4. Legal Basis for Processing
4. Legal Basis for Processing
4. Legal Basis for Processing

Data processing by Calcure Technologies may be based on:

  • Consent of the data principal (user),

  • Contractual necessity for providing services,

  • Compliance with legal obligations, or

  • Legitimate interests of the Company (e.g., security, fraud prevention).

5. Roles & Responsibilities
5. Roles & Responsibilities
5. Roles & Responsibilities

  • Board/Management: Overall responsibility for compliance.

  • Data Protection Lead (may also be the Resident Grievance Officer at this stage): Responsible for overseeing implementation of this Policy.

  • Employees: Must follow data handling practices defined here and undergo training as required.

  • Third-Party Vendors: Must sign data processing agreements and follow equivalent safeguards.

6. Data Subject Rights
6. Data Subject Rights
6. Data Subject Rights

In line with the DPDP Act 2023, we will honour the following rights of Users (Data Principals):

  • Right to access personal data held by us.

  • Right to correction and erasure of inaccurate or outdated data.

  • Right to consent management, including withdrawal.

  • Right to nominate another person to exercise rights in case of incapacity or death.

Requests can be raised via [privacy@ryyt.in] or through in-app mechanisms.

7. Data Security Measures
7. Data Security Measures
7. Data Security Measures

We implement reasonable security practices as required under SPDI Rules, including:

  • Adoption of ISO/IEC 27001-aligned security controls.

  • Encryption of data in transit and at rest where feasible.

  • Role-based access controls; employee access only on a need-to-know basis.

  • Regular audits, penetration testing, and risk assessments.

  • Secure coding and vulnerability management

  • Employee confidentiality agreements and training.

8. Data Breach Management
8. Data Breach Management
8. Data Breach Management

  • Detection & Reporting: All employees and vendors must report suspected breaches immediately to the Data Protection Lead.

  • Containment: Technical and organizational measures will be taken to limit impact.

  • Notification: Where required by law, Users and authorities will be notified without undue delay.

  • Post-Incident Review: Each breach will be documented, investigated, and remediation steps tracked.

9. Data Retention & Deletion
9. Data Retention & Deletion
9. Data Retention & Deletion

  • Data will be retained only as long as necessary for the purpose collected or as required by law.

  • Inactive accounts may be deleted after 24 months of inactivity, unless legal retention is needed.

  • Data deletion requests will be honoured within a reasonable timeframe unless lawfully restricted.

10. Vendor & Third-Party Management
10. Vendor & Third-Party Management
10. Vendor & Third-Party Management

  • Vendors processing personal data must sign Data Processing Agreements.

  • Vendor compliance will be assessed periodically.

  • International transfers (if any) will comply with DPDP safeguards.

11. Training & Awareness
11. Training & Awareness
11. Training & Awareness

  • All employees handling personal data must undergo data protection training.

  • Refresher sessions will be conducted periodically to reinforce responsibilities.

12. Policy Governance & Review
12. Policy Governance & Review
12. Policy Governance & Review

  • This Policy will be reviewed annually or sooner if there are changes in law or business practices.

  • Updates will be communicated to all employees and, where appropriate, published on our website for transparency.

13. Grievance Redressal
13. Grievance Redressal
13. Grievance Redressal

In compliance with Indian law, we appoint a Resident Grievance Officer:

Name: Shuvam Sarkar
Email: shuvam@ryyt.in
Address: S3, Shantiniketan Apt. 3 no. Basunagar, Madhyamgram, Kol -129

Complaints will be acknowledged within 24 hours and resolved within 15 days.

14. Contact Information
14. Contact Information
14. Contact Information

For questions regarding this Policy:

Calcure Technologies Private Limited
S3, Shantiniketan Apt. 3 no. Basunagar, Madhyamgram, Kol -129
Email: shuvam@ryyt.in | shuvam@ryyt.in