DPDP Compliance

Digital Personal Data Protection Act, 2023

Last updated: April 25, 2026

Our Commitment

My Portfoly is fully committed to complying with the Digital Personal Data Protection Act, 2023 (DPDP Act), India's landmark data protection legislation. As a financial data platform, we recognise the sensitivity of your personal and financial information and have built our systems with privacy at their core.

This page explains how we implement DPDP requirements and how you can exercise your rights as a Data Principal.

Your Rights as a Data Principal

Right to Information

Know what personal data we process about you and why.

Right of Correction

Correct inaccurate or incomplete personal data at any time.

Right of Erasure

Request deletion of your personal data, subject to legal retention requirements.

Right of Grievance Redressal

Raise a complaint and receive a response within a reasonable time.

Right to Nominate

Nominate another individual to exercise your rights in case of incapacity or death.

Right to Withdraw Consent

Withdraw your consent for processing at any time without affecting legality of prior processing.

To exercise any of these rights, email our Data Protection Officer at privacy@myportfoly.com. We will respond within 72 hours.

Technical & Organisational Measures

Consent Management

Granular, purpose-specific consent collected at sign-up and feature onboarding

Data Minimisation

We collect only data necessary to deliver the Service

Storage Limitation

Data retained only as long as required; deleted within 30 days of account closure

Encryption

AES-256 at rest, TLS 1.3 in transit

Access Controls

Row-level security in Supabase; no employee can access your financial data in plain text

Data Localisation

All personal data stored on servers located within India

Breach Notification

Affected users notified within 72 hours of a confirmed data breach

Third-party Processors

All sub-processors bound by data processing agreements aligned to DPDP Act requirements

Consent Framework

Under the DPDP Act, we process personal data only with your free, specific, informed, and unambiguous consent. Here is how we manage consent:

  • Consent is obtained before any personal data processing begins
  • Each processing purpose is explained clearly in plain language
  • You can withdraw consent at any time via Settings → Privacy
  • Withdrawing consent does not affect the legality of prior processing
  • We do not bundle consent — optional features require separate consent

Contact Our Data Protection Officer

Data Protection Officer — My Portfoly

Email: privacy@myportfoly.com

For urgent data breach reports: security@myportfoly.com

We aim to respond to all DPDP-related requests within 72 hours.

Privacy PolicyTerms of ServiceCookie Policy