DPA
Data Processing Agreement
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between SmartMoneyReport (smartmoney.report) and users of the platform.
1. Scope
This DPA applies to the processing of personal data by SmartMoneyReport in connection with providing its services to users, including account management, content delivery, newsletter distribution, and payment processing.
2. Definitions
- Personal Data — Any information relating to an identified or identifiable individual, as defined under the Digital Personal Data Protection Act, 2023 (DPDPA)
- Processing — Any operation performed on personal data, including collection, storage, use, and deletion
- Data Principal — The individual to whom the personal data relates (you, the user)
- Data Fiduciary — SmartMoneyReport, which determines the purpose and means of processing
3. Lawful Basis for Processing
We process personal data based on:
- Consent — When you create an account or subscribe to newsletters
- Contract — To fulfil our service obligations (premium subscriptions, account features)
- Legitimate interest — To improve our services and ensure security
4. Data Processing Activities
| Activity | Data Processed | Purpose |
|---|---|---|
| Account creation | Name, email | Service access |
| Premium subscription | Payment details | Billing |
| Newsletter | Email address | Content delivery |
| Analytics | IP, device info | Service improvement |
| Comments | Display name, content | Community features |
5. Sub-Processors
We engage the following categories of sub-processors:
- Cloud hosting providers
- Payment gateways
- Email delivery services
- Analytics platforms
All sub-processors are bound by data processing agreements.
6. Data Security
We implement technical and organisational measures including:
- Encryption of data in transit (HTTPS/TLS)
- Secure storage of credentials
- Regular security reviews
- Access controls and authentication
7. Data Retention and Deletion
- Account data is retained while the account is active
- Upon account deletion, personal data is removed within 30 days
- Anonymised analytics data may be retained indefinitely
- Legal and financial records are retained as required by Indian law
8. Your Rights Under DPDPA
As a Data Principal, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request erasure of your data
- Withdraw consent
- Nominate a representative
- File a complaint with the Data Protection Board of India
9. Cross-Border Data Transfers
Your data may be processed by service providers located outside India. Such transfers comply with applicable Indian data protection laws.
10. Contact
For data processing queries, visit our Contact page.
Last updated: April 2026