Art & Audience: Story Bank Service
Effective Date: August 26, 2025 Last Updated: August 26, 2025
1. INTRODUCTION Art & Audience (“we”, “us”, “our”) is committed to protecting the privacy and security of personal data collected through our Story Bank digital timestamping service. This Privacy Policy explains how we collect, use, process, and protect your personal information in compliance with the Digital Personal Data Protection Act, 2023 (“DPDPA”), Information Technology Act, 2000, and other applicable Indian privacy laws.
2. DATA CONTROLLER INFORMATION Data Fiduciary: Art & Audience Business Address: #677, Ground Floor, 11th Main Road, Opp. Head Post Office, Sri Raghavendra Mutt Road, 4th Block, Jayanagar, Bengaluru – 560011, Karnataka, India. Email: contact@artandaudience.com Grievance Officer: Teshee Venkatesh (Proprietor), grievance@artandaudience.com
3. PERSONAL DATA WE COLLECT 3.1 Registration Information: Full name and professional details. Email address (primary identifier). Mobile phone number. Postal address. Payment information (processed through third-party gateways). 3.2 Technical Information: IP addresses and browser information. Device identifiers and operating system details. Login timestamps and session data. File metadata and verification data. 3.3 Document Information: Encrypted file contents (password-protected PDFs). File names, sizes, and creation dates. Verification data and submission timestamps. 3.4 Communication Data: OTP verification records. Email communications and notifications. Support inquiries and responses.
4. LEGAL BASIS FOR PROCESSING We process personal data based on the following lawful grounds under the DPDPA: 4.1 Consent: Explicit consent obtained during registration for service provision. 4.2 Contractual Necessity: Processing required to fulfill our digital timestamping services. 4.3 Legal Obligation: Compliance with applicable regulations. 4.4 Legitimate Interest: Fraud prevention, security monitoring, and service improvement.
5. PURPOSE OF DATA PROCESSING 5.1 Service Delivery: Identity verification and authentication. Secure document processing and storage. Digital certificate generation and issuance. Payment processing and verification. 5.2 Security and Compliance: Fraud prevention and detection. System security monitoring. Audit trail maintenance. Regulatory compliance reporting. 5.3 Customer Support: Responding to user inquiries. Technical support provision. Service improvement feedback.
6. DATA SHARING AND DISCLOSURE 6.1 Third-Party Service Providers: Payment processors (governed by their privacy policies). Secure cloud storage providers. Communication service providers for OTP and notifications. 6.2 Legal Disclosure: We may disclose personal data when required by court orders, law enforcement, or regulatory authorities under proper authority, or to protect our legal rights and user safety. 6.3 No Commercial Sharing: We do not sell, rent, or commercially exploit personal data to third parties.
7. INTERNATIONAL DATA TRANSFERS 7.1 Cloud Storage: Documents may be stored on infrastructure involving international data transfers, subject to appropriate safeguards. 7.2 Safeguards: All international transfers are protected by standard contractual clauses, adequate security measures, and compliance with DPDPA provisions.
8. DATA RETENTION We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means, and the applicable legal requirements.
9. DATA SECURITY MEASURES 9.1 Technical Safeguards: Industry-standard encryption for data at rest and in transit, multi-factor authentication, and regular vulnerability assessments. 9.2 Administrative Safeguards: Role-based access controls, employee confidentiality agreements, security training, and incident response procedures. 9.3 Physical Safeguards: Secure infrastructure with redundant backups and monitoring.
10. YOUR RIGHTS UNDER DPDPA As a data principal, you have the following rights: 10.1 Right to Information: Obtain details about data processing activities. 10.2 Right of Access: Request copies of your personal data. 10.3 Right to Correction: Request correction of inaccurate data. 10.4 Right to Erasure: Request deletion of personal data (subject to legal retention requirements). 10.5 Right to Grievance Redressal: File complaints with our grievance officer. 10.6 Right to Nominate: Appoint a representative for rights exercise in case of incapacity or death.
11. EXERCISING YOUR RIGHTS 11.1 Contact Information: Grievance Officer: Teshee Venkatesh (Proprietor). Email: grievance@artandaudience.com. Response Time: 30 days maximum. 11.2 Verification: Identity verification required for all data subject requests. 11.3 Limitations: Some rights may be limited by legal retention requirements or legitimate business interests.
12. COOKIES AND TRACKING 12.1 Essential Cookies: Used for session management and security. 12.2 Functional Cookies: Enable platform features and user preferences. 12.3 No Advertising Cookies: We do not use cookies for advertising or behavioral tracking. 12.4 Cookie Control: Users can manage cookie preferences through browser settings.
13. CHILDREN’S PRIVACY 13.1 Age Restriction: Our service is not intended for individuals under 18 years of age. 13.2 Parental Consent: Required for users under 18 with legal guardian supervision. 13.3 Data Minimization: Special protections apply for any data concerning minors.
14. DATA BREACH NOTIFICATION 14.1 Internal Procedures: Immediate assessment and containment protocols. 14.2 Regulatory Reporting: Notification to the Data Protection Board within prescribed timelines when required. 14.3 User Notification: Individual notification when high risk to rights and freedoms is identified. 14.4 Remedial Actions: Immediate steps to mitigate impact and prevent recurrence.
15. COMPLIANCE MONITORING 15.1 Regular Audits: Annual data protection impact assessments. 15.2 Staff Training: Ongoing privacy awareness and compliance training. 15.3 Policy Updates: Regular review and updates based on legal changes. 15.4 Third-Party Assessments: Independent security and privacy evaluations.
16. UPDATES TO PRIVACY POLICY 16.1 Notification: Material changes communicated via email and platform notices. 16.2 Effective Date: Changes effective 30 days after notification. 16.3 Consent: Continued use constitutes acceptance of updated terms. 16.4 Version Control: Previous versions available upon request.
17. CONTACT AND COMPLAINTS 17.1 Data Protection Queries: Email: privacy@artandaudience.com. Phone: 9945944685. Address: #677, Ground Floor, 11th Main Road, Opp. Head Post Office, Sri Raghavendra Mutt Road, 4th Block, Jayanagar, Bengaluru – 560011, Karnataka, India. 17.2 Grievance Redressal: Internal grievance officer contact details above. External: Data Protection Board of India. 17.3 Response Commitment: Acknowledgment within 48 hours, resolution within 30 days.
18. GOVERNING LAW This Privacy Policy is governed by Indian law, including the Digital Personal Data Protection Act, 2023; Information Technology Act, 2000 and Rules; and Consumer Protection Act, 2019.