Introduction
This page describes EdgeLog's compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), notified by the Ministry of Electronics and Information Technology, Government of India. EdgeLog is committed to the principles of data minimisation, purpose limitation, and data subject rights enshrined in this Act.
The DPDP Act applies to the processing of digital personal data of persons in India. EdgeLog processes minimal personal data and has designed its architecture to comply with DPDP Act requirements.
Role: Data Fiduciary
Under the DPDP Act, EdgeLog acts as a Data Fiduciary — an entity that determines the purpose and means of processing personal data. However, due to our privacy-first design:
- EdgeLog processes almost no personal data — all trade data stays on your device
- We are classified as a Small Data Fiduciary under the Act given our limited data processing scope
- We do not engage in large-scale profiling, behavioural tracking, or automated decision-making affecting users' rights
Lawful Basis for Processing
| Data processed | Lawful basis (DPDP Act) | Detail |
|---|---|---|
| Anonymous crash reports | Legitimate Use (§7(f)) | Necessary to maintain App safety and security |
| Subscription token (Google Play) | Contract performance (§7(b)) | Required to provide paid features |
| Cloud backup data (Pro, opt-in) | Consent (§7(a)) | Explicit opt-in required; withdrawal = deletion |
| Local device data (trade journal) | Not applicable | Stored on user's own device; not processed by us |
Data Minimisation & Purpose Limitation
EdgeLog collects only the minimum data necessary to provide the service:
- No user accounts: EdgeLog requires no registration, email address, or any identifier
- No advertising: Zero advertising SDKs; no data used for ad targeting
- No analytics: No third-party analytics SDKs (Mixpanel, Firebase Analytics, etc.)
- No location data: EdgeLog never requests location permissions
- No contacts/camera: No access to device contacts, microphone, or camera
Each category of data we do collect is used only for the specific purpose stated and is not repurposed for any other use.
Rights of Data Principals
Under §11–§14 of the DPDP Act, you (the Data Principal) have the following rights:
§11 — Right to Access Information
You may request a summary of personal data we hold and the processing activities carried out. Contact our Grievance Officer to exercise this right.
§12 — Right to Correction and Erasure
You can correct or delete your data directly:
- Trade data: Edit or delete any trade entry within the App
- All local data: Settings → Data & App → Clear All Trades
- Cloud backup: Settings → Cloud Backup → Delete Backup
- Crash report data: Contact our Grievance Officer (anonymous; cannot be individually identified)
§13 — Right to Grievance Redressal
Any grievance regarding processing of your personal data may be submitted to our Grievance Officer. We will acknowledge within 3 business days and resolve within 10 business days.
§14 — Right to Nominate
You may nominate another person to exercise your DPDP rights on your behalf in the event of death or incapacity. To register a nomination, contact our Grievance Officer.
Consent Management
Where processing is based on consent (cloud backup):
- Obtaining consent: Explicit in-app toggle; you must actively enable cloud backup
- Withdrawing consent: You may disable cloud backup at any time in Settings. Withdrawal does not affect lawfulness of prior processing
- Effect of withdrawal: Cloud backup stops immediately; existing backup data is deleted within 90 days
- No conditional access: EdgeLog's core functionality is not conditioned on consent to cloud backup
Data Retention
| Data type | Retention period |
|---|---|
| Local device data (trades, journal) | Until you delete it or uninstall the App |
| Cloud backup (Pro, opt-in) | Until you delete it; or 90 days after Pro subscription ends |
| Anonymous crash reports | 90 days (aggregated, then deleted) |
| Subscription token (Google Play) | Duration of subscription; deleted on cancellation |
Security Safeguards
EdgeLog implements reasonable security measures as required under §8(5) of the DPDP Act:
- Android application sandbox isolation for all local data
- TLS 1.2+ encryption for all network communication (cloud backup)
- AES-256 encryption for cloud backup data at rest
- No storage of payment card data (delegated entirely to Google Play)
- Regular security reviews of the application code
Cross-Border Data Transfers
Local device data is never transferred outside your device. Cloud backup data (Pro, opt-in) is stored on Google Cloud servers, which may be located outside India. Google LLC participates in applicable data protection frameworks. Transfers are made under appropriate safeguards consistent with the DPDP Act's cross-border transfer provisions (§16).
Grievance Officer & Contact
As required under §13 of the DPDP Act, EdgeLog has appointed a Grievance Officer for personal data matters:
Contact & Grievance
If you are not satisfied with our response, you may escalate to the Data Protection Board of India once it is constituted under the DPDP Act.