Privacy Policy

Last updated: 6 June 2026

This policy explains how [Equiwings legal entity name] ("Equiwings", "we", "us", "our") collects, uses, shares, stores, and protects your personal data, and the rights you have over it under India's Digital Personal Data Protection Act 2023 (the "DPDP Act") and the Digital Personal Data Protection Rules 2025. Please read it alongside our Terms of Service.

1. Who we are and our role

Equiwings is operated by [Equiwings legal entity name], a company incorporated in India with its registered office at [Registered office address]. We provide a software-as-a-service platform that equestrian academies and clubs use to manage riders, horses, exams, fees, and certificates.

Under the DPDP Act, "personal data" is any data about an individual who is identifiable by or in relation to that data; a "Data Principal" is the individual the data is about; and a "Data Fiduciary" is whoever decides why and how that data is processed.

If your data was entered by an academy you belong to, that academy is your first point of contact for access or correction; we will support and, where required, act on its instructions.

2. The personal data we process

3. Children's data

Many riders are below 18. The DPDP Act treats everyone under 18 as a child and requires verifiable consent from a parent or lawful guardian before a child's personal data is processed. Accordingly:

Withdrawal of consent does not affect records we or the academy are legally required to keep (for example, financial records under tax and companies law).

4. Why we process your data

5. The legal basis for processing

We process personal data on the basis of (a) your consent, given at registration or when you provide the data, for the purposes notified to you; (b) "certain legitimate uses" permitted by the DPDP Act, such as complying with a legal obligation or responding to a medical emergency; and (c) the instructions of the academy that subscribes to the platform, where we act as its Data Processor.

6. Consent and how to withdraw it

Where we rely on consent, we ask for it through a clear notice in plain language that describes the data, the purpose, and how to exercise your rights. You may withdraw consent at any time — through the relevant setting in your account, or by writing to info@equiwings.com. Withdrawing consent is as easy as giving it, and we will stop the related processing, except where the law requires or permits us to continue. Withdrawal does not make earlier, lawful processing invalid.

7. Who we share data with

We never sell personal data. We share it only as follows:

8. Where your data is stored

The primary database and backups are hosted in India (Supabase, Mumbai / ap-south-1 region). Static assets are served through a global content delivery network for performance, and some communication gateways (email, SMS, and WhatsApp) necessarily transmit message content through their own infrastructure to deliver it. We do not transfer personal data to any country or territory restricted by the Central Government under the DPDP Act.

9. How long we keep it

We keep operational data for as long as the academy's subscription is active and you maintain an account. After that, we retain it only as long as needed for the purpose, or as the law requires — financial and tax records, for example, are kept for the period mandated by the Income Tax Act and the Companies Act 2013 (up to eight years). Audit logs are pruned after two years. When you ask us to delete your data, we schedule deletion 30 days from the request (so an accidental request can be reversed), after which the personal data is permanently deleted and any retained audit entries are anonymised.

10. Your rights as a Data Principal

The DPDP Act gives you the right to:

11. How to exercise your rights

You can do most of this yourself in the app: edit your profile to correct it, use Account → Export to obtain a copy, and use Account → Delete to request erasure. You can also write to info@equiwings.com. We will verify your identity before acting and respond within the timelines required by law. If an academy entered your data, we may need to route your request through it as the Data Fiduciary.

You also have a duty under the DPDP Act not to file false or frivolous complaints and not to impersonate another person when exercising rights.

12. Grievance Officer & the Data Protection Board

If you have a concern about how your data is handled, contact our Grievance Officer first:

Grievance Officer
[Name of Grievance Officer]
info@equiwings.com
[Registered office address], India

We will acknowledge your grievance on receipt and resolve it within 90 days. If you are not satisfied with our response, you may make a complaint to the Data Protection Board of India established under the DPDP Act.

13. How we keep data secure

We apply reasonable security safeguards, including encryption in transit (HTTPS), encrypted backups, salted password hashing, two-factor authentication for privileged accounts, rate-limited login and password-reset endpoints, security headers, role-based access control, and tenant isolation at the database layer. No system is perfectly secure; if you believe your account or data has been compromised, write to info@equiwings.com and we will investigate promptly.

14. Personal data breaches

If a personal data breach occurs, we will notify the Data Protection Board of India and each affected Data Principal in the manner and within the timelines required by the DPDP Act and the DPDP Rules 2025, describing the nature of the breach, its likely consequences, and the measures we are taking. Where we act as a Data Processor, we will also inform the relevant academy without undue delay.

15. Cookies and similar technologies

We use strictly necessary cookies to keep you signed in and to secure your session. We do not use third-party advertising or cross-site tracking cookies.

16. Changes to this policy

We may update this policy from time to time. We will notify the primary account holder by email at least 14 days before material changes take effect, and we will update the "Last updated" date above.

17. Contact us

For any privacy question, or to reach our Data Protection Officer:

Data Protection Officer
[Name of Data Protection Officer]
info@equiwings.com
[Equiwings legal entity name]
[Registered office address], India

By using Equiwings you agree to this policy and our Terms of Service.