Applicable Frameworks
Our DPA covers compliance with major data protection regulations.
DPDP Act 2023 (India)
India Digital Personal Data Protection Act
GDPR (EU)
General Data Protection Regulation
IT Act 2000 (India)
Information Technology Act
DPA Highlights
Summary of key data processing terms. Request the full document for complete details.
Data Processing Scope
- Processing limited to service provision only
- No secondary use of personal data
- Anonymous aggregation for HR insights
- Individual chat data never shared with employer
Data Subject Rights
- Right to access personal data
- Right to rectification
- Right to erasure (deletion within 72 hours)
- Right to data portability
Security Measures
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
- Regular security assessments
- Incident response procedures
Sub-processors
- AWS (Mumbai region) - Infrastructure
- Supabase - Authentication
- OpenAI - AI Processing (anonymized)
- Full sub-processor list available
Employee Privacy is Non-Negotiable
Our DPA explicitly guarantees that individual employee conversations are never shared with the employer. HR receives only anonymized, aggregate insights with a minimum of 5 users per data point.
Data Controller vs Processor
Your Organization (Controller)
Determines the purpose of processing employee wellness data
MannSetu (Processor)
Processes data only as instructed, for service provision
Important Notice
This page provides a summary of our Data Processing Agreement terms. The information here is for general guidance only and does not constitute legal advice. For the full, legally binding DPA document, please contact our legal team. Custom terms may be negotiated for Enterprise customers.