Contents
1. Who We Are
Vively Technology Solutions ("we", "us", "our") is a technology company based in Kolkata, West Bengal, India. We operate the VivelyDeploy platform — a deployment management system that provisions and manages software applications on Cloudflare infrastructure for our clients.
For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act"), we act as the Data Fiduciary for all personal data collected through VivelyDeploy.
| Detail | Information |
|---|---|
| Legal Entity | Vively Technology Solutions |
| Address | Kolkata, West Bengal, India |
| business@vivelytech.com | |
| Website | vivelytech.com |
| Platform | deploy.vivelytech.in |
2. Data We Collect
We collect the following categories of personal data when you use VivelyDeploy:
| Category | Data Points | Source |
|---|---|---|
| Identity Data | Full name, designation/title | Intake form |
| Contact Data | Email address, phone number | Intake form |
| Business Data | Business name, business type | Intake form |
| Technical Data | Cloudflare account ID, API tokens (encrypted) | Intake form (self-hosted mode) |
| Consent Data | Consent timestamp, IP address, OTP verification record | Automatically captured |
| Deployment Data | App configuration, deployment status, infrastructure identifiers | Generated during deployment |
| Communication Data | Email correspondence, support requests | Email communication |
We do NOT collect: Government-issued IDs, financial account details, health data, biometric data, or sensitive personal data as defined under the DPDP Act.
3. Purpose of Data Collection
Your data is collected and processed strictly for the following purposes:
- Deployment Services — Provisioning, deploying, and managing your software application on Cloudflare infrastructure.
- Identity Verification — Verifying your identity via OTP before processing deployment requests.
- Communication — Sending deployment status updates, credentials, certificates, support responses, and service announcements.
- Licensing & Billing — Managing subscription status, generating invoices, and processing payments.
- Platform Security — Health monitoring, audit logging, and incident response for deployed applications.
- Legal Compliance — Maintaining records required under applicable Indian law.
Purpose Limitation: We will never use your data for purposes other than those stated above without obtaining fresh consent from you, as required under Section 6 of the DPDP Act, 2023.
4. Consent
In accordance with Section 6 of the DPDP Act, we obtain your informed, free, specific, and unambiguous consent before collecting any personal data.
How We Obtain Consent
- You read and acknowledge the consent text on our intake form.
- You provide your digital signature (name and designation).
- You verify your identity via a one-time password (OTP) sent to your email.
- Your consent is recorded with a timestamp, IP address, and verification method.
Withdrawing Consent
You may withdraw your consent at any time by emailing business@vivelytech.com with the subject line "Withdraw Consent". Upon withdrawal:
- We will cease processing your personal data within 30 days.
- Active deployments may be suspended if they depend on your personal data for operation.
- This does not affect the lawfulness of processing performed before withdrawal.
5. Data Storage & Security
We implement robust technical and organizational measures to protect your data:
| Measure | Implementation |
|---|---|
| Encryption at Rest | Cloudflare API tokens are encrypted using AES-256-GCM before storage |
| Encryption in Transit | All data transmitted over HTTPS/TLS 1.3 |
| Password Hashing | bcrypt with proper salt rounds; password hashes are never returned in any API response |
| SQL Injection Protection | All database queries use parameterized statements |
| XSS Protection | User input is sanitized before rendering in HTML |
| Authentication | JWT-based authentication with token revocation on logout |
| Rate Limiting | Login and OTP endpoints are rate-limited to prevent brute force |
| Access Control | Role-based access (owner/admin) with audit logging of all privileged actions |
| Infrastructure | All data stored on Cloudflare's global network (D1, KV, R2) with enterprise-grade security |
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Category | Retention Period |
|---|---|
| Active deployment data | Duration of your service agreement |
| Consent records | 3 years from consent date (legal compliance) |
| Cloudflare API tokens | Deleted immediately after deployment completes (self-hosted mode) |
| OTP data | 10 minutes (auto-deleted) |
| Audit logs | 1 year from creation |
| Health check logs | 90 days from check date |
| Data post service termination | Deleted within 90 days of service termination |
After the retention period, data is permanently deleted from all storage systems including databases and backups.
7. Your Rights Under DPDP Act 2023
As a Data Principal under the DPDP Act, you have the following rights:
| Right | Description | How to Exercise |
|---|---|---|
| Right to Access | Obtain a summary of your personal data we hold and processing activities | Email us |
| Right to Correction | Request correction of inaccurate or incomplete personal data | Email us |
| Right to Erasure | Request deletion of your personal data | Email us or use the erasure request form |
| Right to Withdraw Consent | Withdraw previously given consent at any time | Email us |
| Right to Grievance Redressal | File a complaint about data processing | Contact our Grievance Officer |
| Right to Nominate | Nominate a person to exercise your rights in case of death or incapacity | Email us |
Response Time: We will acknowledge your request within 48 hours and complete processing within 30 days. For erasure requests, we will confirm deletion of all personal data within the 30-day period.
To exercise any of these rights, email business@vivelytech.com with the subject line "Data Rights Request — [Your Name]" and include your deployment reference ID (if applicable).
8. Grievance Officer
In accordance with Section 8(10) of the DPDP Act, we have appointed a Grievance Officer to address your concerns regarding data processing:
Grievance Officer: Abhinaba Dey
Email: business@vivelytech.com
Response Time: Within 48 hours of receiving your complaint
Resolution Time: Within 30 days
If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India as established under the DPDP Act, 2023.
9. Data Breach Notification
In the event of a personal data breach, we will:
- Notify the Data Protection Board of India within 72 hours of becoming aware of the breach.
- Notify all affected Data Principals (users) via email without undue delay.
- Provide details of: the nature of the breach, data affected, remedial measures taken, and contact information for further queries.
- Maintain a documented record of all breaches, including those not reported to the Board.
Our breach notification emails include the incident summary, detection time, actions taken, and contact information for our Grievance Officer.
10. Third-Party Data Processors
We engage the following third parties as Data Processors on our behalf:
| Processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Cloudflare, Inc. | Infrastructure hosting (Workers, D1, KV, R2, Pages) | All deployment and configuration data | Global (US-headquartered) |
| Brevo (Sendinblue) | Transactional email delivery | Email address, name | EU (France) |
All processors are bound by data processing agreements that require them to implement appropriate security measures and process data only as instructed by us.
Cross-Border Transfer: Your data may be processed in jurisdictions outside India through our infrastructure providers. We ensure that such transfers include adequate safeguards as required by the DPDP Act.
11. Cookies & Tracking
The VivelyDeploy platform uses minimal browser storage:
- JWT Authentication Token — stored in localStorage to maintain your admin session. Automatically cleared on logout.
- No analytics cookies — we do not use Google Analytics, Facebook Pixel, or any third-party tracking.
- No advertising cookies — we do not serve ads or track you across websites.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:
- We will update the "Last Updated" date at the bottom of this page.
- We will notify affected users via email for significant changes.
- Continued use of VivelyDeploy after changes constitutes acceptance, unless fresh consent is required under the DPDP Act.
13. Contact Information
For any questions about this Privacy Policy or your personal data, please contact us:
Vively Technology Solutions
Email: business@vivelytech.com
Website: vivelytech.com
Platform: deploy.vivelytech.in