DPDP compliance at HAIP
India's Digital Personal Data Protection Act in plain English — what it asks for, what HAIP gives you out of the box, and how we partner with you to meet your obligations as a data fiduciary.
Six DPDP principles
How HAIP implements each
Lawful processing
We process guest data only with consent or for the legitimate operation of the hospitality service you provide.
Purpose limitation
Guest data is used only for guest communication, AI assist, QA scoring and analytics. Not for cross-tenant model training.
Data minimisation
PII redacted before transcripts reach the LLM. Tokenised card / Aadhaar / PAN / phone / email.
Transparency
Public sub-processor registry, public audit posture, plain-English DPA template.
Storage limitation
Default 90-day hot, lifecycle to cold tier. Configurable retention per tenant. Delete-on-request within 30 days.
Accountability
Hash-chained audit log of every score, override, export, login, role change — 5-year retention.
Data principal rights
Your guests' rights · how we help you honour them
Right to access
Guests can request a copy of their data via your support workflow; we return a structured export within 30 days.
Right to correction
Guests can request corrections to inaccurate data; you action it in HAIP and we audit-log the change.
Right to erasure
Guest record + linked rows + recordings purged within 30 days; entry logged in the audit chain.
Right to grievance redressal
Reach our Data Protection Officer at dpo@haip.app. SLA: acknowledgement < 1 working day, resolution < 30 days.
Need our DPDP pack for your audit?
We'll share our DPA template, sub-processor registry, retention schedule, and architecture diagram with your compliance team — typically over a 30-minute call.